Setting up password-less ssh

  • NOTE: All sbgrid bound Servers and Workstations require 'pub' key to be uploaded: See Below
  1. Generate ssh key-pair for local workstation: ssh-keygen -t rsa ; accept default options and hit return when prompted for passphrase.
  2. Copy public key (~/.ssh/id_rsa.pub) to remote system: scp ~/.ssh/id_rsa.pub remotesys:~/ If this is the first connection to the remote system, type yes to accept the remote system key.
  3. Login to remote system, configure remote system to trust public key:
  • ssh remotesys
  • create ~/.ssh if it doesn't exist: mkdir ~/.ssh
  • cat ~/id_rsa.pub >> ~/.ssh/authorized_keys
  • chmod 700 ~/.ssh
  • chmod 640 ~/.ssh/authorized_keys
    1. Logout of remote system, and repeat login to check that everything works correctly. If so, ~/id_rsa.pub can be removed from the remote system.

** FOR SBGRID SYSTEMS There is no need for ~/.ssh/authorized_keys, the file is ignored on all our linux systems. The 'pub' key must be uploaded to our authentication servers. These exapmles assume you copied the pub key over, you can also copy and paste the entire contents of the .pub file between the ""'s.

ipa user-mod $USER --sshpubkey="$(cat .ssh/id_rsa.pub)"

Or for multiple keys

ipa user-mod $USER --sshpubkey="$(cat .ssh/id_rsa.pub)" --sshpubkey="$(cat .ssh/id_ed25519.pub)"\
 --sshpubkey="$(cat .ssh/othersystem_id_rsa.pub)"

If you are using csh/tcsh shell

ipa user-mod $USER --sshpubkey="`cat .ssh/id_rsa.pub`"

If you get a 'Kerberos Credential' error you will need to enter the following cammand, type your password and try again.

kinit $USER

** The 'ipa' command is not available on most workstations, connect to crystal.harvard.edu and perform the commands there.