Versionen im Vergleich

Schlüssel

  • Diese Zeile wurde hinzugefügt.
  • Diese Zeile wurde entfernt.
  • Formatierung wurde geändert.

Inhalt

This page aims to provide you with a step-by-step guide on how to use public key authentication for external login to the NHR@ZIB system "Lise".

Summary

  1. Create an SSH key pair with a passphrase that is not used anywhere else.
  2. Upload your public key on our Portal NHR@ZIB.
  3. Specify your private key when connecting to our login nodes (either via ssh -i <your_private_key_file> or in your local SSH configuration).

Step-by-step guide

An SSH key pair consists of a public key and a private key. The public key is used to encrypt messages. Such messages can only be decrypted using the corresponding private key. For this reason the To login to system Lise please

  1. choose a login node of your Compute partitions and
  2. specify your SSH key when connecting. A pair of SSH keys consists of a
    • private key. The private key must be stored safely on the local machine - protected by a passphrase

...

    • .
    • public key.

Create a pair of SSH keys

Create an SSH key pair with a passphrase that is not used anywhere else.

Generating your key pair differs depending on the SSH implementation available on your local machine. The default with Linux and MacOS is OpenSSH. This is also available (without extra installation) in more recent versions of Windows.

OpenSSH

On your local system, run ssh-keygen in the terminal of your choice to create an SSH key pair (type RSA) with a size of 4096 bits. During the key generation process you will be asked for a passphrase to protect the key:

...

The current ssh host keys for

  • blogin[1-68].nhr.hlrnzib.de

are

Codeblock
SHA256:mrwKbHEz3pJCmvU7ZEXoIKxVRz0E9/4GDp3k41x4Q8g (RSA)
SHA256:53WD36v+IjHObgS3DbjIi+zShcQ/MCAIqJNgJOlfR08 (ED25519)
SHA256:pNGlm//LyjJZi6tX0mz5SPSs4IBkuyJI/iWI10JbhgE (ECDSA)

...

Codeblock
SHA256:rusM3G/8eG7ZFLNJtvymL/wNHFGgkOFTMYCBk3yLiL8 (ECDSA)
SHA256:8/hSIv0HfMDEy1gUQjVmb0cUMDztgacNfXSBUzcgCFM (ED25519)
SHA256:WulefLWFPRPPobUI6/+4bJpttV9SlQhZ0prEo8ELp1k (RSA)

PuTTY

Under Windows, SSH key pairs can be generated with the tool PuTTYgen which is part of the PuTTY installation package and also available separately.

...

Info

PuTTY changed its default key file format in version 0.75 from PPK2 to PPK3. This is not an issue as long as you use a PuTTY version, or software using PuTTY in its core, greater 0.75

SSH

...

public key upload

Upload your public key on our Portal NHR@ZIB.

Before you can log in to one of the NHR@ZIB login nodes, make sure you have uploaded your SSH public key (not the private one) at the Portal NHR@ZIB. Here you can also view or remove public keys uploaded earlier (if any).

...

Erweitern
title Workaround to display hidden files

Directory .ssh is a hidden directory. If it is not shown by default, you might need to enter ~/.ssh in the location box.

At least with Safari you can press command-shift-G and manually enter ~/.ssh.

Also, you can press CTRL-H to toggle between showing and not showing hidden files.

Or, another workaround: copy your public key file to a path not containing any hidden files/directories.

...

Login using SSH

...

keys

For external connections to the NHR@ZIB login nodes the private key of the SSH key pair is needed. Recall the name and the location (see above) of the file containing the private keyssh login please use ssh software on your local machine. On linux and windows systems OpenSSH and PuTTY is appropriate software, respectively

OpenSSH

With the -i option to the ssh command you can specify the full path of your private SSH key file when you log in to one of the NHR@ZIB login nodes. You will be asked for the passphrase of your private key.

Codeblock

...

noformat
title
OpenSSH example
$ ssh -i $HOME/.ssh/id_rsa_nhr your_username@blogin.nhr.zib.de
Enter passphrase for key '/<home_directory>/.ssh/id_rsa_nhr':
[...]

...

Kein Format
Host blogin
    Hostname blogin.nhr.hlrnzib.de
    IdentityFile ~/.ssh/id_rsa_nhr
    User your_username

Now the ssh command will automatically choose the proper credentials in the future, i. e., -l your_username and -i <private_key> can be omitted from the command line so that ssh blogin  is sufficient.

PuTTY

In PuTTY, you have to add/select your private key to Connection → SSH → Auth to be able to log in. In PuTTY version 0.78 this option has changed to Connection → SSH → Auth  → Credentials.

Internal Login

SSH for internal connections between nodes of Lise works right out of the box - that is, without specifying any keys. This is enabled through host-based authentication which is active by default.

...