Arkansas High Performace Computing Center [hpcwiki]

User Tools

Site Tools

Trace: gromacs2023 ssh_certificates
ssh_certificates

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
ssh_certificates [2023/08/21 20:27]
pwolinsk 		ssh_certificates [2023/09/18 12:21] (current)
pwolinsk
Line 6: Line 6:
 * SSH public certificate (key-ed25519-cert.pub) * SSH public certificate (key-ed25519-cert.pub)
  
-Both files are generated on the Pinnacle cluster.+Both files are generated automatically on the Pinnacle cluster and stored in ''$HOME/.ssh/certs'' directory for each user.
  
-== Downloading the SSH Certificate file pair ==+=== Downloading the SSH Certificate file pair === 
  
-The pair of needed files can be downloaded by logging into+To download the SSH certificate file pair:
  
-https://arp-ood.hpc.uark.edu+**1.** Log into **[[https://arp-ood.hpc.uark.edu]]**
  
 {{:ssh-cert.png?400|}} {{:ssh-cert.png?400|}}
  
-Then in the main menu select: Files->SSH Certificate Update+**2.** In the main menu at the top select: **Files->SSH Certificate Update**
  
 {{:ssh-cert2.png?400|}} {{:ssh-cert2.png?400|}}
  
-Check both of the listed files, and at the top click the "Downloadbutton.+**3.** Select check boxes next to both of the listed filesand at the top click the **Download** button.
  
-== Certificate Validity Period == +**4.** On Linux and MacOS machines make sure the file permissions for the SSH private key (key-ed25519) are read only for the owner (400): 
-The SSH private key (key-ed25519), once generated and downloaded to the SSH client machine does not change.  However, the SSH public certificate is valid for 12 hours.  After that period it has to be regenerated and downloaded again to the SSH client machine (as described in the previous section).+<code> 
 +pawel@dia:~/Downloads$ chmod 400 key-ed25519 
 +pawel@dia:~/Downloads$ ls -l key-ed25519 
 +-r-------- 1 pawel pawel 399 May 19 05:34 key-ed25519 
 +pawel@dia:~/Downloads$ 
 +</code>  
 + 
 + 
 +=== Logging into Pinnacle using SSH Certificates === 
 + 
 +SSH client allows users to pass an //identity file// to the ssh server.  On a Linux or MacOS machine include //-i <SSH private key>// to the ssh command form the directory containing the SSH certificate file pair: 
 + 
 +<code> 
 +pawel@dia:~/Downloads$ ls -l key* 
 +-r-------- 1 pawel pawel  399 May 19 05:34 key-ed25519 
 +-rw-rw-r-- 1 pawel pawel 1227 Aug 21 16:11 key-ed25519-cert.pub 
 +pawel@dia:~/Downloads$ ssh -i key-ed25519 pwolinsk@arp-ood.hpc.uark.edu 
 + 
 +      Arkansas High Performance Computing Center 
 +  
 + 
 +      SSH access only using timed certificates.  
 +      Download your <private_key>/<certificate> pair by logging into 
 + 
 +      http://arp-ood.hpc.uark.edu   Files->SSH Certificate Update 
 + 
 +      chmod 400 <private_key> 
 +      ssh -i <private_key> <username>@arp-ood.hpc.uark.edu 
 + 
 + 
 +Arkansas Research Platform 
 + 
 +Last login: Mon Aug 21 15:08:50 2023 from 167.224.147.47 
 +ood-rocky:pwolinsk:~$  
 +</code>  
 + 
 +On Windows, SSH clients (including GUI) may have a different syntax for specifying an identity file.  Please see documentation for your particular SSH client. 
 + 
 + 
 +=== Certificate Validity Period === 
 +The SSH private key (key-ed25519), once generated and downloaded to the SSH client machine does not change.  However, the SSH public certificate expires every Monday at 8 am CST.  After that time it has to be regenerated and downloaded again to the SSH client machine (as described above in **Downloading the SSH Certificate file pair 
 +**). 
 + 
 +{{ :ssh-login.mp4 |}}
ssh_certificates.1692649635.txt.gz · Last modified: 2023/08/21 20:27 by pwolinsk

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
GNU Free Documentation License 1.3 Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki