Create an SSH key pair for use with Bianca¶
This page describes how to create and use an SSH key for the Bianca cluster.
Procedure¶
This procedure will fail if:
- You are outside of the university networks, see how to get inside the university networks. This video shows it will fail when being outside of the university networks
Here is the procedure.
1. Create an SSH key pair¶
On your local computer, create an SSH key pair with the following command:
Can I also do this from Rackham?
Yes.
In that case, read 'Rackham' instead of 'local computer'
Here is a description of the flags:
-a 100: 100 rounds of key derivations, making your key's password harder to brute-force, as is recommended here-t ed25519: type of encryption scheme-f ~/.ssh/id_ed25519_uppmax_login: specify filename, following the naming scheme as suggested here-C "My comment": a comment that will be stored in the key, so you can find out what it was for
2. Add the content of your public key to Bianca's authorized keys¶
Add the content of the public key id_ed25519_uppmax_login.pub
on your local computer to the Bianca's $HOME/.ssh/authorized_keys.
There are multiple ways to do so.
Can I use ssh-copy?
No.
You can not use ssh-copy.
One way is to, on your local computer, view the content of the file:
Then copy that line to your clipboard.
How does that look like?
On Bianca, to edit the authorized keys file, do:
In nano, paste the line in your clipboard.
Save the file and close nano.
The public key must be one line
The public key you've just copy-pasted must be one line. It must not be wrapped/split over multiple lines.
How can I check?
On Bianca, do:
You should find your public key there. It looks similar to this:
3. Set the right permissions¶
On Bianca, do:
How can I check?
You can check by doing the following and observing similar output:
Output should be:
Second checkL
Output should be similar to:
Third check:
Output should be similar to:
or
4. Log in to Bianca via the console using an SSH key¶
Log in to Bianca via the console using an SSH key,
using ssh -A:
For example:
You will still get a login, asking for (1) your UPPMAX password, (2) your UPPMAX 2FA, and (3) your UPPMAX project.
If all worked, there will be no need anymore to again type the UPPMAX password.
Troubleshooting¶
To debug, run SSH commands with the -vv flag.
How does that look like?
...
debug1: Requesting authentication agent forwarding.
debug2: channel 1: request auth-agent-req@openssh.com confirm 0
...
debug1: client_input_channel_open: ctype auth-agent@openssh.com rchan 2 win 65536 max 16384
debug1: client_request_agent: bound agent to hostkey
debug2: fd 8 setting O_NONBLOCK
debug1: channel 2: new [authentication agent connection]
debug1: confirm auth-agent@openssh.com
Last login: Tue Jul 11 18:44:21 2023 from 172.18.144.254
_ _ ____ ____ __ __ _ __ __
| | | | _ \| _ \| \/ | / \ \ \/ / | System: sens2017625-bianca
| | | | |_) | |_) | |\/| | / _ \ \ / | User: user
| |_| | __/| __/| | | |/ ___ \ / \ |
\___/|_| |_| |_| |_/_/ \_\/_/\_\ |
###############################################################################
On Linux, it still asks for a password¶
From this post and its answer:
On Bianca, do:
On your local computer, do: