Passwordless SSH HowTo: Difference between revisions

From LWP-Wiki
Jump to navigation Jump to search
No edit summary
No edit summary
(8 intermediate revisions by the same user not shown)
Line 3: Line 3:
<br>
<br>
The login server '''ssh-hostkeys''':<br>
The login server '''ssh-hostkeys''':<br>
256 SHA256:AJ8LcLyE0+my7uUW24A5iZ4Sr/7wU/KdK6l72A69T80 '''ssh.lwp.rug.nl''' (ECDSA)<br>
2048 SHA256:BqwCk82bRDxY3YLkumDcr8d0RKExSCX+zbsgdDyfF4w '''ssh.lwp.rug.nl''' (RSA)<br>
2048 SHA256:Zg6Z6ULOPP/991wsBe0ioMD2lENX4ewYMgTS90Hky/M '''ssh.lwp.rug.nl''' (RSA)<br>
256 SHA256:MfSPCbM20GbH+zMDUAEFzk80vTxF2890ch2EQJjEi3o '''ssh.lwp.rug.nl''' (ED25519)<br>
256 SHA256:YeSHwEfASFD5EckDwl2X2rbmhDtZ12+5HCOzvG9n6BI '''ssh.lwp.rug.nl''' (ED25519)<br>
256 SHA256:Fck7jcOsqDtqcCFncx144z2tt12oMWXD4Jiz0LJbapw '''ssh.lwp.rug.nl''' (ECDSA)<br>
<br>
<br>
== Connecting to the LWP from home with SSH.==
== Connecting to the LWP from home with SSH.==
You can replace '''ssh.lwp.rug.nl''' with the hostname of the machine you're trying to connect to.<br>
Replace '''ssh.lwp.rug.nl''' with the hostname of the machine you're trying to connect to.<br>
If you already have a ssh key pair you want to use, you can skip creating a new key pair.<br>
===Create a new SSH key pair===
=== Create a new SSH key pair ===
Create a key pair using the following command:<br>
Create a key pair using the following command:
   ssh-keygen -t rsa -b 4096 -C "LWP" -f ~/.ssh/lwp_rsa
   ssh-keygen -t rsa -b 4096 -C "LWP" -f ~/.ssh/lwp_rsa
''Note: You can enter any comment with the “-C” option, e.g. username@hostname, so you can easily see what you're using the key for. The “-C” option is not mandatory.''<br>
===Add your public key to the authorized_keys file===
To allow your account to login to the LWP you'll have to add your public key to a authorized_keys file:<br>
  cat ~/.ssh/lwp_rsa.pub >> ~/.ssh/authorized_keys
''Note: This can only be done if you're logged in to a LWP, but because of COVID that isn't an option for most, therefore you can send [mailto:lwp@rug.nl us] your public key and a picture of your RUG-pas (so we can verify it's you) then we'll add it for you.''


''Note: You can enter a comment with the “-C” option, e.g. username@hostname, so you can easily see what you're using the key for. The “-C” option is not mandatory.''
===Set up your own system===
 
Use a USB drive to transfer your key pair to your own system securely.<br>
#2 Add your public key to the login server.
  cp ~/.ssh/lwp_rsa* /media/'''<your usb device>'''/
This can only be done from a LWP!
Copy your key pair to your home directory:<br>
To set up your account for use with lwp-ssh.service.rug.nl you'll first have to login to any LWP and access the login server from there:
  mkdir ~/.ssh
ssh lwp-ssh.service.rug.nl
  cp /media/'''<your usb device>'''/lwp_rsa* ~/.ssh/
cat ~/.ssh/s1234567_lwp_rsa.pub >> /var/lwp/ssh/s1234567/authorized_keys
Set the correct permissions:<br>
 
  chmod 0700 ~/.ssh
#3 Set up your own system
  chmod 0600 ~/.ssh/lwp_rsa
Copy your key pair to a USB drive to take home. Don't use e-mail unless you're able to encrypt it!
Try the connection:
 
  ssh -i ~/.ssh/lwp_rsa '''<username>'''@ssh.lwp.rug.nl
On your own system, copy your key pair to wherever you find convenient (I assume the default here). Set the correct permissions and connect to the login server using the following commands:
Make your life easier by creating a '''~/.ssh/config''' file and adding the following:
chmod 0700 ~/.ssh
  host lwp
chmod 0600 ~/.ssh/s1234567_lwp_rsa
  user '''<username>'''
ssh -k -i ~/.ssh/s1234567_lwp_rsa s1234567@lwp-ssh.service.rug.nl
  IdentityFile ~/.ssh/lwp_rsa
 
Or you can configure your ~/.ssh/config file and connect with one simple command. Add the following lines (with your own information) to ~/.ssh/config:
  host lwp-ssh
  user s1234567
  IdentityFile ~/.ssh/s1234567_lwp_rsa
  ForwardX11 yes
  ForwardX11 yes
  HostName lwp-ssh.service.rug.nl
  HostName ssh.lwp.rug.nl
Then connect with:
Then connect with:
  ssh lwp-ssh
  ssh lwp
 
Enter your password and you should find yourself in your home directory.
Enter your password and you should find yourself in your home dir.

Revision as of 12:44, 11 May 2021

It's possible to use SSH to connect to your LWP directly. To connect to any LWP from outside the university network we require 2 factor authentication. This is achieved by requiring a password and a ssh key to login.
We have a login server available to access your home directory, so you don't have to leave your own PC turned on. It's not a big machine, so don't use it to do your work on or you'll bother other users trying to access their files.

The login server ssh-hostkeys:
2048 SHA256:BqwCk82bRDxY3YLkumDcr8d0RKExSCX+zbsgdDyfF4w ssh.lwp.rug.nl (RSA)
256 SHA256:MfSPCbM20GbH+zMDUAEFzk80vTxF2890ch2EQJjEi3o ssh.lwp.rug.nl (ED25519)
256 SHA256:Fck7jcOsqDtqcCFncx144z2tt12oMWXD4Jiz0LJbapw ssh.lwp.rug.nl (ECDSA)

Connecting to the LWP from home with SSH.

Replace ssh.lwp.rug.nl with the hostname of the machine you're trying to connect to.

Create a new SSH key pair

Create a key pair using the following command:

 ssh-keygen -t rsa -b 4096 -C "LWP" -f ~/.ssh/lwp_rsa

Note: You can enter any comment with the “-C” option, e.g. username@hostname, so you can easily see what you're using the key for. The “-C” option is not mandatory.

Add your public key to the authorized_keys file

To allow your account to login to the LWP you'll have to add your public key to a authorized_keys file:

 cat ~/.ssh/lwp_rsa.pub >> ~/.ssh/authorized_keys

Note: This can only be done if you're logged in to a LWP, but because of COVID that isn't an option for most, therefore you can send us your public key and a picture of your RUG-pas (so we can verify it's you) then we'll add it for you.

Set up your own system

Use a USB drive to transfer your key pair to your own system securely.

 cp ~/.ssh/lwp_rsa* /media/<your usb device>/

Copy your key pair to your home directory:

 mkdir ~/.ssh
 cp /media/<your usb device>/lwp_rsa* ~/.ssh/

Set the correct permissions:

 chmod 0700 ~/.ssh
 chmod 0600 ~/.ssh/lwp_rsa

Try the connection: 

 ssh -i ~/.ssh/lwp_rsa <username>@ssh.lwp.rug.nl

Make your life easier by creating a ~/.ssh/config file and adding the following: 

host lwp
user <username>
IdentityFile ~/.ssh/lwp_rsa
ForwardX11 yes
HostName ssh.lwp.rug.nl

Then connect with: 

ssh lwp

Enter your password and you should find yourself in your home directory.

Retrieved from "https://lwpwiki.webhosting.rug.nl/index.php?title=Passwordless_SSH_HowTo&oldid=887"