wiki:sshAgent

Manually setting up ssh-agent on PUMA

Note: We no longer recommend following these instructions - instead go to: http://cms.ncas.ac.uk/wiki/ArcherSshAgent

This page lists the steps to manually set up the ssk keys and ssh-agent, and is included for reference only.


Please Note: These instructions assume that you DO NOT already have an ssh-key set up on PUMA.

  1. Generate the authentication key on PUMA
     puma$ ssh-keygen -f ~/.ssh/id_rsa -C "<username>@puma.nerc.ac.uk"
     Generating public/private rsa key pair.
     Enter passphrase(empty for no passphrase): [TYPE_YOUR_PASSPHRASE]
     Enter same passphrase again: [TYPE_YOUR_PASSPHRASE]
     Your identification has been saved in ~/.ssh/id_rsa.
     Your public key has been saved in ~/.ssh/id_rsa.pub.
     The key fingerprint is:
     md5 1024 [String of characters] <username>@puma.nerc.ac.uk
    

[TYPE-YOUR-PASSPHRASE] is a fairly complicated and unguessable passphrase. You can use spaces in the pass phrase if it helps you to remember it more readily. It is recommended that you don't use your password just in case this is hacked. Note: Please DO NOT use an empty passphrase as this presents a security issue.

  1. Add the public key to the ~/.ssh/authorized_keys file on ARCHER.

To achieve this in a secure manner, do the following:

puma$ cat ~/.ssh/id_rsa.pub | ssh <username>@login.archer.ac.uk 'mkdir -p .ssh ; cat - >> ~/.ssh/authorized_keys'
[Enter your ARCHER password]

(NB: Sometimes, even though the file is copied across successfully, the above command will hang. In which case, do a Cntl-C to exit, and login to the remote platform and verify the file .ssh.authorized_keys has arrived safely)

  1. Verify the authentication works:
    puma$ ssh <username>@login.archer.ac.uk
    Enter passphrase for key '<username>'@puma.nerc.ac.uk: [Type Passphrase]
    

If you don't get the prompt for your RSA key (i.e. asked for your Passphrase), then something has gone wrong. Make sure the public key, step 2 above, was successfully copied over to ARCHER.

  1. Make sure your ssh keys are safe:
    puma$ chmod -R 700 .ssh
    ARCHER$ chmod -R 700 .ssh
    
  1. Make the ssh-agent automatically start-up when your session runs.

5.1 Copy my setup script to $HOME/.ssh/setup, and ensure it has execute permission:

puma$ chmod u+x $HOME/.ssh/setup

5.2 Call this script from your .kshrc or .bashrc (ksh or bash shell respectively) file by adding the following line. If you don't have a .kshrc/.bashrc file at it to your .profile.

. $HOME/.ssh/setup

  1. Run the following command and type your passphrase (you may need to do this every time a new ssh-agent is started - ie. every time you re-start your local session):
    puma$ ssh-add
    Enter passphrase for ~/.ssh/id_rsa (<username>@puma.nerc.ac.uk): [Type Passphrase]
    
Last modified 4 years ago Last modified on 12/04/15 12:50:32