Versionen im Vergleich

Alte Version 21

changes.mady.by.user Christian Tuma

Gespeichert am

verglichen mit

Neue Version 22

changes.mady.by.user Christian Tuma

Gespeichert am

Schlüssel

  • Diese Zeile wurde hinzugefügt.
  • Diese Zeile wurde entfernt.
  • Formatierung wurde geändert.

...

This page aims to provide you with a step-by-step guide on how to use public key authentication to connect to the HLRNfor external login to the NHR systems at the Berlin ("Lise") and Göttingen ("Emmy") sites. It also provides information for internal login to connect between NHR nodes in Berlin/Göttingen.

Summary

  1. Create an SSH key pair with a passphrase that is not used anywhere else.
  2. Upload the your public key on our Service Portal.
  3. Specify your new private key when connecting to our frontends login nodes (either via ssh -i <yourkey><your_private_key_file> or in your ssh configlocal SSH configuration).

Step-by-step guide

An SSH key pair consists of a public key and a private key. The public key is used to encrypt messages. Such messages can only be decrypted by using the corresponding private key. The For this reason the private key must be stored safely on the local machine - protected by a passphrase, and not accessible for other users.

...

Generating your key pair differs depending on the SSH implementation available on your local machine. The default for with Linux and MacOS is OpenSSH. This is also available (without extra installation) in more recent versions of Windows.

...

If you are not asked for a passphrase, please use ssh-keygen =pf $HOME/.ssh/id_rsa_hlrn to create a passphrase. Once you are certain that you have set a passphrase to protect the key, you can safely continue with uploading the public key as described below.

We recommend to use choose a good distinct comment (ssh-keygen -C "<comment>" -f <...> ) to conveniently identify your key later on.

...

Info

PuTTY changed its default key file format in version 0.75 from PPK2 to PPK3. This is not an issue as long as you use a PuTTY version, or software using PuTTy PuTTY in its core, greater 0.75

...

Before you can log in to one of the HLRN Berlin/Göttingen login nodes, make sure you first have to upload uploaded your SSH public key (not the private one) at the HLRN Service Portal. There Here you can also perform other administrative tasks like displaying or removing (public) keysview or remove public keys uploaded earlier (if any).

At the HLRN the Service Portal, choose the item "Manage keys" / "Verwalten Ihrer Keys". For the key management you will have to log in using your HLRN account with your user name and your portal password.

...

  1.  Press the button "Request upload of a new key" / "Upload eines neuen Schlüssels anfordern". After pressing the upload request button, you will need to confirm that you will adhere to the HLRN our key usage policy. The most important points here are: to always use a passphrase to protect the key and to never give access to your private key to others. Please read carefully and make sure you understand the implications of this agreement.
  2. In the next step, an e-mail is sent to your registered mail address containing a one-time URL. Use this URL (click it or copy it into the address field of your browser) to go to the page containing the actual upload button.

You can upload up to seven SSH public keys to at the HLRN service portal.

Hinweis

The SSH public keys are stored centrally in the HLRN Berlin/Göttingen LDAP service. Do Please do not add SSH keys discussed above to your $HOME/.ssh/authorized_keys file at HLRN for login to HLRN from external machinesin Berlin/Göttingen. This file is only used for HLRN internal authentication and within the Berlin/Göttingen sites. It will not grant access from the outside.


Erweitern
title Workaround to display hidden files

Directory .ssh is a hidden directory. If it is not shown by default, you might need to enter ~/.ssh in the location box.

At least with Safari you can press command-shift-G and manually enter ~/.ssh.

Also, you can press CTRL-H to toggle between showing and not showing hidden files.

Or, another workaround: copy your public key file to a path not containing any hidden files/directories.

...

External Login using SSH Keys

For external connections to the NHR login nodes in Berlin/Göttingen the private key of the SSH key pair is needed. Recall the name and the location (see above) of the file containing the private key. 

OpenSSH

With the -i option to the ssh command you can specify the full path of your private SSH key file when you log in to one of the HLRN Berlin/Göttingen login nodes. You will be asked for the passphrase of your private key.

...

Alternatively, use the SSH configuration file $HOME/.ssh/config on your local machine to permanently store options for specific SSH connections so that they can be omitted on the command line.

For example, by adding add the following lines to your local $HOME/.ssh/config :

Kein Format
Host blogin
    Hostname blogin.hlrn.de
    IdentityFile ~/.ssh/id_rsa_hlrn
    User your_username

Now the ssh command will automatically choose the proper credentials in the future, i. e., -l your_username and -i <private_key> can be omitted from the command line so that ssh blogin  is sufficient.

...

In PuTTY, you have to add/select your private key to Connection → SSH → Auth to be able to log in.

Internal Login

SSH for internal connections between a Berlin and a Göttingen login node works right out of the box - that is, without specifying any keys. This also applies to SSH connections between nodes of the same site. This is enabled through host-based authentication which is active by default.

Hinweis

For internal connections, please always use the host name alone, omitting the domain suffix ".hlrn.de". You can use the generic names blogin, glogin or specific names like blogin5, glogin2, etc.. This way NHR internal links are used which are faster than external routes. The latter are used when specifying fully qualified host names (blogin.hlrn.de or glogin.hlrn.de) which is not recommended here.


Seiteneigenschaften
hiddentrue


Related issues


...