Passwordless SSH HowTo: Difference between revisions
No edit summary |
|||
(7 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
It's possible to use SSH to connect | It's possible to use SSH to connect from one LWP to another without using a password.<br> | ||
We have a login server available to access your home directory, so you don't have to leave your own PC turned on. It's not a big machine, so don't use it to do your work on or you'll bother other users trying to access their files.<br> | We have a login server available to access your home directory, so you don't have to leave your own PC turned on. It's not a big machine, so don't use it to do your work on or you'll bother other users trying to access their files.<br> | ||
<br> | <br> | ||
The login server '''ssh-hostkeys''':<br> | The login server '''ssh-hostkeys''':<br> | ||
2048 SHA256:BqwCk82bRDxY3YLkumDcr8d0RKExSCX+zbsgdDyfF4w '''ssh.lwp.rug.nl''' (RSA)<br> | |||
256 SHA256:MfSPCbM20GbH+zMDUAEFzk80vTxF2890ch2EQJjEi3o '''ssh.lwp.rug.nl''' (ED25519)<br> | |||
256 SHA256: | 256 SHA256:Fck7jcOsqDtqcCFncx144z2tt12oMWXD4Jiz0LJbapw '''ssh.lwp.rug.nl''' (ECDSA)<br> | ||
<br> | <br> | ||
== Connecting to | == Connecting to another LWP with SSH.== | ||
Replace '''ssh.lwp.rug.nl''' with the hostname of the machine you're trying to connect to.<br> | Replace '''ssh.lwp.rug.nl''' with the hostname or ip-address of the machine you're trying to connect to.<br> | ||
===Add your p-number to the allowed users list=== | |||
Add your p-number to the file /etc/users_allowed_ssh. | |||
===Create a new SSH key pair=== | ===Create a new SSH key pair=== | ||
Create a key pair using the following command:<br> | Create a key pair using the following command:<br> | ||
ssh-keygen -t rsa -b 4096 -C "LWP" -f ~/.ssh/lwp_rsa | ssh-keygen -t rsa -b 4096 -C "LWP" -f ~/.ssh/lwp_rsa | ||
If you don't work with linux you can go to https://vlwp.rug.nl/, login with your RUG account and do it there.<br> | |||
''Note: You can enter any comment with the “-C” option, e.g. username@hostname, so you can easily see what you're using the key for. The “-C” option is not mandatory.''<br> | ''Note: You can enter any comment with the “-C” option, e.g. username@hostname, so you can easily see what you're using the key for. The “-C” option is not mandatory.''<br> | ||
===Add your public key to the authorized_keys file=== | ===Add your public key to the authorized_keys file=== | ||
To allow your account to login to the LWP you'll have to add your public key to a authorized_keys file:<br> | To allow your account to login to the LWP you'll have to add your public key to a authorized_keys file:<br> | ||
cat ~/.ssh/lwp_rsa.pub >> ~/.ssh/authorized_keys | cat ~/.ssh/lwp_rsa.pub >> ~/.ssh/authorized_keys | ||
''Note: This can only be done if you're logged in to a LWP | ''Note: This can only be done if you're logged in to a LWP; Use https://vlwp.rug.nl/ if you are not physically on a LWP. | ||
===Set up your own | ===Set up your own LWP=== | ||
Use a USB drive to transfer your key pair to your own system securely.<br> | Use a USB drive to transfer your key pair to your own system securely.<br> | ||
cp ~/.ssh/lwp_rsa* /media/'''<your usb device>'''/ | cp ~/.ssh/lwp_rsa* /media/'''<your usb device>'''/ | ||
Line 28: | Line 32: | ||
chmod 0600 ~/.ssh/lwp_rsa | chmod 0600 ~/.ssh/lwp_rsa | ||
Try the connection: | Try the connection: | ||
ssh -i ~/.ssh/lwp_rsa '''<username>'''@ssh.lwp.rug.nl | ssh -i ~/.ssh/lwp_rsa '''<username>'''@ssh.lwp.rug.nl or hostname or ip-address | ||
Make your life easier by creating a '''~/.ssh/config''' file and adding the following: | Make your life easier by creating a '''~/.ssh/config''' file and adding the following: | ||
host lwp | host other-lwp | ||
user '''<username>''' | user '''<username>''' | ||
IdentityFile ~/.ssh/lwp_rsa | IdentityFile ~/.ssh/lwp_rsa | ||
ForwardX11 yes | ForwardX11 yes | ||
HostName ssh.lwp.rug.nl | HostName ssh.lwp.rug.nl or hostname or ip-address | ||
Then connect with: | Then connect with: | ||
ssh lwp | ssh other-lwp | ||
and you should find yourself in your home directory. |
Latest revision as of 11:40, 28 August 2023
It's possible to use SSH to connect from one LWP to another without using a password.
We have a login server available to access your home directory, so you don't have to leave your own PC turned on. It's not a big machine, so don't use it to do your work on or you'll bother other users trying to access their files.
The login server ssh-hostkeys:
2048 SHA256:BqwCk82bRDxY3YLkumDcr8d0RKExSCX+zbsgdDyfF4w ssh.lwp.rug.nl (RSA)
256 SHA256:MfSPCbM20GbH+zMDUAEFzk80vTxF2890ch2EQJjEi3o ssh.lwp.rug.nl (ED25519)
256 SHA256:Fck7jcOsqDtqcCFncx144z2tt12oMWXD4Jiz0LJbapw ssh.lwp.rug.nl (ECDSA)
Connecting to another LWP with SSH.
Replace ssh.lwp.rug.nl with the hostname or ip-address of the machine you're trying to connect to.
Add your p-number to the allowed users list
Add your p-number to the file /etc/users_allowed_ssh.
Create a new SSH key pair
Create a key pair using the following command:
ssh-keygen -t rsa -b 4096 -C "LWP" -f ~/.ssh/lwp_rsa
If you don't work with linux you can go to https://vlwp.rug.nl/, login with your RUG account and do it there.
Note: You can enter any comment with the “-C” option, e.g. username@hostname, so you can easily see what you're using the key for. The “-C” option is not mandatory.
Add your public key to the authorized_keys file
To allow your account to login to the LWP you'll have to add your public key to a authorized_keys file:
cat ~/.ssh/lwp_rsa.pub >> ~/.ssh/authorized_keys
Note: This can only be done if you're logged in to a LWP; Use https://vlwp.rug.nl/ if you are not physically on a LWP.
Set up your own LWP
Use a USB drive to transfer your key pair to your own system securely.
cp ~/.ssh/lwp_rsa* /media/<your usb device>/
Copy your key pair to your home directory:
mkdir ~/.ssh cp /media/<your usb device>/lwp_rsa* ~/.ssh/
Set the correct permissions:
chmod 0700 ~/.ssh chmod 0600 ~/.ssh/lwp_rsa
Try the connection:
ssh -i ~/.ssh/lwp_rsa <username>@ssh.lwp.rug.nl or hostname or ip-address
Make your life easier by creating a ~/.ssh/config file and adding the following:
host other-lwp user <username> IdentityFile ~/.ssh/lwp_rsa ForwardX11 yes HostName ssh.lwp.rug.nl or hostname or ip-address
Then connect with:
ssh other-lwp
and you should find yourself in your home directory.