Setting up SSH keys

From BioPerl
Jump to: navigation, search

You can setup SSH keys on dev.open-bio.org so you can use ssh-agent to cache your password locally and not be prompted for your password when logging into the machine. This is done as you would for any machine where you want to use SSH keys.

  1. Copy your local public key ($HOME/.ssh/id_dsa.pub usually) to the server with a name like MyKey.pub.
  2. Append this key to the end of the authorized_keys2 file in your .ssh directory on the dev.open-bio.org machine (you may need to first make this directory).
  3. Make sure the permissions are set properly for this file, it should writeable only by you and readable only by everyone else, in other words chmod 644 $HOME/.ssh/authorized_keys2.
  4. [OPTIONAL] If you have not previously setup SSH on the machine you may want to generate a unique key pair using the ssh-keygen program.
% ssh-keygen -d 

and it will prompt you for a place to write your key locally and for a password for the key. We recommend you include a password for your keypair rather than leaving it blank.

The sequence of commands might look like this then (comments in green)

myhost% ssh-keygen -d   Only do this if you have never created a keypair for this account.
Generating public/private dsa key pair.
Enter file in which to save the key (/home/me/.ssh/id_dsa): 
Created directory '/home/me/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/me/.ssh/id_dsa.
Your public key has been saved in /home/me/.ssh/id_dsa.pub.
The key fingerprint is:
c8:f9:cd:4e:9d:b9:39:c0:73:f7:cc:f0:98:d4:d0:53 me@myhost.com
myhost% scp .ssh/id_dsa.pub me@dev.open-bio.org:mykey.pub
myhost% ssh me@dev.open-bio.org
dev.open-bio.org% mkdir .ssh   Only do this if the dir doesn't exist on dev.open-bio.org.
dev.open-bio.org% cat mykey.pub >> $HOME/.ssh/authorized_keys2
dev.open-bio.org% rm mykey.pub
dev.open-bio.org% chmod 644  $HOME/.ssh/authorized_keys2
dev.open-bio.org% chmod 700  $HOME/.ssh
dev.open-bio.org% logout
myhost% ssh me@dev.open-bio.org
Enter passphrase for key '/Users/me/.ssh/id_dsa': 
dev.open-bio.org%             ...and now you're logged into dev.open-bio.org.

Now if you have setup ssh-agent to run you won't need to enter you password after you have typed it once. One way to run it is like this. First add the variable SSH_AUTH_SOCK to your .bash_profile or .cshrc, and set it to a value where you will have a file created to be the socket file. For example here is the line from a .bash_profile:

SSH_AUTH_SOCK=$HOME/tmp/ssh/ssh-agent.socket

Don't forget to make the $HOME/tmp/ssh directory.

% mkdir -p $HOME/tmp/ssh

Now we'll run ssh-agent and have it attach to a file in this directory as defined by the environment variable we just set. This can be a script you put in your $HOME/bin. Note that it needs the $USER environment variable defined. Depending on your version of ps you may need to adjust the command line arguments on the

#!/bin/sh 
# Check that the ssh-agent is running, and if not, kick it off 
SOCKETFILE=$HOME/tmp/ssh/ssh-agent.socket 
ps -wU $USER| grep "[s]sh-agent" > /dev/null 
if [ $? -gt 0 ]; then
        ssh-agent -a $SOCKETFILE > /dev/null
        chmod 600 $SOCKETFILE 
fi

You will need to only run this script once after you login into a machine. Since the environment variable should be valid for all the sessions you have on the machine you won't need to run the script more than once. It can be something that you also execute during your .xinitrc startup or in other places that seem appropriate for your system.

The last think you need to do is enter the password to be cached. You do this by running

myhost% ssh-add

and it will prompt you for your password for your key pair. Enter it, then try logging into a host where you have setup public keys like dev.open-bio.org.

Personal tools
Namespaces
Variants
Actions
Main Links
documentation
community
development
Toolbox