faq-setting-up-passwordless-ssh.md
... ...
@@ -1,11 +1,18 @@
1 1
# Setting up password-less ssh
2
- * ***NOTE***: All SBGrid bound Servers and Workstations on the SBGrid network in the Longwood area require 'pub' key to be ***uploaded*** to our. authentication servers. Please follow the steps named "Generate SSH Keys" and "For Systems on the SBGrid network at Longwood" below.
2
+ * ***NOTE***: All SBGrid bound Servers and Workstations on the SBGrid network in the Longwood area require 'pub' key to be ***uploaded*** to our authentication servers. Please follow the steps named "Generate SSH Keys" and "For Systems on the SBGrid network at Longwood" below.
3 3
4 4
Off Quad systems (at MCB, HU, Tufts, Genzyme) please following the steps named "Generate SSH Keys" and "For Off-Quad SBGrid Systems" below.
5 5
6
-### Generate SSH Keys
6
+### Generating SSH Keys
7
+
8
+***We reccommend using a password for ssh keys***
9
+
10
+ 1. You can generate ssh key-pair for local workstation from a Mac or Linux terminal: `ssh-keygen -t ed25519` or `ssh-keygen -t rsa`
11
+ 2. Press enter to accept the default location.
12
+ 3. Enter a password for the key pair.
13
+ 4. On both linux and Mac systems keys can be loaded with 'ssh-add .ssh/id_rsa'. You can see loaded keys with 'ssh-add -l'. The keys remain loaded until you log out.
14
+ 5. Macintosh systems with keys in default locations should get loaded automatically when connecting to systems
7 15
8
- 1. Generate ssh key-pair for local workstation: `ssh-keygen -t rsa` ; accept default options and hit return when prompted for passphrase.
9 16
10 17
#### For Off-Quad SBGrid Systems
11 18
1. Copy public key (`~/.ssh/id_rsa.pub`) to remote system: `scp ~/.ssh/id_rsa.pub remotesys:~/` If this is the first connection to the remote system, type `yes` to accept the remote system key.
... ...
@@ -21,7 +28,7 @@
21 28
###For Systems on the SBGrid network at Longwood
22 29
There is no need for ~/.ssh/authorized_keys, the file is ignored on all our linux systems on the SBGrid network at Longwood. The 'pub' key ***must*** be uploaded to our authentication servers. These examples assume you copied the pub key to your Linux home directory, you can also copy and paste the entire contents of the .pub file between systems.
23 30
24
-You will need to run these commands on **crystal.harvard.edu**. If you are a Consortium member use shell.sbgrid.org.
31
+You will need to run these commands on **xtal200.harvard.edu**. If you are a Consortium member use shell.sbgrid.org.
25 32
26 33
ipa user-mod $USER --sshpubkey="$(cat ~/.ssh/id_rsa.pub)"
27 34
... ...
@@ -38,4 +45,4 @@ If you get a 'Kerberos Credential' error you will need to enter the following co
38 45
39 46
kinit $USER
40 47
41
-*Note*: The 'ipa' command is not available on most workstations, connect to crystal.harvard.edu and perform the commands there.
48
+*Note*: The 'ipa' command is not available on most workstations, connect to xtal200.harvard.edu and perform the commands there.