Passwordless SSH HowTo: Difference between revisions

From LWP-Wiki
Jump to navigation Jump to search
No edit summary
No edit summary
Line 10: Line 10:
You can replace '''ssh.lwp.rug.nl''' with the hostname of the machine you're trying to connect to.<br>
You can replace '''ssh.lwp.rug.nl''' with the hostname of the machine you're trying to connect to.<br>
If you already have a ssh key pair you want to use, you can skip creating a new key pair.<br>
If you already have a ssh key pair you want to use, you can skip creating a new key pair.<br>
=== Create a new SSH key pair ===
===Create a new SSH key pair===
Create a key pair using the following command:
Create a key pair using the following command:<br>
   ssh-keygen -t rsa -b 4096 -C "LWP" -f ~/.ssh/lwp_rsa
   ssh-keygen -t rsa -b 4096 -C "LWP" -f ~/.ssh/lwp_rsa
 
''Note: You can enter any comment with the “-C” option, e.g. username@hostname, so you can easily see what you're using the key for. The “-C” option is not mandatory.''<br>
''Note: You can enter a comment with the “-C” option, e.g. username@hostname, so you can easily see what you're using the key for. The “-C” option is not mandatory.''
===Add your public key to the authorized_keys file===
 
To allow your account to login to the LWP you'll have to add your public key to a authorized_keys file:<br>
#2 Add your public key to the login server.
  cat ~/.ssh/lwp_rsa.pub >> ~/.ssh/authorized_keys
This can only be done from a LWP!
===Set up your own system===
To set up your account for use with lwp-ssh.service.rug.nl you'll first have to login to any LWP and access the login server from there:
Use a USB drive to transfer your key pair to your own system securely.<br>
ssh lwp-ssh.service.rug.nl
  cp ~/.ssh/lwp_rsa* /media/'''<your usb device>'''/
cat ~/.ssh/s1234567_lwp_rsa.pub >> /var/lwp/ssh/s1234567/authorized_keys
Copy your key pair to your home directory and set the correct permissions:<br>
 
  mkdir ~/.ssh
#3 Set up your own system
  cp /media/'''<your usb device>'''/lwp_rsa* ~/.ssh/
Copy your key pair to a USB drive to take home. Don't use e-mail unless you're able to encrypt it!
  chmod 0700 ~/.ssh
 
  chmod 0600 ~/.ssh/lwp_rsa
On your own system, copy your key pair to wherever you find convenient (I assume the default here). Set the correct permissions and connect to the login server using the following commands:
Try the connection:
chmod 0700 ~/.ssh
  ssh -i ~/.ssh/lwp_rsa '''<username>'''@ssh.lwp.rug.nl
chmod 0600 ~/.ssh/s1234567_lwp_rsa
Make your life easier by creating a '''~/.ssh/config''' file and adding the following:
ssh -k -i ~/.ssh/s1234567_lwp_rsa s1234567@lwp-ssh.service.rug.nl
  host lwp
 
  user '''<username>'''
Or you can configure your ~/.ssh/config file and connect with one simple command. Add the following lines (with your own information) to ~/.ssh/config:
  IdentityFile ~/.ssh/lwp_rsa
  host lwp-ssh
  user s1234567
  IdentityFile ~/.ssh/s1234567_lwp_rsa
  ForwardX11 yes
  ForwardX11 yes
  HostName lwp-ssh.service.rug.nl
  HostName ssh.lwp.rug.nl
Then connect with:
Then connect with:
  ssh lwp-ssh
  ssh lwp
 
Enter your password and you should find yourself in your home dir.
Enter your password and you should find yourself in your home dir.

Revision as of 16:23, 26 March 2021

It's possible to use SSH to connect to your LWP directly. To connect to any LWP from outside the university network we require 2 factor authentication. This is achieved by requiring a password and a ssh key to login.
We have a login server available to access your home directory, so you don't have to leave your own PC turned on. It's not a big machine, so don't use it to do your work on or you'll bother other users trying to access their files.

The login server ssh-hostkeys:
256 SHA256:AJ8LcLyE0+my7uUW24A5iZ4Sr/7wU/KdK6l72A69T80 ssh.lwp.rug.nl (ECDSA)
2048 SHA256:Zg6Z6ULOPP/991wsBe0ioMD2lENX4ewYMgTS90Hky/M ssh.lwp.rug.nl (RSA)
256 SHA256:YeSHwEfASFD5EckDwl2X2rbmhDtZ12+5HCOzvG9n6BI ssh.lwp.rug.nl (ED25519)

Connecting to the LWP from home with SSH.

You can replace ssh.lwp.rug.nl with the hostname of the machine you're trying to connect to.
If you already have a ssh key pair you want to use, you can skip creating a new key pair.

Create a new SSH key pair

Create a key pair using the following command:

 ssh-keygen -t rsa -b 4096 -C "LWP" -f ~/.ssh/lwp_rsa

Note: You can enter any comment with the “-C” option, e.g. username@hostname, so you can easily see what you're using the key for. The “-C” option is not mandatory.

Add your public key to the authorized_keys file

To allow your account to login to the LWP you'll have to add your public key to a authorized_keys file:

 cat ~/.ssh/lwp_rsa.pub >> ~/.ssh/authorized_keys

Set up your own system

Use a USB drive to transfer your key pair to your own system securely.

 cp ~/.ssh/lwp_rsa* /media/<your usb device>/

Copy your key pair to your home directory and set the correct permissions:

 mkdir ~/.ssh
 cp /media/<your usb device>/lwp_rsa* ~/.ssh/
 chmod 0700 ~/.ssh
 chmod 0600 ~/.ssh/lwp_rsa

Try the connection: 

 ssh -i ~/.ssh/lwp_rsa <username>@ssh.lwp.rug.nl

Make your life easier by creating a ~/.ssh/config file and adding the following: 

host lwp
user <username>
IdentityFile ~/.ssh/lwp_rsa
ForwardX11 yes
HostName ssh.lwp.rug.nl

Then connect with: 

ssh lwp

Enter your password and you should find yourself in your home dir.

Retrieved from "https://lwpwiki.webhosting.rug.nl/index.php?title=Passwordless_SSH_HowTo&oldid=836"