NOTE: All sbgrid bound Servers and Workstations require 'pub' key to be uploaded: See Below
ssh-keygen -t rsa; accept default options and hit return when prompted for passphrase.
~/.ssh/id_rsa.pub) to remote system:
scp ~/.ssh/id_rsa.pub remotesys:~/If this is the first connection to the remote system, type
yesto accept the remote system key.
Login to remote system, configure remote system to trust public key:
cat ~/id_rsa.pub >> ~/.ssh/authorized_keys
chmod 700 ~/.ssh
chmod 640 ~/.ssh/authorized_keys
~/id_rsa.pubcan be removed from the remote system.
There is no need for ~/.ssh/authorized_keys, the file is ignored on all our linux systems. The 'pub' key must be uploaded to our authentication servers. These examples assume you copied the pub key over, you can also copy and paste the entire contents of the .pub file between systems.
You will need to run these commands on crystal.harvard.edu. If you are a Consortium member use shell.sbgrid.org.
ipa user-mod $USER --sshpubkey="$(cat ~/.ssh/id_rsa.pub)"
Or for multiple keys
ipa user-mod $USER --sshpubkey="$(cat ~/.ssh/id_rsa.pub)" --sshpubkey="$(cat ~/.ssh/id_ed25519.pub)"\ --sshpubkey="$(cat ~/.ssh/othersystem_id_rsa.pub)"
If you are using csh/tcsh shell
ipa user-mod $USER --sshpubkey="`cat ~/.ssh/id_rsa.pub`"
If you get a 'Kerberos Credential' error you will need to enter the following command, type your password and try again.
Note: The 'ipa' command is not available on most workstations, connect to crystal.harvard.edu and perform the commands there.
Last edited by Mick Timony, 2018-02-28 22:47:47