Setting up SSH keys
You can setup SSH keys on dev.open-bio.org so you can use ssh-agent to cache your password locally and not be prompted for your password when logging into the machine. This is done as you would for any machine where you want to use SSH keys.
- Copy your local public key ($HOME/.ssh/id_dsa.pub usually) to the server with a name like MyKey.pub.
- Append this key to the end of the authorized_keys2 file in your .ssh directory on the dev.open-bio.org machine (you may need to first make this directory).
- Make sure the permissions are set properly for this file, it should writeable only by you and readable only by everyone else, in other words chmod 644 $HOME/.ssh/authorized_keys2.
- [OPTIONAL] If you have not previously setup SSH on the machine you may want to generate a unique key pair using the ssh-keygen program.
% ssh-keygen -d
and it will prompt you for a place to write your key locally and for a password for the key. We recommend you include a password for your keypair rather than leaving it blank.
The sequence of commands might look like this then (comments in green)
myhost% ssh-keygen -d Only do this if you have never created a keypair for this account. Generating public/private dsa key pair. Enter file in which to save the key (/home/me/.ssh/id_dsa): Created directory '/home/me/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/me/.ssh/id_dsa. Your public key has been saved in /home/me/.ssh/id_dsa.pub. The key fingerprint is: c8:f9:cd:4e:9d:b9:39:c0:73:f7:cc:f0:98:d4:d0:53 firstname.lastname@example.org
myhost% scp .ssh/id_dsa.pub email@example.com:mykey.pub
myhost% ssh firstname.lastname@example.org
dev.open-bio.org% mkdir .ssh Only do this if the dir doesn't exist on dev.open-bio.org. dev.open-bio.org% cat mykey.pub >> $HOME/.ssh/authorized_keys2 dev.open-bio.org% rm mykey.pub dev.open-bio.org% chmod 644 $HOME/.ssh/authorized_keys2 dev.open-bio.org% chmod 700 $HOME/.ssh dev.open-bio.org% logout
myhost% ssh email@example.com Enter passphrase for key '/Users/me/.ssh/id_dsa': dev.open-bio.org% ...and now you're logged into dev.open-bio.org.
Now if you have setup ssh-agent to run you won't need to enter you password after you have typed it once. One way to run it is like this. First add the variable SSH_AUTH_SOCK to your .bash_profile or .cshrc, and set it to a value where you will have a file created to be the socket file. For example here is the line from a .bash_profile:
Don't forget to make the $HOME/tmp/ssh directory.
% mkdir -p $HOME/tmp/ssh
Now we'll run ssh-agent and have it attach to a file in this directory as defined by the environment variable we just set. This can be a script you put in your $HOME/bin. Note that it needs the $USER environment variable defined. Depending on your version of ps you may need to adjust the command line arguments on the
#!/bin/sh # Check that the ssh-agent is running, and if not, kick it off SOCKETFILE=$HOME/tmp/ssh/ssh-agent.socket ps -wU $USER| grep "[s]sh-agent" > /dev/null if [ $? -gt 0 ]; then ssh-agent -a $SOCKETFILE > /dev/null chmod 600 $SOCKETFILE fi
You will need to only run this script once after you login into a machine. Since the environment variable should be valid for all the sessions you have on the machine you won't need to run the script more than once. It can be something that you also execute during your .xinitrc startup or in other places that seem appropriate for your system.
The last think you need to do is enter the password to be cached. You do this by running
and it will prompt you for your password for your key pair. Enter it, then try logging into a host where you have setup public keys like dev.open-bio.org.