Setting Up Public Key Authentication for SSH. The following simple steps are required to set up public key authentication (for SSH): Key pair is created (typically by the user). This is typically done with ssh-keygen. Private key stays with the user (and only there), while the public key is sent to the server. Typically with the ssh-copy-id.
OSG Connect requires SSH-key-based logins. You need to follow a two-step process to set up the SSH key to your account.
Generate a SSH key pair.
Add your public key to the submit host by uploading it to your OSG Connect user profile (via the OSG Connect website).
After completing the process, you can log in from a local computer (your laptop or desktop) to the OSG Connect login node assignedusing either ssh or an ssh program like Putty -- see below for more details on logging in.
NOTE: Please do not edit the authorized keys file on the login node.
We will discuss how to generate a SSH key pair for two cases:
Please note: The key pair consist of a private key and a public key. You will upload the public key to OSG Connect, but you also need to keep a copy of the private key to log in!
You should keep the private key on machines that you have direct access to, i.e. your local computer (your laptop or desktop).
Open a terminal on your local computer and run the following commands:
The last command will produce a prompt similar to
Unless you want to change the location of the key, continue by pressing enter.Now you will be asked for a passphrase. Enter a passphrase that you will be able to remember and which is secure:
When everything has successfully completed, the output should resemble thefollowing:
The part you want to upload is the content of the .pub file (~/.ssh/id_rsa.pub)
If you can connect using the ssh command within the Command Prompt (Windows 10 build version 1803 and later), please follow the Mac/Linux directions above. If not, continue with the directions below.
Open the PuTTYgen program. You can download PuttyGen here: PuttyGen Download Page, scroll down until you see the puttygen.exe file.
For Type of key to generate, select RSA or SSH-2 RSA.
Click the 'Generate' button.
Move your mouse in the area below the progress bar.When the progress bar is full, PuTTYgen generates your key pair.
Type a passphrase in the 'Key passphrase' field. Type the same passphrase in the 'Confirm passphrase' field. You can use a key without a passphrase, but this is not recommended.
Click the 'Save private key' button to save the private key. You must save the private key. You will need it to connect to your machine.
Right-click in the text field labeled 'Public key for pasting into OpenSSH authorized_keys file' and choose Select All.
Right-click again in the same text field and choose Copy.
To add your public key to the OSG Connect log in node:
Go to www.osgconnect.net and sign in with the institutional identity you used when requesting an OSG Connect account.
Click 'Profile' in the top right corner.
Click the 'Edit Profile' button located after the user information in the left hand box.
Copy/paste the public key which is found in the .pub file into the 'SSH Public Key' text box. The expected key is a single line, with three fields looking something like ssh-rsa ASSFFSAF... user@host. If you used the first set of key-generating instructions it is the content of ~/.ssh/id_rsa.pub and for the second (using PuTTYgen), it is the content from step 7 above.
Click 'Update Profile'
The key is now added to your profile in the OSG Connect website. This will automaticallybe added to the login nodes within a couple hours.
After following the steps above to upload your key and it's been a few hours, you should be able to log in to OSG Connect.
Before you can connect, you will need to know which login node your account is assigned to. You can find this information on your profile from the OSG Connect website.
Go to www.osgconnect.net and sign in with your CILogin.
Click 'Profile' in the top right corner.
The assigned login nodes are listed in the left side box. Make note of the address of your assigned login node as you will use this to connect to OSG Connect.
Open a terminal and type in:
It will ask for the passphrase for your ssh key (if you set one) and then you should be logged in.
On older versions of Windows, you can use the Putty program to log in.
Open the PutTTY program. If necessary, you can download PuTTY from the website here PuTTY download page.
Type the address of your assigned login node as the hostname (see 'Determine which login node to use' above).
In the left hand menu, click the '+' next to 'SSH' to expand the menu.
Click 'Auth' in the 'SSH' menu.
Click 'Browse' and specify the private key file you saved in step 5 above.
Click 'Open' and provide your passphrase when prompted to do so.
For assistance or questions, please email the OSG User Support team at support@opensciencegrid.org or visit the help desk and community forums.
This page was updated on Apr 06, 2020 at 09:48 from start/account/generate-add-sshkey.md.