Generating and Configuring SSH Key Pairs
Follow the steps below to configure a new SSH key pair in anticipation of accessing a cluster with SSH. Once you have generated and configured your SSH key pair for the cluster, you do not have to do this step each time.
Note: These instructions are written generally for OpenSSH and some programs, such as VS Code, are not compatible with this configuration using alternative SSH solutions like PuTTY.
Step 1 - Generate SSH Key Pair
First, you'll need to create and configure an SSH pair for each node you'll be connecting to, a great secure solution to connection.
Open a Terminal
Open a terminal based on your operating system.
- Windows - Command Prompt (CMD) or Git Bash
- MacOS or Linux - Terminal/Shell
Generate the SSH Key Pair
In the terminal, generate your SSH key pair with the following command. Be sure to give the key pair a comment that allows you to identify it. This could be your email address, netid, cluster name, etc.
| Code Block | ||||
|---|---|---|---|---|
| ||||
# CMD ssh-keygen -o -a 100 -t ed25519 -f %USERPROFILE%\.ssh\id_ed25519 -C "<comment; ex.netid or email cluster-name>" # Shell ssh-keygen -o -a 100 -t ed25519 -f ~/.ssh/id_ed25519 -C "<comment; ex.netid or email cluster-name>" |
Next, you'll be prompted to choose a location to save the key pair. This will default to '~/.ssh/id_ed25519'. Be sure to notate if you choose another location.
Finally, you will be prompted to set a passphrase. While this is not 'required', utilize a passphrase is highly encouraged to help keep your private key secure. If you prefer to not, simple hit 'Enter' to skip.
| Warning | ||
|---|---|---|
| ||
Users should take all possible steps to secure their private keys, including utilization of a passphrase. Additionally, users should avoid sharing their private key or passphrase with others, only keep their keys in secure storage locations, and consider rotating their SSH keys while updating authorized keys on your connections to limit the impact in the event of compromise. |
Step 2 - Add the SSH Public Key to the Cluster
Next, you'll need to add the public key to each node you intend to connect to using this method noting that you can certainly generate a new key for each node.
Copy the Public Key
Begin by displaying and copying your key.
To do so, use a corresponding terminal to display the public key so that you can copy it.
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
# CMD type %USERPROFILE%\.ssh\id_ed25519.pub # Shell cat ~/.ssh/id_ed25519.pub |
Add the Public Key to the Login Node
Next, connect to the cluster and add the public key. Repeat this step for other nodes as needed.
| Code Block | ||||
|---|---|---|---|---|
| ||||
# Make the .ssh directory in your home directory mkdir -p ~/.ssh # Put the copied public key into your authorized_keys file echo "your_copied_public_key" >> ~/.ssh/authorized_keys # Ensure the .ssh locations have the correct permissions chmod 700 ~/.ssh chmod 600 ~/.ssh/authorized_keys |
Step 3 - Configure SSH Connection in Applications (if necessary)
Lastly, you'll need to ensure your application is configured to make the SSH connection utilizing your new or existing SSH key pair.
Either during connection prompt or when configuring, you'll need to know where your SSH configuration is saved. This is likely '~/.ssh/config' or 'C:\Users\<netid>\.ssh\config'.
Next, be sure the information for your host has been given the appropriate notations including specifying the SSH key location to be used.
| Code Block | ||||
|---|---|---|---|---|
| ||||
# Example Global Settings for All Hosts
Host *
User <your-netid>
IdentityFile <your key location, ex. ~/.ssh/id_ed25519>
AddKeysToAgent yes
ForwardAgent yes
ServerAliveInterval 180
ServerAliveCountMax 3
Protocol 2
# Example Specific Settings for an OrangeGrid and Zest Host
Host its-og-login1.syr.edu its-zest-login1.syr.edu
HostName $h
User <your-netid>
IdentityFile <your key location, ex. ~/.ssh/id_ed25519>
AddKeysToAgent yes
ForwardAgent yes
ServerAliveInterval 180
ServerAliveCountMax 3
Protocol 2
# Example Adding Bastion Proxy Jump (Bastion access required)
Host its-condor-t1
HostName its-condor-t1.syr.edu
User <your-netid>
Host its-og-login1.syr.edu
HostName its-og-login1.syr.edu
User <your-netid>
ProxyJump its-condor-t1 |
Be sure to save any configuration files if you've made any changes.
4 - Connect to the SSH Host
Finally, connect to your host. This should be done either in your application as configured above or via CMD/CLI as in the examples below.
Note that the passphrase will be needed at least once per session and you may be prompted in additional intervals depending on your ssh-agent.
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
# Example Basic Connection ssh <your-netid>@its-og-login1.syr.edu # Example Bastion Proxy Direct Connection (Bastion access required) ssh -J <your-netid>@its-condor-t1.syr.edu <your-netid>@its-og-login1.syr.edu |
Getting Help
Question about Research Computing? Any questions about using or acquiring research computing resources or access can be directed at researchcomputing@syr.edu.