1. SSH

ssh is a powerful tool that allows you to create a connection to a server, over a network, and exchange data.

By default, ssh will provide you with a shell (for example, bash, zsh, or fish) running on the server.

ssh [email protected]

The part before the "@" is your username for the server. The part after the "@" is the host. The result will be the default shell of given user, on the host.

You can also run specific commands on the host without launching an entire shell. Run this command in the terminal in your LOCAL computer. You will need to fill in the USERNAME part with your Anvil username!

ssh [email protected] whoami

This would run the whoami command on the host, anvil.rcac.purdue.edu, and output the value in the current shell on your local machine.

2. Authentication

When using ssh to login to the host system, you will be asked to enter a password. This is the password of the user, username, on the host machine. You will be required to enter this for every ssh connection.

On Anvil, it is not so simple, as there is a special gateway system that you would first need to ssh into, before `ssh`ing into the actual Anvil system. To bypass this, you can use an alternative authentication system called public key cryptography.

Public key cryptography allows the user to bypass typing a password by exchanging a set of files. ssh can use these files in order to verify that you are indeed connecting from an authorized system.

To setup ssh keys, do the following.

  1. On your local machine or your host machine, generate your key pair:

# mac or linux
cd .ssh
ssh-keygen -a 100 -t ed25519 -f ~/.ssh/id_ed25519

# windows
cd .ssh
ssh-keygen -t ed25519

  1. You will be prompted to enter a password. If you choose to not enter a password, your resulting private key will end up being the equivalent of a password. Any bad actor who gets ahold of your key will be able to enter any authorized system under your username. If you do enter a password, you will be asked to enter this password every time you ssh into another system with a matching public key in the ~/.ssh/authorized_keys file.

  2. This will create two files in your $HOME directory: ~/.ssh/id_ed25519 and ~/.ssh/id_ed25519.pub. Or, if you are in a Windows system: C:\Users\username\.ssh\id_ed25519 and C:\Users\username\.ssh\id_ed25519.pub. The first key, ~/.ssh/id_ed25519, is your private key. The other file, ~/.ssh/id_ed25519.pub is your public key.

  3. The next task is to share your public key with any other system you’d like to be able to ssh into. For example, Anvil. To share a public key, you can either use the nifty ssh-copy-id command, or you can manually copy the contents of your public key and append the contents to the ~/.ssh/authorized_keys file on the desired host (in our example, Anvil).

Navigate and login to ondemand.anvil.rcac.purdue.edu. Click on Clusters > Anvil Shell Access in the top menu.

Once presented with a shell, run the following to create the .ssh folder if it doesn’t already exist:

mkdir -p ~/.ssh

Next, you will copy the contents of your public key. You will type this command still in your local computer, then select the output string and copy it into Anvil’s shell:

# mac or linux
cat ~/.ssh/id_ed25519.pub

# windows
type C:\Users\username\.ssh\id_ed25519.pub

Next, navigate back to your tab ondemand.anvil.rcac.purdue.edure and turn to the top menu and click on Files > Home Directory.

  1. In the file browser, click the gear icon in the top right and enable Show Dotfiles.

  2. Open the .ssh folder.

  3. If the authorized_keys file does not exist, click New File and name it authorized_keys.

  4. Open the authorized_keys file and paste the full contents of your public key (copied from cat ~/.ssh/id_ed25519.pub) on a new line.

  5. Save the file.

Then, go back to the Anvil shell terminal and set the required permissions:

chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

Now, on your local machine, you should be able to run the following and immediately connect:

ssh [email protected]

That should do it!

Here is some more information that might come in handy:

  1. One neat trick, when managing many hosts, is to maintain an ssh config file. This is useful if you have many hosts, with different usernames, key pairs, and addresses. Take the following, for example:

Host anvil
    Hostname anvil.rcac.purdue.edu
    User username1
    IdentityFile ~/.ssh/id_ed25519

Host pizza
    Hostname pi.zza.445.333.example.com
    User georgie
    IdentityFile ~/.ssh/id_rsa

This config allows you to establish a connection using ssh very easily:

ssh anvil

# or

ssh pizza

This replaces the alternative:

ssh [email protected]
ssh -i ~/.ssh/id_rsa [email protected]