SSH
ssh
is a powerful tool that allows you to create a connection to a server, over a network, and exchange data.
By default, ssh
will provide you with a shell (for example, bash
, zsh
, or fish
) running on the server.
The part before the "@" is your username for the server. The part after the "@" is the host. The result will be the default shell of given user, on the host.
You can also run specific commands on the host without launching an entire shell.
ssh [email protected] whoami
This would run the whoami
command on the host, anvil.rcac.purdue.edu
, and output the value in the current shell on your local machine.
Authentication
When using ssh
to login to the host system, you will be asked to enter a password. This is the password of the user, username
, on the host machine. You will be required to enter this for every ssh
connection.
On Anvil, it is not so simple, as there is a special gateway system that you would first need to ssh
into, before `ssh`ing into the actual Anvil system. To bypass this, you can use an alternative authentication system called public key cryptography.
Public key cryptography allows the user to bypass typing a password by exchanging a set of files. ssh
can use these files in order to verify that you are indeed connecting from an authorized system.
To setup ssh
keys, do the following.
-
On your local machine or your host machine, generate your key pair.
# mac or linux ssh-keygen -a 100 -t ed25519 -f ~/.ssh/id_ed25519 -C "comment here" # windows ssh-keygen -t ed25519
-
You will be prompted to enter a password. If you choose to not enter a password, your resulting private key will end up being the equivalent of a password. Any bad actor who gets ahold of your key will be able to enter any authorized system under your username. If you do enter a password, you will be asked to enter this password every time your
ssh
into another system with a matching public key in the~/.ssh/authorized_keys
file. -
This will create two files in your
$HOME
directory:~/.ssh/id_ed25519
and~/.ssh/id_ed25519.pub
. Or, if you are in a windows systemC:\Users\username\.ssh\id_ed25519
andC:\Users\username\.ssh\id_ed25519
. The first key,~/.ssh/id_ed25519
, is your private key. The other file,~/.ssh/id_ed25519.pub
is your public key. -
The next task is to share your public key with any other system you’d like to be able to
ssh
into. For example, Anvil. To share a public key, you can either use the niftyssh-copy-id
command, or you can manually copy the contents of your public key and append the contents to the~/.ssh/authorized_keys
file on the desired host (in our example, Anvil).# long, manual way, starting on the local machine # mac or linux cat ~/.ssh/id_ed25519.pub # windows type C:\Users\username\.ssh\id_ed25519.pub # copy the output of the cat command to you clipboard ssh [email protected] # now on anvil via ssh mkdir ~/.ssh vim ~/.ssh/authorized_keys # paste the contents of your keys to a newline, and press # Ctrl+c, and type ":wq" to save and quit. # set the permissions on the host (anvil) # ssh requires ssh-specific files have proper permissions chmod 700 ~/.ssh chmod 644 ~/.ssh/authorized_keys chmod 644 ~/.ssh/known_hosts chmod 644 ~/.ssh/config chmod 600 ~/.ssh/id_ed25519 chmod 644 ~/.ssh/id_ed25519.pub # short, automatic way, starting on the local machine # IMPORTANT: this will _not_ work as anvil does not # support password authentication. ssh-copy-id [email protected]
For Anvil, specifically, you will need to perform the manual way. You can do this by first copying the contents of your public key.
# mac or linux cat ~/.ssh/id_ed25519.pub # windows type C:\Users\username\.ssh\id_ed25519.pub
Then, navigate and login to ondemand.anvil.rcac.purdue.edu. Click on Clusters > Anvil Shell Access in the top menu. Once presented with a shell, do the following.
mkdir ~/.ssh vim ~/.ssh/authorized_keys # paste the contents of your keys to a newline, and press # Ctrl+c, and type ":wq" to save and quit. # set the permissions chmod 700 ~/.ssh chmod 644 ~/.ssh/authorized_keys chmod 644 ~/.ssh/known_hosts chmod 644 ~/.ssh/config chmod 600 ~/.ssh/id_ed25519 chmod 644 ~/.ssh/id_ed25519.pub
Now, on your local machine, you should be able to run the following and immediately connect.
-
If you chose to add a password to your key pair, and you do not want to have to type your password each time you
ssh
into the given host, you can use thessh-agent
, which, after an initial setup step, will automatically do this for you. To set this up, simply typessh-add
, and, when prompted, type in the password associated with your key pair. At this stage, you should be able to run the following and immediately be connected to the host. For windows users, the information here may be helpful. -
One neat trick, when managing many hosts, is to maintain an
ssh
config file. This is useful if you have many hosts, with different usernames, key pairs, and addresses. Take the following, for example.~/.ssh/configHost anvil Hostname anvil.rcac.purdue.edu User username1 IdentityFile ~/.ssh/id_ed25519 Host pizza Hostname pi.zza.445.333.example.com User georgie IdentityFile ~/.ssh/id_rsa
This config allows you to establish a connection using
ssh
very easily.ssh anvil # or ssh pizza
This replaces the alternative.
ssh [email protected] ssh -i ~/.ssh/id_rsa [email protected]