SSH

ssh is a powerful tool that allows you to create a connection to a server, over a network, and exchange data.

By default, ssh will provide you with a shell (for example, bash, zsh, or fish) running on the server.

The part before the "@" is your username for the server. The part after the "@" is the host. The result will be the default shell of given user, on the host.

You can also run specific commands on the host without launching an entire shell.

ssh [email protected] whoami

This would run the whoami command on the host, anvil.rcac.purdue.edu, and output the value in the current shell on your local machine.

Authentication

When using ssh to login to the host system, you will be asked to enter a password. This is the password of the user, username, on the host machine. You will be required to enter this for every ssh connection.

On Anvil, it is not so simple, as there is a special gateway system that you would first need to ssh into, before `ssh`ing into the actual Anvil system. To bypass this, you can use an alternative authentication system called public key cryptography.

Public key cryptography allows the user to bypass typing a password by exchanging a set of files. ssh can use these files in order to verify that you are indeed connecting from an authorized system.

To setup ssh keys, do the following.

  1. On your local machine or your host machine, generate your key pair.

    ssh-keygen -a 100 -t ed25519 -f ~/.ssh/id_ed25519 -C "comment here"
  2. You will be prompted to enter a password. If you choose to not enter a password, your resulting private key will end up being the equivalent of a password. Any bad actor who gets ahold of your key will be able to enter any authorized system under your username. If you do enter a password, you will be asked to enter this password every time your ssh into another system with a matching public key in the ~/.ssh/authorized_keys file.

  3. This will create two files in your $HOME directory: ~/.ssh/id_ed25519 and ~/.ssh/id_ed25519.pub. The first key, ~/.ssh/id_ed25519, is your private key. The other file, ~/.ssh/id_ed25519.pub is your public key.

  4. The next task is to share your public key with any other system you’d like to be able to ssh into. For example, Anvil. To share a public key, you can either use the nifty ssh-copy-id command, or you can manually copy the contents of your public key and append the contents to the ~/.ssh/authorized_keys file on the desired host (in our example, Anvil).

    # long, manual way, starting on the local machine
    cat ~/.ssh/id_ed25519.pub
    
    # copy the output of the cat command
    ssh [email protected]
    
    # now on anvil via ssh
    mkdir ~/.ssh
    vim ~/.ssh/authorized_keys
    
    # paste the contents of your public key on a new
    # line in the ~/.ssh/authorized_keys file on the host
    
    # set the permissions on the host
    # ssh requires ssh-specific files have proper permissions
    chmod 700 ~/.ssh
    chmod 644 ~/.ssh/authorized_keys
    chmod 644 ~/.ssh/known_hosts
    chmod 644 ~/.ssh/config
    chmod 600 ~/.ssh/id_ed25519
    chmod 644 ~/.ssh/id_ed25519.pub
    
    # short, automatic way, starting on the local machine
    # IMPORTANT: this will _not_ work as anvil does not
    # support password authentication.
    ssh-copy-id [email protected]

    For Anvil, specifically, you will need to perform the manual way. You can do this by first copying the contents of your public key.

    cat ~/.ssh/id_ed25519.pub

    Then, navigate and login to ondemand.anvil.rcac.purdue.edu. Click on Clusters > Anvil Shell Access in the top menu. Once presented with a shell, do the following.

    mkdir ~/.ssh
    vim ~/.ssh/authorized_keys
    
    # paste the contents of your keys to a newline, and press
    # Ctrl+c, and type ":wq" to save and quit.
    
    # set the permissions
    chmod 700 ~/.ssh
    chmod 644 ~/.ssh/authorized_keys
    chmod 644 ~/.ssh/known_hosts
    chmod 644 ~/.ssh/config
    chmod 600 ~/.ssh/id_ed25519
    chmod 644 ~/.ssh/id_ed25519.pub

    Now, on your local machine, you should be able to run the following and immediately connect.

  5. If you chose to add a password to your key pair, and you do not want to have to type your password each time you ssh into the given host, you can use the ssh-agent, which, after an initial setup step, will automatically do this for you. To set this up, simply type ssh-add, and, when prompted, type in the password associated with your key pair. At this stage, you should be able to run the following and immediately be connected to the host.

  6. One neat trick, when managing many hosts, is to maintain an ssh config file. This is useful if you have many hosts, with different usernames, key pairs, and addresses. Take the following, for example.

    ~/.ssh/config
    Host anvil
        Hostname anvil.rcac.purdue.edu
        User username1
        IdentityFile ~/.ssh/id_ed25519
    
    Host pizza
        Hostname pi.zza.445.333.example.com
        User georgie
        IdentityFile ~/.ssh/id_rsa

    This config allows you to establish a connection using ssh very easily.

    ssh anvil
    
    # or
    
    ssh pizza

    This replaces the alternative.

    ssh [email protected]
    ssh -i ~/.ssh/id_rsa [email protected]