Arkansas High Performace Computing Center [hpcwiki]

User Tools

Site Tools

Trace: equipment federated_identity_login ssh_certificates
ssh_certificates

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
ssh_certificates [2023/08/21 21:14]
pwolinsk 		ssh_certificates [2023/09/18 12:21] (current)
pwolinsk
Line 8: Line 8:
 Both files are generated automatically on the Pinnacle cluster and stored in ''$HOME/.ssh/certs'' directory for each user. Both files are generated automatically on the Pinnacle cluster and stored in ''$HOME/.ssh/certs'' directory for each user.
  
-=== Downloading the SSH Certificate file pair ===+=== Downloading the SSH Certificate file pair === 
  
 To download the SSH certificate file pair: To download the SSH certificate file pair:
-   Log into **[[https://arp-ood.hpc.uark.edu]]**+ 
 +**1.** Log into **[[https://arp-ood.hpc.uark.edu]]** 
 {{:ssh-cert.png?400|}} {{:ssh-cert.png?400|}}
-   In the main menu at the top select: **Files->SSH Certificate Update**+ 
 +**2.** In the main menu at the top select: **Files->SSH Certificate Update** 
 {{:ssh-cert2.png?400|}} {{:ssh-cert2.png?400|}}
-   Select check boxes next to both of the listed filesand at the top click the **Download** button. + 
-   - On Linux and MacOS machines make sure the file permissions for the SSH private key (key-ed25519) are read only for the owner (400):+**3.** Select check boxes next to both of the listed filesand at the top click the **Download** button. 
 + 
 +**4.** On Linux and MacOS machines make sure the file permissions for the SSH private key (key-ed25519) are read only for the owner (400):
 <code> <code>
 pawel@dia:~/Downloads$ chmod 400 key-ed25519 pawel@dia:~/Downloads$ chmod 400 key-ed25519
Line 27: Line 33:
 === Logging into Pinnacle using SSH Certificates === === Logging into Pinnacle using SSH Certificates ===
  
-SSH client allows users to pass an //identity file// to the ssh server.  On a Linux or MacOS machine include //-i <SSH private key>// to the ssh command:+SSH client allows users to pass an //identity file// to the ssh server.  On a Linux or MacOS machine include //-i <SSH private key>// to the ssh command form the directory containing the SSH certificate file pair:
  
 <code> <code>
Line 52: Line 58:
 ood-rocky:pwolinsk:~$  ood-rocky:pwolinsk:~$ 
 </code>  </code> 
 +
 +On Windows, SSH clients (including GUI) may have a different syntax for specifying an identity file.  Please see documentation for your particular SSH client.
 +
  
 === Certificate Validity Period === === Certificate Validity Period ===
-The SSH private key (key-ed25519), once generated and downloaded to the SSH client machine does not change.  However, the SSH public certificate is valid for 12 hours.  After that period it has to be regenerated and downloaded again to the SSH client machine (as described in the previous section).+The SSH private key (key-ed25519), once generated and downloaded to the SSH client machine does not change.  However, the SSH public certificate expires every Monday at 8 am CST.  After that time it has to be regenerated and downloaded again to the SSH client machine (as described above in **Downloading the SSH Certificate file pair 
 +**). 
 + 
 +{{ :ssh-login.mp4 |}}
ssh_certificates.1692652445.txt.gz · Last modified: 2023/08/21 21:14 by pwolinsk

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
GNU Free Documentation License 1.3 Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki