Changes between Initial Version and Version 1 of User Guide/Remote Access/SSH


Ignore:
Timestamp:
Aug 8, 2019, 7:28:13 PM (5 years ago)
Author:
jkol
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • User Guide/Remote Access/SSH

    v1 v1  
     1== Configuring SSH Keys ==
     2
     3SSH access to COSMOS machines requires the use of public key authentication. If you try to connect using the username and password that you use for accessing the scheduler and status pages, you will receive the following message:
     4
     5{{{
     6Permission denied (publickey).
     7}}}
     8
     9You need to configure the SSH client on your computer to use a private key for connecting to COSMOS machines instead of a password. Additionally, the corresponding public key needs to be added to your COSMOS account. This page describes the procedure for generating a public/private key pair, configuring your SSH client, and uploading the necessary public key to your COSMOS account. The instructions here are for specific SSH client software, if you use a different SSH client than those referenced here, please follow the documentation provided with that SSH client and use the instructions here for reference.
     10
     11=== Select the OS of your computer ===
     12
     13[[CollapsibleStart(Linux)]]
     14''NOTE: These instructions are NOT for Ubuntu running on Windows using Windows Subsystem for Linux (WSL).''
     15
     16These instructions assume you will be using a standard command-line SSH client for linux. If you have not already done so, ensure that you have it installed by running the following commands in a command-line terminal:
     17{{{
     18sudo apt-get update
     19sudo apt-get install openssh-client
     20}}}
     21
     22==== Generating keys ====
     23 Each distribution has their own location for the specific generation tools. These instructions are based on the  documentation for Ubuntu ([https://help.ubuntu.com/community/SSH/OpenSSH/Keys located here]).
     24
     25 To create your public and private SSH keys, open a command-line terminal and type:
     26{{{
     27ssh-keygen -t rsa
     28}}}
     29 You will be prompted for a location to save the keys, and a passphrase for the keys which we highly recommend using. This passphrase does not have to be the same as your COSMOS account password.
     30{{{
     31Generating public/private rsa key pair.
     32Enter file in which to save the key (...):
     33Enter passphrase (empty for no passphrase):
     34Enter same passphrase again:
     35Your identification has been saved in ...
     36Your public key has been saved in ...
     37Your public key is now available as .ssh/id_rsa.pub in your home folder.
     38}}}
     39
     40 This process will generate and store a private key and a public key file. The private key will be stored in the file and location you specify when prompted, and the public key file will be named the same as your private key file but with a .pub extension.
     41
     42[[BR]]
     43==== Uploading your public key to your COSMOS account ====
     44 To upload you public key to your orbit account, do the following:
     45 1. Go to [https://www.cosmos-lab.org/cPanel/controlPanel/start] and sign in with your COSMOS username and password
     46
     47 2. Click on "Change My Profile" option in the left side menu
     48
     49 3. Click the "Choose File" button next to "Public key file"
     50 
     51 4. Navigate to where your '''public key file''' is stored (typically /home/your_username/.ssh)
     52
     53 5. Select the .pub file corresponding to the key you wish to use for COSMOS access
     54
     55 6. Click "Open"
     56
     57 7. Click the "Update Profile" button
     58
     59 As a side note, expect to see a default auto generated public key in the list (ends with @internal1). This is used for SSH access between machines inside the COSMOS network. Please do NOT delete this key.
     60
     61 [[Image(ControlPanel.jpg, width=700)]]
     62
     63[[BR]]
     64==== Configuring your SSH client ====
     65  Under normal circumstances, as long as the private key file is located in the /home/your_username/.ssh/ folder, the command line SSH client will use the correct key when connecting.
     66 To test your setup, open a command-line terminal and (replacing ''your_orbit_username'' with your own COSMOS username) type:
     67{{{
     68ssh your_orbit_username@gw.cosmos-lab.org
     69}}}
     70 You should be prompted to enter your key file passphrase and be able to successfully connect.
     71
     72 Type {{{exit}}} and press the Enter key to end the SSH session.
     73
     74[[BR]]
     75==== Common issues and how to solve them ====
     76 * If you receive a message like the following:
     77{{{
     78The authenticity of host 'gw.cosmos-lab.org (128.6.192.134)' can't be established.
     79ECDSA key fingerprint is SHA256:iLKtq2Z8wB3ADJdEyM1CwoU85gOeqIUyB4GOJ2YloQg.
     80Are you sure you want to continue connecting (yes/no)?
     81}}}
     82 This is a normal message that occurs when your computer connects via SSH to another that it has never connected to before or if the "fingerprint" of the other machine changed (due to replacement or reconfiguration). Simply type {{{yes}}} and connection will proceed normally.
     83[[BR]]
     84 * If you receive a message like the following:
     85{{{
     86Permission denied (publickey).
     87}}}
     88 Try connecting again but manually specifying the location where your private SSH key is stored as in the following example:
     89{{{
     90ssh -i /path_to_where_key_is_stored/private_ssh_key_name your_orbit_username@gw.cosmos-lab.org
     91}}}
     92
     93[[CollapsibleEnd]]
     94
     95[[BR]]
     96
     97[[CollapsibleStart(Windows)]]
     98These instructions assume that you are using [https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html PuTTY] as your SSH client.
     99
     100==== Generating keys ====
     101 In PuTTY, the key generation is handled by a separate program named ''puttygen.exe''. If you installed PuTTY via the installer, there should be an icon for PuTTYgen in your Start menu, otherwise [http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html download it from here].
     102
     103 1. Open PuTTYgen
     104
     105 2. Click the "Generate" button and follow the instructions in the "Key" section of the window
     106
     107 || [[Image(puttygen01.png, 250px)]] || [[Image(puttygen02.png, 250px)]] ||
     108
     109 3. Type a passphrase of your choice in the "Key passphrase" and "Confirm passphrase" fields. This passphrase does not have to be the same as your COSMOS account password.
     110
     111 || [[Image(puttygen03.png, 250px)]] ||
     112
     113 4. Click the "Save private key" button
     114
     115 || [[Image(puttygen04.png, 250px)]] ||
     116
     117 5. Save the private key file somewhere you will remember on your computer. Do not share this key with anyone!
     118
     119 6. After saving the private key file, right-click in the big text box labeled "Public key for pasting into OpenSSH authorized_keys file" and click "Select All" from the popup menu to highlight the entire public key
     120
     121 || [[Image(puttygen05.png, 250px)]] ||
     122
     123 8. Right-click again in the same big box and click "Copy" from the popup menu
     124
     125 || [[Image(puttygen06.png, 250px)]] ||
     126
     127 9. Open Notepad from your Start menu
     128
     129 10. Paste what you just copied from PuTTYgen into Notepad. The contents should start with {{{ssh-rsa}}} and end with something like {{{rsa-key-20180621}}} (the same as the "Key comment" field in PuTTYgen)
     130
     131 11. Save this file somewhere you will remember on your computer. This is your public key file.
     132
     133 12. Close PuTTYgen
     134
     135[[BR]]
     136==== Uploading your public key to you COSMOS account ====
     137 ''NOTE: Internet Explorer is not supported for Control Panel operations (including key upload)''
     138
     139 To upload you public key to your orbit account, do the following:
     140 1. Go to [https://www.orbit-lab.org/cPanel/controlPanel/start] and sign in with your COSMOS username and password
     141
     142 2. Click on "Change My Profile" option in the left side menu
     143
     144 3. Click the "Choose File" button next to "Public key file"
     145
     146 4. Navigate to where your '''public key file''' is stored (the file you saved with Notepad in the previous section)
     147
     148 5. Select the public key file you wish to use for COSMOS access
     149
     150 6. Click "Open"
     151
     152 7. Click the "Update Profile" button
     153
     154 As a side note, expect to see a default auto generated public key in the list (ends with @internal1). This is used for SSH access between machines inside the COSMOS network. Please do NOT delete this key.
     155
     156 [[Image(ControlPanel.jpg, width=700)]]
     157
     158[[BR]]
     159==== Configuring your SSH client ====
     160
     161 1. Open PuTTY.
     162
     163 || [[Image(putty01.png, 250px)]] ||
     164
     165 2. Navigate through the left side menu tree to "SSH" then "Auth".
     166
     167 || [[Image(putty02.png, 250px)]] ||
     168
     169 3. Click the "Browse" button next to the "Private key file for authentication" field.
     170
     171 || [[Image(putty03.png, 250px)]] ||
     172
     173 4. Navigate to where you saved your '''private key file''' in the previous section and select it.
     174
     175 5. Navigate through the left side menu tree back to "Session".
     176
     177 || [[Image(putty04.png, 250px)]] ||
     178
     179 6. Enter a name for this connection in the "Saved Sessions" field and click the "Save" button.
     180
     181 || [[Image(putty05.png, 250px)]] ||
     182
     183 7. Now whenever you open PuTTY, select the session name you gave in the previous step and click "Load", this will load the private key file automatically so you do not have to repeat the prior steps each time (as long as you do not move it to a different folder on your computer).
     184
     185 || [[Image(putty06.png, 250px)]] ||
     186
     187 8. Type {{{your_orbit_username@gw.cosmos-lab.org}}} (replacing ''your_cosmos_username'' with your own COSMOS username) into the "Host Name (or IP address)" field and click the "Open" button. You should be prompted to enter your key file passphrase and be able to successfully connect.
     188
     189 || [[Image(putty07.png, 250px)]] ||
     190
     191 9. Type {{{exit}}} and press the Enter key to end the SSH session.
     192
     193[[BR]]
     194==== Common issues and how to solve them ====
     195 * If you receive a message like the following:
     196 {{{
     197The authenticity of host 'gw.cosmos-lab.org (128.6.192.134)' can't be established.
     198ECDSA key fingerprint is SHA256:iLKtq2Z8wB3ADJdEyM1CwoU85gOeqIUyB4GOJ2YloQg.
     199Are you sure you want to continue connecting (yes/no)?
     200 }}}
     201
     202 or
     203
     204  || [[Image(putty_alert.png, 250px)]] ||
     205
     206 This is a normal message that occurs when your computer connects via SSH to another that it has never connected to before or if the "fingerprint" of the other machine changed (due to replacement or reconfiguration). Simply type {{{yes}}} or click "Yes" and connection will proceed normally.
     207[[BR]]
     208
     209[[CollapsibleEnd]]
     210
     211[[BR]]
     212
     213[[CollapsibleStart(Mac)]]
     214 '''Mac instrucstions are currently under development. We apologize for the inconvenience.'''
     215
     216==== Generating keys ====
     217 TODO
     218
     219[[BR]]
     220==== Uploading your public key to you COSMOS account ====
     221 To upload you public key to your orbit account, do the following:
     222 1. Go to [https://www.cosmos-lab.org/cPanel/controlPanel/start] and sign in with your COSMOS username and password
     223
     224 2. Click on "Change My Profile" option in the left side menu
     225
     226 3. Click the "Choose File" button next to "Public key file"
     227 
     228 4. Navigate to where your '''public key file''' is stored (typically /home/your_username/.ssh)
     229
     230 5. Select the .pub file corresponding to the key you wish to use for COSMOS access
     231
     232 6. Click "Open"
     233
     234 7. Click the "Update Profile" button
     235
     236 As a side note, expect to see a default auto generated public key in the list (ends with @internal1). This is used for SSH access between machines inside the COSMOS network. Please do NOT delete this key.
     237
     238 [[Image(ControlPanel.jpg, width=700)]]
     239
     240[[BR]]
     241==== Configuring your SSH client ====
     242 TODO
     243
     244[[BR]]
     245==== Common issues and how to solve them ====
     246 * TODO
     247[[CollapsibleEnd]]
     248
     249[[BR]]
     250=== If you deleted the "@internal1" key from your profile ===
     251
     252As long as you have at least one public key configured in your profile, use your SSH client to connect to {{{gw.cosmos-lab.org}}} and run the following commands there. You do not need to make a reservation in the scheduler for this.
     253
     254{{{
     255rm ~/.ssh/id_rsa
     256rm ~/.ssh/id_rsa.pub
     257ssh-keygen -t rsa -C "@internal1"
     258}}}
     259
     260Press 'Enter' at every prompt so that the default filename (id_rsa) and no password is used.
     261
     262Then type the following command:
     263
     264{{{
     265cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
     266}}}
     267
     268The internal key should now be restored.