1. SSH
ssh
is a powerful tool that allows you to create a connection to a server, over a network, and exchange data.
By default, ssh
will provide you with a shell (for example, bash
, zsh
, or fish
) running on the server.
The part before the "@" is your username for the server. The part after the "@" is the host. The result will be the default shell of given user, on the host.
You can also run specific commands on the host without launching an entire shell. Run this command in the terminal in your LOCAL computer. You will need to fill in the USERNAME part with your Anvil username!
ssh [email protected] whoami
This would run the whoami
command on the host, anvil.rcac.purdue.edu
, and output the value in the current shell on your local machine.
2. Authentication
When using ssh
to login to the host system, you will be asked to enter a password. This is the password of the user, username
, on the host machine. You will be required to enter this for every ssh
connection.
On Anvil, it is not so simple, as there is a special gateway system that you would first need to ssh
into, before `ssh`ing into the actual Anvil system. To bypass this, you can use an alternative authentication system called public key cryptography.
Public key cryptography allows the user to bypass typing a password by exchanging a set of files. ssh
can use these files in order to verify that you are indeed connecting from an authorized system.
To setup ssh
keys, do the following.
-
On your local machine or your host machine, generate your key pair:
# mac or linux
cd .ssh
ssh-keygen -a 100 -t ed25519 -f ~/.ssh/id_ed25519
# windows
cd .ssh
ssh-keygen -t ed25519
-
You will be prompted to enter a password. If you choose to not enter a password, your resulting private key will end up being the equivalent of a password. Any bad actor who gets ahold of your key will be able to enter any authorized system under your username. If you do enter a password, you will be asked to enter this password every time you
ssh
into another system with a matching public key in the~/.ssh/authorized_keys
file. -
This will create two files in your
$HOME
directory:~/.ssh/id_ed25519
and~/.ssh/id_ed25519.pub
. Or, if you are in a Windows system:C:\Users\username\.ssh\id_ed25519
andC:\Users\username\.ssh\id_ed25519.pub
. The first key,~/.ssh/id_ed25519
, is your private key. The other file,~/.ssh/id_ed25519.pub
is your public key. -
The next task is to share your public key with any other system you’d like to be able to
ssh
into. For example, Anvil. To share a public key, you can either use the niftyssh-copy-id
command, or you can manually copy the contents of your public key and append the contents to the~/.ssh/authorized_keys
file on the desired host (in our example, Anvil).
Navigate and login to ondemand.anvil.rcac.purdue.edu. Click on Clusters > Anvil Shell Access in the top menu.
Once presented with a shell, run the following to create the .ssh
folder if it doesn’t already exist:
mkdir -p ~/.ssh
Next, you will copy the contents of your public key. You will type this command still in your local computer, then select the output string and copy it into Anvil’s shell:
# mac or linux
cat ~/.ssh/id_ed25519.pub
# windows
type C:\Users\username\.ssh\id_ed25519.pub
Next, navigate back to your tab ondemand.anvil.rcac.purdue.edure
and turn to the top menu and click on Files > Home Directory.
-
In the file browser, click the gear icon in the top right and enable Show Dotfiles.
-
Open the
.ssh
folder. -
If the
authorized_keys
file does not exist, click New File and name itauthorized_keys
. -
Open the
authorized_keys
file and paste the full contents of your public key (copied fromcat ~/.ssh/id_ed25519.pub
) on a new line. -
Save the file.
Then, go back to the Anvil shell terminal and set the required permissions:
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
Now, on your local machine, you should be able to run the following and immediately connect:
That should do it!
Here is some more information that might come in handy:
-
One neat trick, when managing many hosts, is to maintain an
ssh
config file. This is useful if you have many hosts, with different usernames, key pairs, and addresses. Take the following, for example:
Host anvil
Hostname anvil.rcac.purdue.edu
User username1
IdentityFile ~/.ssh/id_ed25519
Host pizza
Hostname pi.zza.445.333.example.com
User georgie
IdentityFile ~/.ssh/id_rsa
This config allows you to establish a connection using ssh
very easily:
ssh anvil
# or
ssh pizza
This replaces the alternative:
ssh [email protected]
ssh -i ~/.ssh/id_rsa [email protected]