User Tools

Site Tools


ssh_certificates

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
ssh_certificates [2023/08/21 20:59]
pwolinsk
ssh_certificates [2023/09/18 12:21] (current)
pwolinsk
Line 6: Line 6:
 * SSH public certificate (key-ed25519-cert.pub) * SSH public certificate (key-ed25519-cert.pub)
  
-Both files are generated on the Pinnacle cluster.+Both files are generated automatically on the Pinnacle cluster and stored in ''$HOME/.ssh/certs'' directory for each user.
  
-== Downloading the SSH Certificate file pair ==+=== Downloading the SSH Certificate file pair === 
  
 To download the SSH certificate file pair: To download the SSH certificate file pair:
-  + 
-- Logging into **[[https://arp-ood.hpc.uark.edu]]**+**1.** Log into **[[https://arp-ood.hpc.uark.edu]]**
  
 {{:ssh-cert.png?400|}} {{:ssh-cert.png?400|}}
  
-In the main menu at the top select: **Files->SSH Certificate Update**+**2.** In the main menu at the top select: **Files->SSH Certificate Update**
  
 {{:ssh-cert2.png?400|}} {{:ssh-cert2.png?400|}}
  
-Select check boxes next to both of the listed filesand at the top click the **Download** button. +**3.** Select check boxes next to both of the listed filesand at the top click the **Download** button.
-- On Linux and MacOS machines make sure the file permissions for the SSH private key (key-ed25519) are read only for the owner (400):+
  
 +**4.** On Linux and MacOS machines make sure the file permissions for the SSH private key (key-ed25519) are read only for the owner (400):
 <code> <code>
 pawel@dia:~/Downloads$ chmod 400 key-ed25519 pawel@dia:~/Downloads$ chmod 400 key-ed25519
Line 28: Line 28:
 -r-------- 1 pawel pawel 399 May 19 05:34 key-ed25519 -r-------- 1 pawel pawel 399 May 19 05:34 key-ed25519
 pawel@dia:~/Downloads$ pawel@dia:~/Downloads$
-<code> +</code>  
 + 
 + 
 +=== Logging into Pinnacle using SSH Certificates === 
 + 
 +SSH client allows users to pass an //identity file// to the ssh server.  On a Linux or MacOS machine include //-i <SSH private key>// to the ssh command form the directory containing the SSH certificate file pair: 
 + 
 +<code> 
 +pawel@dia:~/Downloads$ ls -l key* 
 +-r-------- 1 pawel pawel  399 May 19 05:34 key-ed25519 
 +-rw-rw-r-- 1 pawel pawel 1227 Aug 21 16:11 key-ed25519-cert.pub 
 +pawel@dia:~/Downloads$ ssh -i key-ed25519 pwolinsk@arp-ood.hpc.uark.edu 
 + 
 +      Arkansas High Performance Computing Center 
 +  
 + 
 +      SSH access only using timed certificates.  
 +      Download your <private_key>/<certificate> pair by logging into 
 + 
 +      http://arp-ood.hpc.uark.edu   Files->SSH Certificate Update 
 + 
 +      chmod 400 <private_key> 
 +      ssh -i <private_key> <username>@arp-ood.hpc.uark.edu 
 + 
 + 
 +Arkansas Research Platform 
 + 
 +Last login: Mon Aug 21 15:08:50 2023 from 167.224.147.47 
 +ood-rocky:pwolinsk:~$  
 +</code>  
 + 
 +On Windows, SSH clients (including GUI) may have a different syntax for specifying an identity file.  Please see documentation for your particular SSH client. 
  
 +=== Certificate Validity Period ===
 +The SSH private key (key-ed25519), once generated and downloaded to the SSH client machine does not change.  However, the SSH public certificate expires every Monday at 8 am CST.  After that time it has to be regenerated and downloaded again to the SSH client machine (as described above in **Downloading the SSH Certificate file pair
 +**).
  
-== Certificate Validity Period == +{{ :ssh-login.mp4 |}}
-The SSH private key (key-ed25519), once generated and downloaded to the SSH client machine does not change.  However, the SSH public certificate is valid for 12 hours.  After that period it has to be regenerated and downloaded again to the SSH client machine (as described in the previous section).+
ssh_certificates.1692651591.txt.gz · Last modified: 2023/08/21 20:59 by pwolinsk