OpenSSH
Introduction
OpenSSH is a free SSH protocol suite providing encryption for network services like remote login or remote file transfers. It supports strong cryptography algorithms like RSA, ECDSA, Ed5519, AES, chahcha20, so on. It also provides port forwarding, strong authentication, agent forwarding, interoperability, SFTP client, server support, and optional data compression.
SSH keys offer an alternative and secure way of login authentication to password-based authentication on the discovery cluster. To set up SSH keys, a public and private SSH key pair has to be generated. The private key is stored in the local machine. The public key has to be stored and transferred to the remote discovery cluster to set up the SSH based authentication. The SSH keys are significantly more complex than the passwords, making them more resistant to brute-force attacks.
Getting openSSH
OpenSSH client is installed by default in current versions of Windows 10. You can verify that your Windows 10 version has it enabled by opening Windows Settings and navigating to Apps > Optional features and verifying that Open SSH Client is displayed.
For Linux and Mac users, OpenSSH is installed by default as well. To verify, run the below command:
ssh -VOutput:
OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n 7 Dec 2017Login to Discovery
-
Open the PowerShell in your local workstation/machine if you are using Windows. Else, open the terminal if you are using Linux or Mac.
-
Run the following command to connect to the Discovery via openSSH.
Syntax: ssh <username>@discovery.nmsu.edu
ssh username@discovery.nmsu.edu-
You will be asked to enter the Discovery’s password next.
Password:For security reasons, the password you enter won’t be shown on the screen and also the cursor doesn’t move. Keep typing your password until you finish and then, hit enter. On successful authentication, you will be able to log in to Discovery successfully.
|
If you aren’t on the NMSU network, then you have to run the VPN before you proceed to connect/login to the Discovery. |
Authentication-SSH keys
Using openSSH, you can create SSH private-public key pair to setup a key-based authentication with the Discovery. Please follow the below steps to setup the key-based authentication.
Step 1 - Key Generation
-
Open the PowerShell if you are on Windows OS. If you are using Linux or Mac, simply open the terminal.
-
Then, type the following:
Syntax: ssh-keygen -t <algorithm-name> -b <bits>
ssh-keygen -t RSA -b 4096Output:
Generating public/private rsa key pair.
Enter file in which to save the key (<your-home-directory>/.ssh/id_rsa):|
It’s recommended to use the RSA algorithm with 4096 bits. For more information about the parameters associated with the ssh-keygen command, refer the following page → https://man.openbsd.org/ssh-keygen.1 |
-
The above prompt asks you to enter the file path where you want to store the key pair. The SSH keys are usually stored in the user’s
./sshunder home directory. Hence, it’s recommended to store under(<your-home-directory>/.ssh/id_rsa)and just hitEnter. -
Then, it prompts you to enter the passphrase like below:
Enter passphrase (empty for no passphrase):
Enter same passphrase again:Hit Enter twice if you don’t want to set any passphrase.
Output:
Your identification has been saved in <your-home-directory>/.ssh/id_rsa.
Your public key has been saved in <your-home-directory>/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:FQt/D30S4xqfvjPEGU6LgBePkhLXW50/74eo1jP/W1Y 91866@LAPTOP-IUG191LS
The key's randomart image is:
+---[RSA 4096]----+
| ... .o. |
| . .ooo.ooo |
| o o+*+ +..|
| . +.=..*o=.|
| .So ..=++E|
| ..* o|
| . o.oo|
| . = +o+|
| ... +o=+|
+----[SHA256]-----+The output shows confirmation that the public and private keys have been generated and saved in the ./ssh directory.
|
If you want to protect the private key file with password, then you can set it and enter the passphrase twice. The advantage of setting the password is that the private key file can’t be used even if someone obtains it. |
Step 2 - Transfer Public Key
-
The generated public key has to be transferred to the discovery cluster. First, go to the directory in your local machine which contains the public key file. To do so, run the below command:
Switch Directory:
-
Next, run the
scpcommand to transfer the public keyid_rsa.pubto the Discovery.
Syntax → scp <local-file-path-public-key> <username>@discovery.nmsu.edu:/home/<username>/.ssh/authorized_keys
scp id_rsa.pub crushev@discovery.nmsu.edu:/home/crushev/.ssh/authorized_keysOutput:
id_rsa.pub 100% 748 8.1KB/s 00:00From the above output, you see that the public key in id_rsa.pub has been transferred to the /home/<user-name>/.ssh/authorized_keys in Discovery successfully.
|
After running the |
Step 3 - Set Permissions
-
Now, set the read, write, and execute permissions to the
~/.sshdirectory and `~/.ssh/* ` files. To do that, login to the discovery and then run the below commands from the home directory in Discovery.
chmod 700 ~/.ssh
chmod 600 ~/.ssh/*Step 4 - Create SSH Configuration File
-
The SSH
configfile has to be set up in yourlocal machineand please follow the below steps for your appropriate OS.
-
If the
.sshdirectory isn’t created yet under your$HOMEdirectory, then create one like below:
mkdir $HOME/.ssh-
Switch to the SSH directory. To do that, run the below command:
cd $HOME/.ssh-
Create a new file called
config.
vi config-
Now, paste the following lines of code in the SSH
configfile. Then, save and close the file.
Host discovery
HostName discovery.nmsu.edu
User <your-username>
Port 22
IdentityFile ~/.ssh/id_rsa
-----
If the
.sshfolder isn’t created yet under your USERPROFILE in windows, then create one like below:
New-Item -Path $env:USERPROFILE\.ssh -Type DirectoryOutput:
Directory: <your env:USERPROFILE>
Mode LastWriteTime Length Name
---- ------------- ------ ----
d----- 10/30/2020 4:30 AM .ssh-
Now, switch to the created
.sshfolder.
cd $env:USERPROFILE\.ssh-
Create a new file called
configusing the below command.
New-Item -Path $env:USERPROFILE\.ssh\config -Type FileOutput:
Directory: C:\Users\91866\.ssh
Mode LastWriteTime Length Name
---- ------------- ------ ----
-a---- 10/30/2020 4:42 AM 0 config-
After the config file is created, open the file using the notepad:
notepad config-
Now, paste the below lines of code in the config file. Save and close the file.
Host discovery
HostName discovery.nmsu.edu
User <your-discovery-username>
Port 22
IdentityFile ~/.ssh/id_rsaParameters explained
| Name | Description |
|---|---|
Host |
Identifier(This name will be used when you SSH into discovery later) |
hostname |
Remote server’s hostname |
User |
Discovery username |
Port |
22 |
IdentityFile |
Private key file. |
Now, login to the Discovery now using the below command.
Syntax: ssh <Host-parameter-in-Config-file> -l <Discovery-username>
ssh discovery -l crushevOutput:
Last login: Thu Oct 22 18:53:35 2020 from 10.253.234.3
#################################################
____ _
/ __ \(_)_____________ _ _____ _______ __
/ / / / / ___/ ___/ __ \ | / / _ \/ ___/ / / /
/ /_/ / (__ ) /__/ /_/ / |/ / __/ / / /_/ /
/_____/_/____/\___/\____/|___/\___/_/ \__, /
/____/
#################################################
## Welcome to Discovery! ##
- For more inforamtion on how to use the system, please visit 'https://hpc.nmsu.edu'.
- Visit 'https://slurm.nmsu.edu' to generate sbatch job submission scripts.
- Please review our policies at 'https://hpc.nmsu.edu/home/resources/policies'.
- To contact us email 'hpc-team@nmsu.edu'.
.......
.......It logs into the Discovery successfully without even asking for the password. This shows that the private and public keys are set correctly for key-based authentication.
X11 Forwarding
To enable X11 Forwarding using OpenSSH, please refer to the official documentation of X11 forwarding page → X11 Forwarding
References
Please refer to the official documentation of openSSH for more information → https://www.openssh.com/