The discussion forums in the XSEDE User Portal are for users to share experiences, questions, and comments with other users and XSEDE staff. Visitors are welcome to browse and search, but you must login to contribute to the forums. While XSEDE staff monitor the lists, XSEDE does not guarantee that questions will be answered. Please note that the forums are not a replacement for formal support or bug reporting procedures through the XSEDE Help Desk. You must be logged in to post to the user forums.

« Back to Stampede Forum

Using ssh keys to login

Combination View Flat View Tree View
Threads [ Previous | Next ]
toggle
Using ssh keys to login
stampede ssh keys
Answer
9/12/13 9:03 AM
Is this possible to login using ssh keys or has this been disabled? I have copied my dsa public key to authorized_keys, but I am still being asked for my password.

Thanks,

Edmund

RE: Using ssh keys to login
Answer
11/6/13 4:55 AM as a reply to Edmund Highcock.
This script: works for me: https://github.com/PecanProject/pecan/blob/master/scripts/sshkey.sh

RE: Using ssh keys to login
Answer
11/6/13 3:53 PM as a reply to Edmund Highcock.
I strongly suggest you copy your key to authorized_keys2 instead of authorized_keys to avoid any mpi_spawn errors. Standard security precautions apply: use a strong password for your key, keep it somewhere safe, make sure permissions are locked down etc...

Regards
Yaakoub

RE: Using ssh keys to login
Answer
11/6/13 3:57 PM as a reply to David LeBauer.
Regarding the script: watch out. You are setting an empty pass phrase on line 26.

# create ssh key and add to config file
if [ ! -e ~/.ssh/${SERVER} ]; then
ssh-keygen -q -t rsa -N "" -f ~/.ssh/${SERVER}

This is great way to make compromising your account very easy.

Regards
Yaakoub

RE: Using ssh keys to login
Answer
11/6/13 4:16 PM as a reply to Yaakoub Youssef El Khamra.
Hi Yaakoub,

Thanks for the suggestions and for identifying a security concern!

But doesn't using a passphrase require the user to enter the passphrase each time a connection is opened? One of the primary reasons that I use sshkeys is to automate scripts that move files, launch jobs, etc, from my local machine (plus it makes login faster).

What would be the recommended way to scp within a program without having to either enter a password, or hardcoding the password in the source code?

I enter a password to login to my local machine; isn't that sufficient?

RE: Using ssh keys to login
Answer
11/6/13 4:21 PM as a reply to David LeBauer.
I can recommend the use of an ssh-agent, it helps tremendously. Also for large file transfers I will also recommend globus online.

A quick google search for ssh-agent how to:
http://superuser.com/questions/8077/how-do-i-set-up-ssh-so-i-dont-have-to-type-my-password

And globus online:
https://www.globusonline.org/


Regards
Yaakoub