Passwordless SSH HowTo

From LWP-Wiki
Jump to navigation Jump to search

It's possible to use SSH to connect to your LWP directly. To connect to any LWP from outside the university network we require 2 factor authentication. This is achieved by requiring a password and a ssh key to login.
We have a login server available to access your home directory, so you don't have to leave your own PC turned on. It's not a big machine, so don't use it to do your work on or you'll bother other users trying to access their files.

The login server ssh-hostkeys:
256 SHA256:AJ8LcLyE0+my7uUW24A5iZ4Sr/7wU/KdK6l72A69T80 ssh.lwp.rug.nl (ECDSA)
2048 SHA256:Zg6Z6ULOPP/991wsBe0ioMD2lENX4ewYMgTS90Hky/M ssh.lwp.rug.nl (RSA)
256 SHA256:YeSHwEfASFD5EckDwl2X2rbmhDtZ12+5HCOzvG9n6BI ssh.lwp.rug.nl (ED25519)

Connecting to the LWP from home with SSH.

Replace ssh.lwp.rug.nl with the hostname of the machine you're trying to connect to.

Create a new SSH key pair

Create a key pair using the following command:

 ssh-keygen -t rsa -b 4096 -C "LWP" -f ~/.ssh/lwp_rsa

Note: You can enter any comment with the “-C” option, e.g. username@hostname, so you can easily see what you're using the key for. The “-C” option is not mandatory.

Add your public key to the authorized_keys file

To allow your account to login to the LWP you'll have to add your public key to a authorized_keys file:

 cat ~/.ssh/lwp_rsa.pub >> ~/.ssh/authorized_keys

Note: This can only be done if you're logged in to a LWP, but because of COVID that isn't an option for most, therefore you can send us your public key and we'll add it.

Set up your own system

Use a USB drive to transfer your key pair to your own system securely.

 cp ~/.ssh/lwp_rsa* /media/<your usb device>/

Copy your key pair to your home directory:

 mkdir ~/.ssh
 cp /media/<your usb device>/lwp_rsa* ~/.ssh/

Set the correct permissions:

 chmod 0700 ~/.ssh
 chmod 0600 ~/.ssh/lwp_rsa

Try the connection:

 ssh -i ~/.ssh/lwp_rsa <username>@ssh.lwp.rug.nl

Make your life easier by creating a ~/.ssh/config file and adding the following:

host lwp
user <username>
IdentityFile ~/.ssh/lwp_rsa
ForwardX11 yes
HostName ssh.lwp.rug.nl

Then connect with:

ssh lwp

Enter your password and you should find yourself in your home directory.