ssh is a powerful tool that allows you to create a connection to a server, over a network, and exchange data.
ssh will provide you with a shell (for example,
fish) running on the server.
The part before the "@" is your username for the server. The part after the "@" is the host. The result will be the default shell of given user, on the host.
You can also run specific commands on the host without launching an entire shell.
ssh [email protected] whoami
This would run the
whoami command on the host,
anvil.rcac.purdue.edu, and output the value in the current shell on your local machine.
ssh to login to the host system, you will be asked to enter a password. This is the password of the user,
username, on the host machine. You will be required to enter this for every
On Anvil, it is not so simple, as there is a special gateway system that you would first need to
ssh into, before `ssh`ing into the actual Anvil system. To bypass this, you can use an alternative authentication system called public key cryptography.
Public key cryptography allows the user to bypass typing a password by exchanging a set of files.
ssh can use these files in order to verify that you are indeed connecting from an authorized system.
ssh keys, do the following.
On your local machine or your host machine, generate your key pair.
# mac or linux ssh-keygen -a 100 -t ed25519 -f ~/.ssh/id_ed25519 -C "comment here" # windows ssh-keygen -t ed25519
You will be prompted to enter a password. If you choose to not enter a password, your resulting private key will end up being the equivalent of a password. Any bad actor who gets ahold of your key will be able to enter any authorized system under your username. If you do enter a password, you will be asked to enter this password every time your
sshinto another system with a matching public key in the
This will create two files in your
~/.ssh/id_ed25519.pub. Or, if you are in a windows system
C:\Users\username\.ssh\id_ed25519. The first key,
~/.ssh/id_ed25519, is your private key. The other file,
~/.ssh/id_ed25519.pubis your public key.
The next task is to share your public key with any other system you’d like to be able to
sshinto. For example, Anvil. To share a public key, you can either use the nifty
ssh-copy-idcommand, or you can manually copy the contents of your public key and append the contents to the
~/.ssh/authorized_keysfile on the desired host (in our example, Anvil).
# long, manual way, starting on the local machine # mac or linux cat ~/.ssh/id_ed25519.pub # windows type C:\Users\username\.ssh\id_ed25519.pub # copy the output of the cat command to you clipboard ssh [email protected] # now on anvil via ssh mkdir ~/.ssh vim ~/.ssh/authorized_keys # paste the contents of your keys to a newline, and press # Ctrl+c, and type ":wq" to save and quit. # set the permissions on the host (anvil) # ssh requires ssh-specific files have proper permissions chmod 700 ~/.ssh chmod 644 ~/.ssh/authorized_keys chmod 644 ~/.ssh/known_hosts chmod 644 ~/.ssh/config chmod 600 ~/.ssh/id_ed25519 chmod 644 ~/.ssh/id_ed25519.pub # short, automatic way, starting on the local machine # IMPORTANT: this will _not_ work as anvil does not # support password authentication. ssh-copy-id [email protected]
For Anvil, specifically, you will need to perform the manual way. You can do this by first copying the contents of your public key.
# mac or linux cat ~/.ssh/id_ed25519.pub # windows type C:\Users\username\.ssh\id_ed25519.pub
Then, navigate and login to ondemand.anvil.rcac.purdue.edu. Click on Clusters > Anvil Shell Access in the top menu. Once presented with a shell, do the following.
mkdir ~/.ssh vim ~/.ssh/authorized_keys # paste the contents of your keys to a newline, and press # Ctrl+c, and type ":wq" to save and quit. # set the permissions chmod 700 ~/.ssh chmod 644 ~/.ssh/authorized_keys chmod 644 ~/.ssh/known_hosts chmod 644 ~/.ssh/config chmod 600 ~/.ssh/id_ed25519 chmod 644 ~/.ssh/id_ed25519.pub
Now, on your local machine, you should be able to run the following and immediately connect.
If you chose to add a password to your key pair, and you do not want to have to type your password each time you
sshinto the given host, you can use the
ssh-agent, which, after an initial setup step, will automatically do this for you. To set this up, simply type
ssh-add, and, when prompted, type in the password associated with your key pair. At this stage, you should be able to run the following and immediately be connected to the host. For windows users, the information here may be helpful.
One neat trick, when managing many hosts, is to maintain an
sshconfig file. This is useful if you have many hosts, with different usernames, key pairs, and addresses. Take the following, for example.~/.ssh/config
Host anvil Hostname anvil.rcac.purdue.edu User username1 IdentityFile ~/.ssh/id_ed25519 Host pizza Hostname pi.zza.445.333.example.com User georgie IdentityFile ~/.ssh/id_rsa
This config allows you to establish a connection using
ssh anvil # or ssh pizza
This replaces the alternative.