SSH keys are a convenient way to perform passwordless authentication with the cluster's ssh interface. These are generated using ssh-keygen
on your workstation (linux, Mac, or WSL). You can generate either with or without a local passphrase, which provides more security although it slows some single-command functions like scp
. SSH keys are distinct from time-limited X509_keys,though either can be used for passwordless authentication.
After you generate the key with ssh-keygen
, copy the new public key from your workstation ~/.ssh/id_ecdsa.pub
to your home directory on the cluster (not the ~/.ssh
directory on the cluster, where it might overwrite the cluster's keys). You will still need a password for this file copy, or the file manager on the OOD or Globus portals, as the key is not active yet.
Then ssh
to the cluster (using a password, or a saved session, or the terminal on the OOD portal), and append the transferred public key to ~/.ssh/authorized_keys
on the cluster using the editor or the concatenate operator ». Don't use the replace operator > which will overwrite any existing authorized keys, some of which are needed by the cluster. Your succeeding ssh logins should be passwordless.
[rfeynman@workstation ~]$ ssh-keygen -t ecdsa Generating public/private ecdsa key pair. Enter file in which to save the key (/home/rfeynman/.ssh/id_ecdsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/rfeynman/.ssh/id_ecdsa Your public key has been saved in /home/rfeynman/.ssh/id_ecdsa.pub The key fingerprint is: SHA256:G0nsMz3AVVX22LkwT6JJM723pMWfpCD/Gu/mluZmUA0 rfeynman@workstation The key's randomart image is: +---[ECDSA 256]---+ | ooooo. | | . oE+ .. | | + = Oo | | . = @.=. | | + o.S + | | o.* X o | | +.+.o | | +B | | .@* | +----[SHA256]-----+ [rfeynman@workstation ~]$ ls -al .ssh/id_ecdsa* -rw------- 1 rfeynman rfeynman 505 Feb 11 14:53 id_ecdsa -rw-r--r-- 1 rfeynman rfeynman 177 Feb 11 14:53 id_ecdsa.pub [rfeynman@workstation ~]$ scp .ssh/id_ecdsa.pub rfeynman@hpc-portal2.hpc.uark.edu:/home/rfeynman/ rfeynman@hpc-portal2's password: hpc-portal2:rfeynman:$ exit [rfeynman@workstation ~]$ ssh rfeynman@hpc-portal2.hpc.uark.edu rfeynman@hpc-portal2's password: Last login: Sun Feb 11 14:55:05 2024 from 165.224.131.232 hpc-portal2:rfeynman:$ cat id_ecdsa.pub >> .ssh/authorized_keys hpc-portal2:rfeynman:$ exit [rfeynman@workstation ~]$ ssh rfeynman@hpc-portal2.hpc.uark.edu Last login: Sun Feb 11 14:56:11 2024 from 165.224.131.232 hpc-portal2:rfeynman:$