Passwordless SSH HowTo: Difference between revisions

From LWP-Wiki
Jump to navigation Jump to search
No edit summary
No edit summary
Line 1: Line 1:
It's possible to use SSH to connect to your LWP directly. You will require a SSH key to do so. We have a login server available to access your home directory, so you don't have to leave your own PC turned on. It's not a big machine, so don't use it to do your work on or you'll bother other users trying to access their files.<br>
It's possible to use SSH to connect to your LWP directly. To connect to any LWP from outside the university network we require 2 factor authentication. This is achieved by requiring a password and a ssh key to login.<br>
We have a login server available to access your home directory, so you don't have to leave your own PC turned on. It's not a big machine, so don't use it to do your work on or you'll bother other users trying to access their files.<br>
<br>
<br>
''Note: There are other login servers available, but they are department specific, so we won't post them here.''<br>
The login server '''ssh-hostkeys''':<br>
256 SHA256:AJ8LcLyE0+my7uUW24A5iZ4Sr/7wU/KdK6l72A69T80 '''ssh.lwp.rug.nl''' (ECDSA)<br>
2048 SHA256:Zg6Z6ULOPP/991wsBe0ioMD2lENX4ewYMgTS90Hky/M '''ssh.lwp.rug.nl''' (RSA)<br>
256 SHA256:YeSHwEfASFD5EckDwl2X2rbmhDtZ12+5HCOzvG9n6BI '''ssh.lwp.rug.nl''' (ED25519)<br>
<br>
<br>
The login server '''ssh-hostkeys''':<br>
== Connecting to the LWP from home with SSH.==
256 SHA256:AJ8LcLyE0+my7uUW24A5iZ4Sr/7wU/KdK6l72A69T80 ssh.lwp.rug.nl (ECDSA)<br>
You can replace '''ssh.lwp.rug.nl''' with the hostname of the machine you're trying to connect to.<br>
2048 SHA256:Zg6Z6ULOPP/991wsBe0ioMD2lENX4ewYMgTS90Hky/M ssh.lwp.rug.nl (RSA)<br>
If you already have a ssh key pair you want to use, you can skip creating a new key pair.<br>
256 SHA256:YeSHwEfASFD5EckDwl2X2rbmhDtZ12+5HCOzvG9n6BI ssh.lwp.rug.nl (ED25519)<br>
=== Create a new SSH key pair ===
Create a key pair using the following command:
  ssh-keygen -t rsa -b 4096 -C "LWP" -f ~/.ssh/lwp_rsa
 
''Note: You can enter a comment with the “-C” option, e.g. username@hostname, so you can easily see what you're using the key for. The “-C” option is not mandatory.''
 
#2 Add your public key to the login server.
This can only be done from a LWP!
To set up your account for use with lwp-ssh.service.rug.nl you'll first have to login to any LWP and access the login server from there:
ssh lwp-ssh.service.rug.nl
cat ~/.ssh/s1234567_lwp_rsa.pub >> /var/lwp/ssh/s1234567/authorized_keys
 
#3 Set up your own system
Copy your key pair to a USB drive to take home. Don't use e-mail unless you're able to encrypt it!
 
On your own system, copy your key pair to wherever you find convenient (I assume the default here). Set the correct permissions and connect to the login server using the following commands:
chmod 0700 ~/.ssh
chmod 0600 ~/.ssh/s1234567_lwp_rsa
ssh -k -i ~/.ssh/s1234567_lwp_rsa s1234567@lwp-ssh.service.rug.nl
 
Or you can configure your ~/.ssh/config file and connect with one simple command. Add the following lines (with your own information) to ~/.ssh/config:
host lwp-ssh
user s1234567
IdentityFile ~/.ssh/s1234567_lwp_rsa
ForwardX11 yes
HostName lwp-ssh.service.rug.nl
Then connect with:
ssh lwp-ssh
 
Enter your password and you should find yourself in your home dir.

Revision as of 15:53, 26 March 2021

It's possible to use SSH to connect to your LWP directly. To connect to any LWP from outside the university network we require 2 factor authentication. This is achieved by requiring a password and a ssh key to login.
We have a login server available to access your home directory, so you don't have to leave your own PC turned on. It's not a big machine, so don't use it to do your work on or you'll bother other users trying to access their files.

The login server ssh-hostkeys:
256 SHA256:AJ8LcLyE0+my7uUW24A5iZ4Sr/7wU/KdK6l72A69T80 ssh.lwp.rug.nl (ECDSA)
2048 SHA256:Zg6Z6ULOPP/991wsBe0ioMD2lENX4ewYMgTS90Hky/M ssh.lwp.rug.nl (RSA)
256 SHA256:YeSHwEfASFD5EckDwl2X2rbmhDtZ12+5HCOzvG9n6BI ssh.lwp.rug.nl (ED25519)

Connecting to the LWP from home with SSH.

You can replace ssh.lwp.rug.nl with the hostname of the machine you're trying to connect to.
If you already have a ssh key pair you want to use, you can skip creating a new key pair.

Create a new SSH key pair

Create a key pair using the following command: 

 ssh-keygen -t rsa -b 4096 -C "LWP" -f ~/.ssh/lwp_rsa

Note: You can enter a comment with the “-C” option, e.g. username@hostname, so you can easily see what you're using the key for. The “-C” option is not mandatory.

  1. 2 Add your public key to the login server.

This can only be done from a LWP! To set up your account for use with lwp-ssh.service.rug.nl you'll first have to login to any LWP and access the login server from there: 

ssh lwp-ssh.service.rug.nl
cat ~/.ssh/s1234567_lwp_rsa.pub >> /var/lwp/ssh/s1234567/authorized_keys
  1. 3 Set up your own system

Copy your key pair to a USB drive to take home. Don't use e-mail unless you're able to encrypt it!

On your own system, copy your key pair to wherever you find convenient (I assume the default here). Set the correct permissions and connect to the login server using the following commands: 

chmod 0700 ~/.ssh
chmod 0600 ~/.ssh/s1234567_lwp_rsa
ssh -k -i ~/.ssh/s1234567_lwp_rsa s1234567@lwp-ssh.service.rug.nl

Or you can configure your ~/.ssh/config file and connect with one simple command. Add the following lines (with your own information) to ~/.ssh/config: 

host lwp-ssh
user s1234567
IdentityFile ~/.ssh/s1234567_lwp_rsa
ForwardX11 yes
HostName lwp-ssh.service.rug.nl

Then connect with: 

ssh lwp-ssh

Enter your password and you should find yourself in your home dir.

Retrieved from "https://lwpwiki.webhosting.rug.nl/index.php?title=Passwordless_SSH_HowTo&oldid=835"