About SSH Keys
On IPSL mesocenter , ssh remote login is only allowed with RSA key ( no password )
Access via SSH to head nodes is worldwide open on internet
Generating your key with ssh-keygen on linux or MacOS
- keep filename by default when generating : just type return for Enter file in which to save the key (40% of problem)
- always protect your key with a passphrase (do not forget it : 10% problems https://keepassxc.org/)
a private key (identification) could be easily copied from one computer to another
The best thing is to generate the key on one of your laboratory UNIX/Linux server
even to use with linux,MacOS or windows laptop after.
like this you have a copy of your private key and you could continue
to connect even if you lost or broke your laptop
terminal command to use to generate the key :
ssh-keygen -b 4096 -t rsa
full sample of key generation
[user@localhost ~]$ ssh-keygen -b 4096 -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/user/.ssh/id_rsa): Enter passphrase (empty for no passphrase): ******************* Enter same passphrase again: ******************* Your identification has been saved in /home/user/.ssh/id_rsa. Your public key has been saved in /home/user/.ssh/id_rsa.pub. The key fingerprint is: SHA256:tpdrIr1dW5uCKr6AvCu/GXdauBvOY4nqENGK+aGWoU0 user@localhost The key's randomart image is: +---[RSA 4096]----+ | | | . | |. . | |.+ | |=.E S | |.Boo . . . . | |+o*.=.o.. o.. . | |+ .B+Bo oooo.o o | |o=*+*+o+o=o ..o | +----[SHA256]-----+ [user@localhost ~] cat /home/user/.ssh/id_rsa.pub ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDMW7eR0JPEh/1F4k2LEoBQMHaZ3uRL6uZM3S9LEzwhXKnOwpjP3opsjldCgyc3xSTbrgWCoJLdq4xitTmLF/1Da6a3CX9PHLB3WT0YeJCa2vGbHozqldgDg4k8ZagaYFozK7uMqeZTYdhPN2Q9YE+ptaXFUXMyOaUbfSuMPMyHeAc7MeG7f+ivf4RunQTcnY8fbLM2Gx1voE5KUTph1atRgkOKYmNSWPijn2qmQ6BYeFwttojiuOWH0bCSXy/JywinamyBzt0JK40rAlCa09lP+5jia0N0Sn6nmijZ1o3oaO6nOjYMZ1os3OAbmafX8wfSDarKqWE5kQQmF5abyZ9PvI+MliXVe//bEjIxW00z0s3bM6EWzJ1/MmtI5aNT3DpgXx0pzh9uPMA5tgdl90BvxXNljovxriYqtwcWTfWtEDnQekFOeQI3S/ou0rRZ80n3RwUTs0soxkOo4lSTP2Jh/KYeGqQPuMPOLiW5oHZPXQZ5uu0VWCjFB9kD+NXxoWoOrJ6t6DRzwoEO83V87uUyz3Bzlw9aixxWEr38CW7ZVXqpTnFKj/TdPkny7Ms77cLBb3WbPZTWmJlO9MNNPGFuoHWRR/n199BYSRu46Zvh0k2xivJ52JdJ/ud0DfRY0p4CoAWupNaMw0qRDUzawkY+pKVHTf2oJF7KuTZhabuXmQ== user@localhost
The ssh public key needed in the form is only this
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDMW7eR0JPEh/1F4k2LEoBQMHaZ3uRL6uZM3S9LEzwhXKnOwpjP3opsjldCgyc3xSTbrgWCoJLdq4xitTmLF/1Da6a3CX9PHLB3WT0YeJCa2vGbHozqldgDg4k8ZagaYFozK7uMqeZTYdhPN2Q9YE+ptaXFUXMyOaUbfSuMPMyHeAc7MeG7f+ivf4RunQTcnY8fbLM2Gx1voE5KUTph1atRgkOKYmNSWPijn2qmQ6BYeFwttojiuOWH0bCSXy/JywinamyBzt0JK40rAlCa09lP+5jia0N0Sn6nmijZ1o3oaO6nOjYMZ1os3OAbmafX8wfSDarKqWE5kQQmF5abyZ9PvI+MliXVe//bEjIxW00z0s3bM6EWzJ1/MmtI5aNT3DpgXx0pzh9uPMA5tgdl90BvxXNljovxriYqtwcWTfWtEDnQekFOeQI3S/ou0rRZ80n3RwUTs0soxkOo4lSTP2Jh/KYeGqQPuMPOLiW5oHZPXQZ5uu0VWCjFB9kD+NXxoWoOrJ6t6DRzwoEO83V87uUyz3Bzlw9aixxWEr38CW7ZVXqpTnFKj/TdPkny7Ms77cLBb3WbPZTWmJlO9MNNPGFuoHWRR/n199BYSRu46Zvh0k2xivJ52JdJ/ud0DfRY0p4CoAWupNaMw0qRDUzawkY+pKVHTf2oJF7KuTZhabuXmQ== user@localhost
SSH Connection to ipsl mesocenter has never work , what to do ?
- See with your local system administrator and show him this documentation
- cut and past the following command in a terminal on the same machine you generate the key (Linux/MacOS)
uname -a;ls -al $HOME/.ssh;ssh-add -l;ssh-add -L;head -2 $HOME/.ssh/id_rsa;cat $HOME/.ssh/id_rsa.pub;date;
ssh -vvv replace_by_your_login@ciclad.ipsl.jussieu.fr
- send all the text written to the terminal by mail (please no screen copy image):
to mailto:meso-support@ipsl.fr
with subject : ssh first connexion problem for login 'your login on IPSL mesocenter'
I want to access from another computer
Linux/MacOS
you just have to copy the file $HOME/.ssh/id_rsa
from the already working computer
to the new computer in $HOME/.ssh/id_rsa
after the copy, type following command on the new computer
chmod 600 $HOME/.ssh/id_rsa
Windows
you need to copy the file $HOME/.ssh/id_rsa
but you can also import a putty key (.ppk extension) from the already working computer to your windows computer
we recommand to use Mobaxterm : https://mobaxterm.mobatek.net/download-home-edition.html
To import you ssh private key, start mobaxterm
- click to Settings
- select SSH tab
- Activate the 3 options :
- "X" Use Internal SSH Agent
- "X" Use External Pageant
- "X" Forward Agent
- click on the + sign to import your id_rsa file
- quit mobaxterm then restart mobaxterm
mobaxterm could also generate ssh keys
- click to tool
- then select mobakeygen menu
if you really prefer to use putty : https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html
- launch puttygen application
- click on conversion tab
- import key
- load your id_rsa file
- save your key on putty format
- quit puttygen application
- click on your key in putty format (this launch pageant application and ask your passphrase )
- start putty application
- in configuration menu, click on SSH then Auth
- activate options :
- X Attempt authentication using Pageant
- X Allow Agent Forward
- If you need graphic you have to also install Xming application
- activate option in SSH X11 section : X Enable Forward X11
- For graphic to work Xming must be lauched before putty
Using config file on Linux or MacOS
With ssh you could create the file $HOME/.ssh/config
to simplify some ssh setup
- fixing some options
- fixing remote username for one host
- using host alias
sample :
[user@localhost ~]$ cat $HOME/.ssh/config # to know more about config file # man ssh_config # ForwardX11 yes # equivalent to -X on command line ForwardAgent yes # equivalent to -A on command line ServerAliveInterval 90s # for dying ssh connections ForwardX11Timeout 168h # X11 stop working after sometime like 20 minutes on some MacOS version # # climserv is just an alias but could be use like this # ssh climserv is equivalent to do ssh foobar@camelot.ipsl.polytechnique.fr Host climserv User foobar Hostname camelot.ipsl.polytechnique.fr [user@localhost ~]