SSH tutorial

From athena

A more complete discussion on generating and using SSH keys is available at SSH Keys.

[edit] Creating SSH keys for access to Athena

The command to generate ssh keys is ssh-keygen. You can get a quick reminder on how to use ssh-keygen by simply typing ssh-keygen -h. For our purposes, let's start with generating an ssh key with "-t rsa" (encryption using RSA) and "-b 1024" (1024 bits.) 

desktop:~ richardc$ ssh-keygen -t rsa -b 1024
Generating public/private rsa key pair.
Enter file in which to save the key (/astro/users/richardc/.ssh/id_rsa): 
Created directory '/astro/users/richardc/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /astro/users/richardc/.ssh/id_rsa.
Your public key has been saved in /astro/users/richardc/.ssh/id_rsa.pub.
The key fingerprint is:
49:d8:9a:76:c1:fa:3e:a7:7a:c3:68:02:e3:ef:87:ff richardc@desktop.local
desktop:~ richardc$

As you can see above, the user typed a passphrase twice. After you type an appropriate passphrase (see notes below) your private key (id_rsa) is stored in the .ssh directory in your home directory as well as your public key (id_rsa.pub).

[edit] Quick Note on passphrases

PLEASE DO NOT USE EMPTY PASSPHRASES!!! This is security risk for you and your fellow researchers. A typical passphrase is like a clever sentence that has over 5 words, first letter capitalized, and punctuation where necessary. Other folks have other preferences. Ideally, you want at least a 16 character passphrase for "good" security practices. Passphrases should not be the same as your login password for similar security concerns.

[edit] Logging in

Once you have generated you public/private key pair, email your public key (not your private key :) along with your request for an account to help@phys.washington.edu. This will be in the file id_rsa.pub or id_dsa.pub (if you selected DSA encryption).

Once your public key has been installed, you mush ssh to athena0.npl.washington.edu from a machine that has access to the private key (i.e. it seem the same ~/.ssh directory in which your created the key pair). Note that this machine must be on the UW campus. athena0.npl.washington.edu is not accessible from off campus.

SSH key are a powerful, convenient, and secure way of logging into systems. See the SSH Keys article for more documentation on how to use ssh-add and ssh key forwarding.