Skip to content

Create an SSH key pair for use with Bianca

This page describes how to create and use an SSH key for the Bianca cluster.

Procedure

This procedure will fail if:

This may have changed as of 2025-02-05

If the procedure below does not work after 2025-02-07, please contact UPPMAX support: the documentation will be updated then :-)

Here is the procedure.

1. Create an SSH key pair

On your local computer, create an SSH key pair with the following command:

Can I also do this from Rackham?

Yes.

In that case, read 'Rackham' instead of 'local computer'

ssh-keygen -a 100 -t ed25519 -f ~/.ssh/id_ed25519_uppmax_login -C "My comment"

Here is a description of the flags:

  • -a 100: 100 rounds of key derivations, making your key's password harder to brute-force, as is recommended here
  • -t ed25519: type of encryption scheme
  • -f ~/.ssh/id_ed25519_uppmax_login: specify filename, following the naming scheme as suggested here
  • -C "My comment": a comment that will be stored in the key, so you can find out what it was for

2. Add the content of your public key to Bianca's authorized keys

Add the content of the public key id_ed25519_uppmax_login.pub on your local computer to the Bianca's $HOME/.ssh/authorized_keys.

There are multiple ways to do so.

Can I use ssh-copy?

No.

You can not use ssh-copy.

One way is to, on your local computer, view the content of the file:

cat $HOME/.ssh/id_ed25519_uppmax_login.pub

Then copy that line to your clipboard.

How does that look like?
$ cat $HOME/.ssh/id_ed25519_uppmax_login.pub
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFGXV8fRK+cazt8qHX+fGS+w6WPOuE82Q19A12345678 Sven's key to UPPMAX

On Bianca, to edit the authorized keys file, do:

nano $HOME/.ssh/authorized_keys

In nano, paste the line in your clipboard. Save the file and close nano.

The public key must be one line

The public key you've just copy-pasted must be one line. It must not be wrapped/split over multiple lines.

How can I check?

On Bianca, do:

cat .ssh/authorized_keys 

You should find your public key there. It looks similar to this:

[sven@sens2017625-bianca ~]$ cat .ssh/authorized_keys 
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFGXV8fRK+cazt8qHX+fGS+w6WPOuE82Q19A12345678 Sven's key to UPPMAX

3. Set the right permissions

On Bianca, do:

chmod 700 .ssh/authorized_keys
chmod 700 .ssh
chmod 700 ~
How can I check?

You can check by doing the following and observing similar output:

ls -ld .ssh

Output should be:

drwx--S--- 2 sven sven 4096 Jan  8 10:26 .ssh

Second checkL

[richel@sens2017625-bianca ~]$ ls -ld .ssh/authorized_keys 

Output should be similar to:

-rwx------ 1 sven sven 104 Jan  8 10:26 .ssh/authorized_keys

Third check:

ls -l .ssh

Output should be similar to:

total 1
-rw-r----- 1 user user 743 May  7  2019 authorized_keys

or

total 1
-rwx------ 1 sven sven 104 Jan  8 10:26 authorized_keys

4. Log in to Bianca via the console using an SSH key

Log in to Bianca via the console using an SSH key, using ssh -A:

ssh -A [username]-[project]@bianca.uppmax.uu.se

For example:

ssh -A sven-sens12345@bianca.uppmax.uu.se

You will still get one login, which is the one that asks your UPPMAX password and 2FA.

If all worked, there will be no need anymore to again type the UPPMAX password.

Troubleshooting

To debug, run SSH commands with the -vv flag.

How does that look like?
...
debug1: Requesting authentication agent forwarding.
debug2: channel 1: request auth-agent-req@openssh.com confirm 0
...

debug1: client_input_channel_open: ctype auth-agent@openssh.com rchan 2 win 65536 max 16384
debug1: client_request_agent: bound agent to hostkey
debug2: fd 8 setting O_NONBLOCK
debug1: channel 2: new [authentication agent connection]
debug1: confirm auth-agent@openssh.com
Last login: Tue Jul 11 18:44:21 2023 from 172.18.144.254
 _   _ ____  ____  __  __    _    __  __
| | | |  _ \|  _ \|  \/  |  / \   \ \/ /   | System:    sens2017625-bianca
| | | | |_) | |_) | |\/| | / _ \   \  /    | User:      user
| |_| |  __/|  __/| |  | |/ ___ \  /  \    |
 \___/|_|   |_|   |_|  |_/_/   \_\/_/\_\   |

  ###############################################################################

On Linux, it still asks for a password

From this post and its answer:

On Bianca, do:

chmod 700 .ssh/authorized_keys 
chmod 700 .ssh
chmod 700 ~

On your local computer, do:

chmod 700 .ssh/authorized_keys 
chmod 700 .ssh
chmod 700 ~