SSH keys are a convenient way to perform passwordless authentication with the cluster's ssh interface. These are generated using ssh-keygen
on your linux-like workstation (linux, Mac, or Windows WSL). You can generate either with or without a local passphrase, which provides more security, although it slows some single-command functions like scp
. SSH keys are older technology that have unlimited lifetime, and are distinct from time-limited X509_keys,though either can be used for passwordless authentication.
After you generate the key with ssh-keygen
on your workstation, copy the new public key ~/.ssh/id_ecdsa.pub
to your home directory on the cluster (not the corresponding ~/.ssh
directory on the cluster, where it might overwrite the cluster's keys). You will still need a password and working login for this file copy, or you can use the file manager on the OOD or Globus portals, as the key is not active yet.
Then ssh
to the cluster (using a password, or a saved session, or the terminal on the OOD portal), and append the transferred public key to ~/.ssh/authorized_keys
on the cluster using the editor or the concatenate operator ». Don't use the replace operator >, which will overwrite any existing authorized keys, some of which are needed by the cluster. Your succeeding ssh/scp/sftp
logins should be passwordless.
[rfeynman@workstation ~]$ ssh-keygen -t ecdsa Generating public/private ecdsa key pair. Enter file in which to save the key (/home/rfeynman/.ssh/id_ecdsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/rfeynman/.ssh/id_ecdsa Your public key has been saved in /home/rfeynman/.ssh/id_ecdsa.pub The key fingerprint is: SHA256:G0nsMz3AVVX22LkwT6JJM723pMWfpCD/Gu/mluZmUA0 rfeynman@workstation The key's randomart image is: +---[ECDSA 256]---+ | ooooo. | | . oE+ .. | | + = Oo | | . = @.=. | | + o.S + | | o.* X o | | +.+.o | | +B | | .@* | +----[SHA256]-----+ [rfeynman@workstation ~]$ ls -al .ssh/id_ecdsa* -rw------- 1 rfeynman rfeynman 505 Feb 11 14:53 id_ecdsa -rw-r--r-- 1 rfeynman rfeynman 177 Feb 11 14:53 id_ecdsa.pub [rfeynman@workstation ~]$ scp .ssh/id_ecdsa.pub rfeynman@hpc-portal2.hpc.uark.edu:/home/rfeynman/ rfeynman@hpc-portal2's password: hpc-portal2:rfeynman:$ exit [rfeynman@workstation ~]$ ssh rfeynman@hpc-portal2.hpc.uark.edu rfeynman@hpc-portal2's password: Last login: Sun Feb 11 14:55:05 2024 from 165.224.131.232 hpc-portal2:rfeynman:$ cat id_ecdsa.pub >> .ssh/authorized_keys hpc-portal2:rfeynman:$ exit [rfeynman@workstation ~]$ ssh rfeynman@hpc-portal2.hpc.uark.edu Last login: Sun Feb 11 14:56:11 2024 from 165.224.131.232 hpc-portal2:rfeynman:$