Passwordless SSH HowTo: Difference between revisions

From LWP-Wiki
Jump to navigation Jump to search
No edit summary
 
(13 intermediate revisions by the same user not shown)
Line 1: Line 1:
It's possible to use SSH to connect to your LWP directly. To connect to any LWP from outside the university network we require 2 factor authentication. This is achieved by requiring a password and a ssh key to login.<br>
It's possible to use SSH to connect from one LWP to another without using a password.<br>
We have a login server available to access your home directory, so you don't have to leave your own PC turned on. It's not a big machine, so don't use it to do your work on or you'll bother other users trying to access their files.<br>
We have a login server available to access your home directory, so you don't have to leave your own PC turned on. It's not a big machine, so don't use it to do your work on or you'll bother other users trying to access their files.<br>
<br>
<br>
The login server '''ssh-hostkeys''':<br>
The login server '''ssh-hostkeys''':<br>
256 SHA256:AJ8LcLyE0+my7uUW24A5iZ4Sr/7wU/KdK6l72A69T80 '''ssh.lwp.rug.nl''' (ECDSA)<br>
2048 SHA256:BqwCk82bRDxY3YLkumDcr8d0RKExSCX+zbsgdDyfF4w '''ssh.lwp.rug.nl''' (RSA)<br>
2048 SHA256:Zg6Z6ULOPP/991wsBe0ioMD2lENX4ewYMgTS90Hky/M '''ssh.lwp.rug.nl''' (RSA)<br>
256 SHA256:MfSPCbM20GbH+zMDUAEFzk80vTxF2890ch2EQJjEi3o '''ssh.lwp.rug.nl''' (ED25519)<br>
256 SHA256:YeSHwEfASFD5EckDwl2X2rbmhDtZ12+5HCOzvG9n6BI '''ssh.lwp.rug.nl''' (ED25519)<br>
256 SHA256:Fck7jcOsqDtqcCFncx144z2tt12oMWXD4Jiz0LJbapw '''ssh.lwp.rug.nl''' (ECDSA)<br>
<br>
<br>
== Connecting to the LWP from home with SSH.==
== Connecting to another LWP with SSH.==
Replace '''ssh.lwp.rug.nl''' with the hostname of the machine you're trying to connect to.<br>
Replace '''ssh.lwp.rug.nl''' with the hostname or ip-address of the machine you're trying to connect to.<br>
If you already have a ssh key pair you want to use, you can skip creating a new key pair.<br>
===Add your p-number to the allowed users list===
Add your p-number to the file /etc/users_allowed_ssh.
===Create a new SSH key pair===
===Create a new SSH key pair===
Create a key pair using the following command:<br>
Create a key pair using the following command:<br>
   ssh-keygen -t rsa -b 4096 -C "LWP" -f ~/.ssh/lwp_rsa
   ssh-keygen -t rsa -b 4096 -C "LWP" -f ~/.ssh/lwp_rsa
If you don't work with linux you can go to https://vlwp.rug.nl/, login with your RUG account and do it there.<br>
''Note: You can enter any comment with the “-C” option, e.g. username@hostname, so you can easily see what you're using the key for. The “-C” option is not mandatory.''<br>
''Note: You can enter any comment with the “-C” option, e.g. username@hostname, so you can easily see what you're using the key for. The “-C” option is not mandatory.''<br>
===Add your public key to the authorized_keys file===
===Add your public key to the authorized_keys file===
To allow your account to login to the LWP you'll have to add your public key to a authorized_keys file:<br>
To allow your account to login to the LWP you'll have to add your public key to a authorized_keys file:<br>
   cat ~/.ssh/lwp_rsa.pub >> ~/.ssh/authorized_keys
   cat ~/.ssh/lwp_rsa.pub >> ~/.ssh/authorized_keys
===Set up your own system===
''Note: This can only be done if you're logged in to a LWP; Use https://vlwp.rug.nl/ if you are not physically on a LWP.
 
===Set up your own LWP===
Use a USB drive to transfer your key pair to your own system securely.<br>
Use a USB drive to transfer your key pair to your own system securely.<br>
   cp ~/.ssh/lwp_rsa* /media/'''<your usb device>'''/
   cp ~/.ssh/lwp_rsa* /media/'''<your usb device>'''/
Copy your key pair to your home directory and set the correct permissions:<br>
Copy your key pair to your home directory:<br>
   mkdir ~/.ssh
   mkdir ~/.ssh
   cp /media/'''<your usb device>'''/lwp_rsa* ~/.ssh/
   cp /media/'''<your usb device>'''/lwp_rsa* ~/.ssh/
Set the correct permissions:<br>
   chmod 0700 ~/.ssh
   chmod 0700 ~/.ssh
   chmod 0600 ~/.ssh/lwp_rsa
   chmod 0600 ~/.ssh/lwp_rsa
Try the connection:
Try the connection:
   ssh -i ~/.ssh/lwp_rsa '''<username>'''@ssh.lwp.rug.nl
   ssh -i ~/.ssh/lwp_rsa '''<username>'''@ssh.lwp.rug.nl or hostname or ip-address
Make your life easier by creating a '''~/.ssh/config''' file and adding the following:
Make your life easier by creating a '''~/.ssh/config''' file and adding the following:
  host lwp
  host other-lwp
  user '''<username>'''
  user '''<username>'''
  IdentityFile ~/.ssh/lwp_rsa
  IdentityFile ~/.ssh/lwp_rsa
  ForwardX11 yes
  ForwardX11 yes
  HostName ssh.lwp.rug.nl
  HostName ssh.lwp.rug.nl or hostname or ip-address
Then connect with:
Then connect with:
  ssh lwp
  ssh other-lwp
Enter your password and you should find yourself in your home dir.
and you should find yourself in your home directory.

Latest revision as of 12:40, 28 August 2023

It's possible to use SSH to connect from one LWP to another without using a password.
We have a login server available to access your home directory, so you don't have to leave your own PC turned on. It's not a big machine, so don't use it to do your work on or you'll bother other users trying to access their files.

The login server ssh-hostkeys:
2048 SHA256:BqwCk82bRDxY3YLkumDcr8d0RKExSCX+zbsgdDyfF4w ssh.lwp.rug.nl (RSA)
256 SHA256:MfSPCbM20GbH+zMDUAEFzk80vTxF2890ch2EQJjEi3o ssh.lwp.rug.nl (ED25519)
256 SHA256:Fck7jcOsqDtqcCFncx144z2tt12oMWXD4Jiz0LJbapw ssh.lwp.rug.nl (ECDSA)

Connecting to another LWP with SSH.

Replace ssh.lwp.rug.nl with the hostname or ip-address of the machine you're trying to connect to.

Add your p-number to the allowed users list

Add your p-number to the file /etc/users_allowed_ssh.

Create a new SSH key pair

Create a key pair using the following command:

 ssh-keygen -t rsa -b 4096 -C "LWP" -f ~/.ssh/lwp_rsa

If you don't work with linux you can go to https://vlwp.rug.nl/, login with your RUG account and do it there.
Note: You can enter any comment with the “-C” option, e.g. username@hostname, so you can easily see what you're using the key for. The “-C” option is not mandatory.

Add your public key to the authorized_keys file

To allow your account to login to the LWP you'll have to add your public key to a authorized_keys file:

 cat ~/.ssh/lwp_rsa.pub >> ~/.ssh/authorized_keys

Note: This can only be done if you're logged in to a LWP; Use https://vlwp.rug.nl/ if you are not physically on a LWP.

Set up your own LWP

Use a USB drive to transfer your key pair to your own system securely.

 cp ~/.ssh/lwp_rsa* /media/<your usb device>/

Copy your key pair to your home directory:

 mkdir ~/.ssh
 cp /media/<your usb device>/lwp_rsa* ~/.ssh/

Set the correct permissions:

 chmod 0700 ~/.ssh
 chmod 0600 ~/.ssh/lwp_rsa

Try the connection: 

 ssh -i ~/.ssh/lwp_rsa <username>@ssh.lwp.rug.nl or hostname or ip-address

Make your life easier by creating a ~/.ssh/config file and adding the following: 

host other-lwp
user <username>
IdentityFile ~/.ssh/lwp_rsa
ForwardX11 yes
HostName ssh.lwp.rug.nl or hostname or ip-address

Then connect with: 

ssh other-lwp

and you should find yourself in your home directory.

Retrieved from "https://lwpwiki.webhosting.rug.nl/index.php?title=Passwordless_SSH_HowTo&oldid=1095"