Changes between Version 49 and Version 50 of Documentation/bAccountManagement/DSSHConf
- Timestamp:
- Jun 21, 2018, 7:47:10 PM (6 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Documentation/bAccountManagement/DSSHConf
v49 v50 2 2 == Configuring SSH Keys == 3 3 4 ORBIT access machines are configured to allow login only by public key authentication, which let users log into consoles without the need to use their user's passwords. This requires users to configure their SSH client to use their private key instead of password and to register their public key(s) with the ORBIT infrastructure. This page describes the procedure for generating the key pair and configuring client side for selected platforms. 4 SSH access to ORBIT machines requires the use of public key authentication. If you try to connect using the username and password that you use for accessing the scheduler and status pages, you will receive the following message: 5 5 6 === Generating SSH Keys === 6 {{{ 7 Permission denied (publickey). 8 }}} 9 10 You need to configure the SSH client on your computer to use a private key for connecting to ORBIT machines instead of a password. Additionally, the corresponding public key needs to be added to your ORBIT account. This page describes the procedure for generating a public/private key pair, configuring your SSH client, and uploading the necessary public key to your ORBIT account. The instructions here are for specific SSH client software, if you use a different SSH client than those referenced here, please follow the documentation provided with that SSH client and use the instructions here for reference. 11 12 === Select the OS of your computer === 7 13 8 14 [[CollapsibleStart(Linux)]] 9 Each distribution has their own location for the specific generation tools. The documentation for Ubuntu is located10 [https://help.ubuntu.com/community/SSH/OpenSSH/Keys here]. The generation process can be done with the ssh-keygen utility.11 15 12 To create your public and private SSH keys on the command-line: 16 ''NOTE: These instructions are NOT for Ubuntu installed using Windows Susbsystem for Linux (WSL).'' 17 18 ==== Generating keys ==== 19 Each distribution has their own location for the specific generation tools. These instructions are based on the documentation for Ubuntu ([https://help.ubuntu.com/community/SSH/OpenSSH/Keys located here]). 20 21 To create your public and private SSH keys, open a command-line terminal and type: 13 22 {{{ 14 23 ssh-keygen -t rsa 24 }}} 25 You will be prompted for a location to save the keys, and a passphrase for the keys which we highly recommend. This passphrase will protect your private key while it's stored on the hard drive: 26 {{{ 15 27 Generating public/private rsa key pair. 16 28 Enter file in which to save the key (...): … … 22 34 }}} 23 35 24 This process will generate and store a private key and a public key file. The public key file will be named id_rsa.pub, and the private key will be stored in the file you specify when prompted. [#Upload Upload] your new public key to your orbit account. 25 [[CollapsibleEnd]] 36 This process will generate and store a private key and a public key file. The private key will be stored in the file and location you specify when prompted, and the public key file will be named the same as your private key file but with a .pub extension. 26 37 38 [[BR]] 39 ==== Uploading your public key to your ORBIT account ==== 40 41 To upload you public key to your orbit account, do the following: 42 1. Go to [https://www.orbit-lab.org/loginService/ControlPanel] 43 1. Click on "Change My Profile" option in the left side menu 44 1. Click the "Choose File" button next to "Public key file" 45 1. Navigate to where your public key file is stored (typically /home/your_username/.ssh) 46 1. Select the .pub file corresponding to the key you wish to use for ORBIT access 47 1. Click "Open" 48 1. Click the "Update Profile" button 49 50 As a side note, expect to see a default auto generated ORBIT public key in the list (ends with @internal1). This is used for SSH access between machines inside the ORBIT network. Please do NOT delete this key. 51 52 [[Image(ControlPanel.jpg, width=700)]] 53 54 [[BR]] 55 ==== Configuring your SSH client ==== 56 To test your setup, open a command-line terminal and (while replacing your_orbit_username with your ORBIT username) type: 57 {{{ 58 ssh your_orbit_username@gw.orbit-lab.org 59 }}} 60 Under normal circumstances, as long as the private key file is located in the /home/your_username/.ssh/ folder, the command line SSH client will use the correct key when connecting. 61 62 [[BR]] 63 ==== Common issues and how to solve them ==== 64 * If you receive a message like the following: 65 {{{ 66 The authenticity of host 'gw.orbit-lab.org (128.6.192.134)' can't be established. 67 ECDSA key fingerprint is SHA256:iLKtq2Z8wB3ADJdEyM1CwoU85gOeqIUyB4GOJ2YloQg. 68 Are you sure you want to continue connecting (yes/no)? 69 }}} 70 This is a normal message that occurs when your computer connects via SSH to another that it has never connected to before or if the "fingerprint" of the other machine changed (due to replacement or reconfiguration). Simply type {{{yes}}} and connection will proceed normally. 71 72 * If you receive a message like the following: 73 {{{ 74 Permission denied (publickey). 75 }}} 76 Try connecting again but manually specifying the location where your private SSH key is stored as in the following example: 77 {{{ 78 ssh -i /path_to_where_key_is_stored/private_ssh_key_name your_orbit_username@gw.orbit-lab.org 79 }}} 80 81 [[CollapsibleEnd]] 82 [[BR]] 27 83 [[CollapsibleStart(Windows)]] 28 84 ==== PuTTY ==== … … 44 100 || 6. || After you upload public key you can connect to host choosing Public Key option for Authentication Method. ||[[Image(SecSh8.jpg, width=300)]] || 45 101 102 [[BR]] 103 ==== Uploading your public key to you ORBIT account ==== 104 ''NOTE:Internet Explorer is not supported for Control Panel operations (including key upload)'' 105 106 To upload you public key to your orbit account, do the following: 107 1. Go to [https://www.orbit-lab.org/loginService/ControlPanel] 108 1. Click on "Change My Profile" option in the left side menu 109 1. Click the "Choose File" button next to "Public key file" 110 1. Navigate to where your public key file is stored (typically /home/your_username/.ssh) 111 1. Select the .pub file corresponding to the key you wish to use for ORBIT access 112 1. Click "Open" 113 1. Click the "Update Profile" button 114 115 As a side note, expect to see a default auto generated ORBIT public key in the list (ends with @internal1). This is used for SSH access between machines inside the ORBIT network. Please do NOT delete this key. 116 117 [[Image(ControlPanel.jpg, width=700)]] 118 46 119 [[CollapsibleEnd]] 47 120 [[BR]] 48 121 [[CollapsibleStart(Mac)]] 49 122 TODO 50 123 [[CollapsibleEnd]] 51 52 [[BR]]53 === Uploading the public key to ORBIT === #Upload54 55 To upload you public key to your orbit account visit [https://www.orbit-lab.org/loginService/ControlPanel]. Choose "Change My Profile" option which will bring up the form to upload your public key. Please be aware that IE browser is not supported for Control Panel operations (and key upload). Also, expect to see your default auto generated ORBIT public key for your account in the list. It is used for ssh-access between machines within the ORBIT testbed. Please do NOT delete this key.56 57 [[Image(ControlPanel.jpg)]]
