Ceci est une ancienne révision du document !
Translation in progress…
Most oftenly, the SSH client is used with a pair [user + password]
to connect to a remote machine.ne distante.
However, it is possible to use keys
(authentication via private/public key pair,
see here)
to connect to a remote server.
Moreover, using an SSH agent, you can avoid typing passwords.
To generate your personal key set, use the same commands as the one to generate the PSMN internal key .
For Windows users, relate to the PuTTY documentation.
For Linux, BSD et MacOS X, here are the main steps to follow:
In a Terminal
type the following commands:
user@host:~$ ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/home/user/.ssh/id_rsa): <Appuyer la touche Enter> Created directory '/home/user/.ssh'. Enter passphrase (empty for no passphrase):
The passphrase is important, it locks your private key. A good passphrase must include at least 15 characters .
This is a bad passphrase :
toto
If the passphrase is too short or too poor, the program will answer:
Enter same passphrase again: passphrase too short: have 4 bytes, need > 4 Saving the key failed: /home/user/.ssh/id_rsa.
failed…
This is a good passphrase :
V0ici 1 ex3mple de passphrase c0mpl1quée, v0ire, alambiquée.
This is also an example of a good passphrase :
A bottle of "Glenfîddich Rare Collection 1937" cost 15 000 euros VAT. Minimum...
Finally ssh-keygen
says:
Enter same passphrase again: Your identification has been saved in /home/user/.ssh/id_rsa. Your public key has been saved in /home/user/.ssh/id_rsa.pub.
A fingerprint is also generated (see below):
The key fingerprint is: 7a:ec:b2:1c:90:f5:2f:77:c5:bc:36:8b:0f:23:2e:76 user@host The key's randomart image is: +--[ RSA 2048]----+ | | | | | . | | o . o | | o S + | | . o . . . | | o + + + + | | ..+o+Eo = o | | o+.o. ..o | +-----------------+
You can copy/paste the fingerprint verification (fingerprint + image) into a file ~ / .ssh / fingerprint
.
Save your private key (id_rsa
), your fingerprint file (fingerprint
) and your public key (id_rsa.pub
), in a safe and personal place (a USB key, for example).
Il existe tout un tas de méthodes :
ssh-askpass
ou ssh-askpass-gnome
de votre distribution favorite…eval `ssh-agent` ssh-add
Vous pouvez utiliser un script (dans votre ~/.bashrc
) pour le démarrer, et l'utiliser automatiquement dans vos terminaux :
# add key(s) to agent eval `keychain --eval --agents ssh id_rsa`
Sur MacOS X, il existe aussi différentes méthodes :
Vous pouvez utiliser un script (dans votre ~/.bashrc
) pour le démarrer, et l'utiliser automatiquement dans Terminal :
# add key(s) to agent eval `keychain --eval --agents ssh id_rsa`
–inherit any
:# add key(s) to agent eval `keychain --eval --agents ssh --inherit any id_rsa`
–inherit any
Sur Windows, il faut utiliser le logiciel PuTTY, dont l'usage est expliqué sur cette page.
For the automatic loggin to work (ie: without password, but with passphrase ), your public key (id_rsa.pub) must be on all target servers, in the ~ /.ssh /authorized_keys
file.
/home
is shared between all front nodes and compute nodes):scp ~/.ssh/id_rsa.pub yourlogin@allo-psmn:~/.ssh/authorized_keys yourlogin@allo-psmn's password: id_rsa.pub 100% 9KB 9.3KB/s 00:00
~/.ssh/authorized_keys
file. To simply add your public key to the existing~/.ssh/authorized_keys
file, use the following commands:
scp ~/.ssh/id_rsa.pub yourlogin@allo-psmn:~/.ssh/id_rsa.pub yourlogin@allo-psmn's password: id_rsa.pub 100% 9KB 9.3KB/s 00:00
ssh yourlogin@allo-psmn yourlogin@allo-psmn's password: > cat .ssh/id_rsa.pub >> .ssh/authorized_keys > exit
If you have successfully loaded your ssh-agent, you can now login to allo-psmn
without providing your password:
user@host:~$ ssh yourlogin@allo-psmn.ens-lyon.fr
(yourlogin correspond to your login at PSMN)
You can automate the connection steps by using the SSH config file on your workstation. Here is an example:
~/.ssh/config
for Linux or BSDHost * ServerAliveInterval 60 ForwardX11Timeout 1d TCPKeepAlive yes ForwardAgent yes ForwardX11 yes # pour Linux # ForwardX11Trusted yes # pour MacOSX Compression yes StrictHostKeyChecking no HashKnownHosts no ### # internal gateway Host allo-psmn User <login PSMN> HostName allo-psmn.psmn.ens-lyon.fr # connection to x5650comp1 from within ENS network Host comp1 User <login PSMN> Hostname x5650comp1 ProxyCommand ssh <login PSMN>@allo-psmn netcat -w1 %h %p # connection to e5-2670comp2 from within ENS netwoek Host comp2 User <login PSMN> Hostname e5-2670comp2 ProxyCommand ssh <login PSMN>@allo-psmn netcat -w1 %h %p ### # external gateway Host allo-externe User <login PSMN> ProxyCommand ssh <login PSMN>@ssh.psmn.ens-lyon.fr tcpconnect allo-psmn %p # User <login ENS> # ProxyCommand ssh <login ENS>@ssh.ens-lyon.fr tcpconnect allo-psmn %p # connection to x5650comp1 from outside ENS network Host comp1-ext User <login PSMN> HostName x5650comp1 ProxyCommand ssh <login PSMN>@allo-externe netcat -w1 %h %p # connection to e5-2670comp2 from outside ENS network Host comp2-ext User <login PSMN> Hostname e5-2670comp2 ProxyCommand ssh <login PSMN>@allo-externe netcat -w1 %h %p
You need to replace <login PSMN>
by your own PSMN login, and <login ENS>
by your ENS login. netcat -w1
can be replaced by tcpconnect
.
The list of connection servers to the PSMN is available here.
This example file already implement hops. For more explanations, see the documentation on hops and how to automate them available here.
Sur MacOS X, il vaut mieux utiliser l'option -Y
au lieu de -X
(ou ForwardX11Trusted yes
au lieu de ForwardX11 yes
dans votre fichier ~/.ssh/config
). En voici un exemple :
~/.ssh/config
pour MacOS XHost * ServerAliveInterval 60 ForwardX11Timeout 1d TCPKeepAlive yes ForwardAgent yes # ForwardX11 yes # pour Linux ForwardX11Trusted yes # pour MacOSX Compression yes StrictHostKeyChecking no HashKnownHosts no ### # passerelle interne Host allo-psmn User <login PSMN> HostName allo-psmn.psmn.ens-lyon.fr # connexion à x5650comp1 depuis l'interieur de l'ENS Host comp1 User <login PSMN> Hostname x5650comp1 ProxyCommand ssh <login PSMN>@allo-psmn netcat -w1 %h %p # connexion à e5-2670comp2 depuis l'interieur de l'ENS Host comp2 User <login PSMN> Hostname e5-2670comp2 ProxyCommand ssh <login PSMN>@allo-psmn netcat -w1 %h %p ### # passerelle externe Host allo-externe User <login PSMN> #HostName allo-psmn ProxyCommand ssh <login PSMN>@ssh.psmn.ens-lyon.fr tcpconnect allo-psmn %p # connexion à x5650comp1 depuis l'exterieur de l'ENS Host comp1-ext User <login PSMN> HostName x5650comp1 ProxyCommand ssh <login PSMN>@allo-externe netcat -w1 %h %p # connexion à e5-2670comp2 depuis l'exterieur de l'ENS Host comp2-ext User <login PSMN> Hostname e5-2670comp2 ProxyCommand ssh <login PSMN>@allo-externe netcat -w1 %h %p
Bien évidemment, il faut remplacer <login PSMN>
par votre login au PSMN. netcat -w1
peut être remplacé par tcpconnect
.
La liste des serveurs de connexion du PSMN est disponible sur cette page
Ce fichier contient déjà des rebonds. Pour plus d'explication, la documentation sur les rebonds et leur automatisation est disponible sur cette page.
Pour pouvoir utiliser “l'export X” sur un Mac, il faut démarrer le logiciel X11 (dans Applications/Utilitaires, comme Terminal) avant d'initier une connexion SSH.
Pour plus d'explication, la documentation sur les rebonds et leur automatisation est disponible sur cette page.