HPCC – SSH Keys

Manuals: SSH Keys Summary

Mon, 01 Jan 0001 00:00:00 +0000

SSH Key Basics

This basic introduction into SSH keys might be sufficient for most users on all major OSs.

Manuals: SSH Keys Apple macOS

Mon, 01 Jan 0001 00:00:00 +0000

SSH Keys on macOS

What are SSH Keys?

SSH (Secure Shell) keys are an access credential that is used in the SSH protocol.

The private key (ie. id_rsa) remains on the system being used to access the HPCC cluster and is used to decrypt information that is exchanged in the transfer between the HPCC cluster and your system.

A public key (ie. id_rsa.pub) is used to encrypt information, and is stored on the cluster. The authorized keys file that is stored on the HPCC cluster (ie. ~/.ssh/authorized_keys) contains one or more public keys (ie. id_rsa.pub).

Why do you need SSH Keys?

HPCC supports two authentication methods; Password+DUO and SSH Keys. The Password+DUO method requires a UCR NetID, if you do not have one then you will need to use SSH keys in order to access the HPCC cluster.

Creating SSH Keys from the Command-line

By far the easiest way to create SSH keys on macOS systems is from the command-line following the instructions here. Users who prefer to do this in a graphical user interface can follow the instructions below.

GUI-based SSH Key Creation

Filezilla

You will need to install Filezilla in order to transfer the public SSH key to the HPCC cluster.

Download the Filezilla Client for Mac OS X here.
- Make sure your Mac OS X system is updated to the latest version.
Follow the install wizard to complete the install of Filezilla.

Sourcetree

You will need to install Sourcetree in order to generate your SSH keys (or use the command line method mentioned here.

Download Sourcetree from here
Click on Download for Mac OS X
Install Sourcetree

Create SSH Keys (`Sourcetree`)

Open the Sourcetree application and under the top Sourcetree menu click on the Preferences... sub-menu item.
Navigate to Accounts category and click on Add....
Click on Auth Type: and change the drop down menu from OAuth to Basic. Make sure Protocol: is set to SSH in the drop down menu.
Enter id_rsa in the Username field.
Click the Generate Key button.
Press Cancel to exit out of the window.

SSH Keys Location

By default, your key files are created in the path: /Users/macOSUsername/.ssh/.

To verify that the keys were created, do the following:

Open a new finder window. Click on your home directory on the left side pane.
Press the 3-button combo Command+Shift+. together (visualized below) to see hidden folders:
You will now be able to see your .ssh folder, open it by double-clicking.
You should see your newly generated pair of SSH key files in the folder.
Sourcetree adds the -Bitbucket to the end of the SSH key file names. Remove this by clicking on the file you want to rename and press the Enter key which allows us to rename the file before the extension.
After you have removed the -Bitbucket suffix from each of the SSH key file names, your new SSH key file names should be id_rsa and id_rsa.pub.

Configure SSH Keys

Public SSH Key

Now that you have created your SSH keys, and renamed them, you will need to place your public key (id_rsa.pub) on the cluster.

If you do not have a UCR NetID, or prefer not to use Password+DUO authentication, then email your public key (id_rsa.pub) to support and skip to Private SSH Key. If you already have configured Password+DUO authentication, then proceed with the following:

Start the Filezilla application.
Open Site Manager window by clicking the upper left most button in the top bar of icons.
Click on New Site, which will unlock the fields to the right.
From the newly unlocked fields in the General tab, fill in the following:
- Protocol: SFTP - SSH File Transfer Protocol
- Host: cluster.hpcc.ucr.edu
- Logon Type: Interactive
- User: Your HPCC Username
When using Password+DUO authentication, you must also set the maximum number of connections. Navigate to the Transfer Settings tab and set the following:
- Limit Number of simultaneous connections: checked
- Maximum number of connections: 1
Then click on Connect.
If a pop up prompts you to save your password, select the Save passwords option, then click the OK button.
Then enter in your password for the cluster, and click OK.
If the next pop up prompts you, then check the box that states Always trust this host, add this key to the cache, then click the OK button.
You should now see the DUO authentication dialog, ensure your User is correct then enter the number for the preferred option from the list presented, then click OK.
Now that you are connected with Filezilla, transfer your public SSH key from your MacOS system by dragging the file /Users/macOSUsername/.ssh/id_rsa.pub and dropping it into the HPCC cluster direcotry /rhome/username/.ssh/.

If the /rhome/username/.ssh/ directory does not exits, create it.

Once the id_rsa.pub file is transferred to the cluster, be sure to rename it to authorized_keys.

Private SSH Key

Once your public key is in place, now you can configure Filezilla to use your private SSH key and connect to the cluster through the cluster.hpcc.ucr.edu server.

Start the Filezilla application
Open Site Manager window by clicking the button in the top bar of icons.
Click on New Site, rename it (optional) and press enter.
Fill in the following fields from the General tab:
- Protocol: SFTP - SSH File Transfer Protocol
- Host: cluster.hpcc.ucr.edu
- Logon Type: Key file
- User: Your HPCC username
- Key file: /Users/macOSUsername/.ssh/id_rsa
Be sure to select the previously created private key (/Users/macOSUsername/.ssh/id_rsa) for the Key file field using the Browse... button.
Navigate to the folder you saved your key file in (default location is /Users/macOSUsername/.ssh) and open the private key file id_rsa.
You should see the added keyfile in the Key file: box, then click Connect.

Subsequnt connections can be done from the Quickconnect history by clicking on the down arrow to the right side of the Quickconnect button.
Remember to select the cluster.hpcc.ucr.edu address.
Transfer files by double clicking or drag-n-drop. For more details regarding file transfers vist Filezilla Usage.

Manuals: SSH Keys Microsoft Windows

Mon, 01 Jan 0001 00:00:00 +0000

SSH Keys on MS Windows

What are SSH keys?

SSH (Secure Shell) keys are an access credential that is used in the SSH protocol.

The private key remains on the system being used to access the HPCC cluster and is used to decrypt information that is exchanged in the transfer between the HPCC cluster and your system.

A public key file is used to encrypt information, and is stored on your own system. The public key file is stored on the HPCC cluster and contains a list of authorized public keys.

Why do you need SSH keys?

HPCC supports two authentication methods; Password+DUO and SSH Keys. The Password+DUO method requires a UCR NetID, if you do not have this then you will need to use SSH keys in order to access the HPCC cluster.

What you need

MobaXterm

You will need to install MobaXterm in order to generate your SSH keys and also to transfer the keys to the cluster.

Download MobaXterm from here.
Unzip
Double click portable version of exe and run the MobaXterm application.

Persistent Home Directory

By default, MobaXterm will not have a presistent home directory, meaning any files saved there will be lost the next time you start it. To use a persistent home directory, go to “Setting > General > Persistent Home Directory”. If this shows “< Temp Directory >”, then change it to where you would like your home directory to be stored on your computer.

Finding Files on Windows

To find where a file is located on windows from within a MobaXterm terminal, you can use the open command. For example open . to open the directory you are currently in, or open ~ to open your home directory.

FileZilla

If you choose to upload you SSH key to the HPCC cluster with a GUI app, you will need to install FileZilla or a similar sFTP/SCP client. Note, FileZilla is not required if you use the command-line approach below.

Download the FileZilla Client for Windows here. * Make sure your Windows system is updated to the latest version.
Follow the install wizard to complete the install of Filezilla.

Create SSH Keys (`MobaXterm`)

The following provides instructions for both (A) command-line-based and (B) GUI-based SSH key creation. Users need to choose which option is more suitable for them. Usually, the command-line based approach is much quicker even for users without command-line experience since it only requires to copy and paste a few lines of code.

(A) Command-line-based SSH key creation

Creating SSH keys in MobaXterm from the command-line is straightforward and almost identical to creating SSH keys under macOS and Linux (see here). To create the SSH key pair from the command-line, open the MobaXterm terminal and then execute the following commands. This can be done by a simple copy and paste rather than typing, and then pressing the enter key. Users who wish to use WinSCP instead of FileZilla as sFTP client need to follow the key generation instructions of this software as outlined here.

mkdir -p ~/.ssh # creates SSH directory
ssh-keygen -t rsa -f ~/.ssh/id_rsa # creates key pair (private and public)

Next, check the content of the newly created .ssh directory with ls -al .ssh/. It should contain files for the private and public keys that are named id_rsa and id_rsa.pub, respectively. Importantly, this private key file should not be shared.

Note, when using PuTTY (and WinSCP) instead of MobaXterm for generating SSH keys, then the private key is stored in PuTTY’s proprietary key format, which is indicated by a .ppk file extension. A key of this format is required when using PuTTY as SSH client, and it cannot be used with other SSH client tools.

The public key is the one that needs to be uploaded to the remote system one wishes to connect to. On the HPCC cluster it needs to be saved in a file located under this location of your home directory: ~/.ssh/authorized_keys. The upload can be performed with an sFTP/SCP GUI app like the one built into MobaXterm or FileZilla (see GUI section below). Copying the key from MobaXterm into the clipboard (e.g. in less) and then pasting it into the corresponding file opened on the remote system with a code editor like vim is another but more advanced option. The following shows how to upload the private SSH key from the command-line in MobaXterm to the HPCC cluster using the scp command, where it is important that users replace <username> with their own username on the HPCC cluster. Importantly, only one of the following two commands should be used. The first one should be used if an authorized_keys file does not exist yet, e.g. when a user configures SSH key accees on the HPCC system for the first time. The second one should be used to append a new public SSH key to an already existing authorized_keys file.

Create new authorized_keys file

scp .ssh/id_rsa.pub <username>@cluster.hpcc.ucr.edu:.ssh/authorized_keys

Append SSH key to already existing authorized_keys file

scp .ssh/id_rsa.pub <username>@cluster.hpcc.ucr.edu:tmpkey && ssh username@cluster.hpcc.ucr.edu "cat tmpkey >> ~/.ssh/authorized_keys && rm tmpkey"

Note, prior to setting up SSH key access both of the above scp commands require functional password/DUO credentials. Users who do not have password/DUO access (e.g. non-UCR users) will need to email their public SSH key to support@hpcc.ucr.edu so that the systems admin can add their public SSH key to ~/.ssh/authorized_keys of the corresponding user account.

(B) GUI-based SSH key creation

Please use the following GUI-based instructions for generating SSH keys at your own risk. The above command-line approach is preferred since it is much easier and reliable.

Begin by clicking on the tools drop down on the upper menu bar
Find and click on the MobaKeyGen (SSH key generator) option
A window should appear to create a new SSH key. Click on generate to create a new SSH key pair. Follow the on menu instructions.
Once your key has been created, enter a password in the key passphrase field to password protect your key. Click on conversions in the tool bar and click on Export OpenSSH Key. Save this key as id_rsa and put the file in an easy to access location. Click on Save private key to save the private key with an extension of .ppk to use with MobaXterm or FileZilla. Save the key as mobaxterm_privkey and put the file in an easy to access location.
Highlight EVERYTHING in the box labeled “Public key for pasting into OpenSSH authorized_keys file” then right-click on it and choose Copy. Open Notepad and paste the copied text. Save the file as id_rsa.pub and put the file in an easy to access location.

Keys Location

SSH keys should be saved under the location C:\Users\username\.ssh.

Configure SSH Keys

Public SSH Key

Now that you have created your SSH keys, and renamed them, you will need to placed the public key (id_rsa.pub) on the cluster using the cluster.hpcc.ucr.edu

Start the Filezilla application.
Open the Site Manager button in the top bar of icons.
Click on New Site, rename it (optional) and press enter.
Make sure to use the following settings for the site:
- Protocol: should be set to SFTP - SSH File Transfer Protocol
- Host: type in cluster.hpcc.ucr.edu
- Port: type 22
- Logon Type: set to Interactive
- User: type in your HPCC username
Click “Connect”. If the next pop up prompts you, then check the box that states Always trust this host, add this key to the cache, then click the OK button.
You will need to create a .ssh directory, if it doesn’t already exist, to hold your SSH keys. On the right hand side, right click and click on the Create directory option under your home folder location.
A window will appear to name the new directory. Name should be the following format: /rhome/username/.ssh. After naming the new directory click on OK.
Right click on the new .ssh directory that has been created. Find and click on File permissions.
A window with the directory permissions will appear. The .ssh directory needs exact permissions in order for it to function properly. Follow the image below to apply the permissions.
Now that you are connected to Filezilla transfer your public SSH key from your system by dragging the file id_rsa.pub and dropping it into the HPCC cluster direcotry /rhome/username/.ssh/.

Once the file is transferred to the cluster, be sure to rename id_rsa.pub to authorized_keys. Alternatively, if an authorized_keys file already exists, then you can edit the authorized_keys file (Right Click > View/Edit) and place the contents of the id_rsa.pub file inside of it.

Private SSH Key

Once your public key is in place, now you can configure Filezilla to use your private SSH key and connect to the cluster through the cluster.hpcc.ucr.edu server.

Open Filezilla Site Manager button in the top bar of icons.
Click on the HPCC created in the “Public SSH Key” section
Change the settings to the following:
- Protocol: should be set to SFTP - SSH File Transfer Protocol
- Host: type in cluster.hpcc.ucr.edu
- Port: type 22
- Logon Type: set to Key file
- User: type in your HPCC username
After these fields are finalized, click the Browse.. button.
Navigate to the folder you saved your private key file in and open the private key file mobaxterm_privkey.ppk. You should see the added keyfile in the Key file: box, then click Connect.
Subsequnt connections can be done from the Quickconnect history by clicking on the down arrow to the right side of the Quickconnect button. Remember to select the cluster.hpcc.ucr.edu address.
Transfer files by double clicking or drag-n-drop. For more details regarding file transfers vist Filezilla Usage.

Manuals: SSH Keys Linux

Mon, 01 Jan 0001 00:00:00 +0000

SSH Keys on Linux

How to create SSH keys on LInux OSs or the command-line in general is described on the general login page here.

HPCC – SSH Keys

Manuals: SSH Keys Summary

SSH Key Basics

Manuals: SSH Keys Apple macOS

SSH Keys on macOS

What are SSH Keys?

Why do you need SSH Keys?

Creating SSH Keys from the Command-line

GUI-based SSH Key Creation

Filezilla

Sourcetree

Create SSH Keys (Sourcetree)

SSH Keys Location

Configure SSH Keys

Public SSH Key

Private SSH Key

Manuals: SSH Keys Microsoft Windows

SSH Keys on MS Windows

What are SSH keys?

Why do you need SSH keys?

What you need

MobaXterm

Persistent Home Directory

Finding Files on Windows

FileZilla

Create SSH Keys (MobaXterm)

(A) Command-line-based SSH key creation

(B) GUI-based SSH key creation

Keys Location

Configure SSH Keys

Public SSH Key

Private SSH Key

Manuals: SSH Keys Linux

SSH Keys on Linux

Create SSH Keys (`Sourcetree`)

Create SSH Keys (`MobaXterm`)