Versions Compared

Version Old Version 2 New Version Current
Changes made by

Andong Li

Douglas Kirby

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. To generate a key, on your local command line enter the following

    Code Block
    ssh-keygen -t rsa -b 4096

  2. ssh-keygen will then prompt you to protect your private key with a passphrase. You may create one or leave it blank.

Code Block
Generating public/private rsa key pair.
Enter file in which to save the key (/home/mobaxterm/.ssh/id_rsa):
Created directory '/home/mobaxterm/.ssh'.
Enter passphrase (empty for no passphrase):
.
.
.

  1. Add the public key to the cluster (adjust path to id_rsa.pub if needed and enter your netid)

    Code Block
    ssh-copy-id -i ~/.ssh/id_rsa.pub yournetidhere@hpc2.storrs.hpc.uconn.edu

Warning

If the ssh-copy-id command fails. We have to manually copy the key onto the cluster:

  1. On a local terminal, open the id_rsa.pub file with a text editor (nano, vim, cat).

  2. Copy the content

  3. On the cluster, locate your .ssh directory in your home and create a new file called “authorized_keys” ~/.ssh/authorized_keys

  4. Paste the contents of id_rsa.pub into the “authorized_keys” ~/.ssh/authorized_keys

✅ You should now be able to access the cluster without password or duo prompts!

Set up SSH Keys for Putty/WinSCP

Obtaining and Starting PuTTYgen

PuTTYgen is included in the WinSCP installation package. You can also download it separately from the WinSCP download page.

PuTTYgen originates from PuTTY and is also part of the PuTTY installation package. It does not matter if you use PuTTYgen from WinSCP or the PuTTY installation package, they are identical.

To start PuTTYgen, go to Tools > PuTTYgen on Login dialog.

When you run PuTTYgen you will see a window where you have two main choices: Generate, to generate a new public/private key pair, or Load to load in an existing private key.

...

After loading or generating a key the following output will be displayed.

...

Optionally set a passphrase then save both the public and private keys.
Add the public key to the cluster (adjust path to id_rsa.pub if needed and enter your netid)

Code Block
ssh-copy-id -i ~/.ssh/id_rsa.pub yournetidhere@hpc2.storrs.hpc.uconn.edu

Warning

If the ssh-copy-id command fails. We have to manually copy the key onto the cluster:

  1. Open the key in puTTYgen

  2. copy the key output in the top box

  3. Paste the contents into the ~/.ssh/authorized_keys file

Adding SSH Key to Filezilla

...

Click “OK” to save and you should be able to log on the cluster with that session without password or DUO prompt!

SSH Keys in WinSCP

WinSCP requires the private key to be in the format PuTTY (.ppk file). Fortunately, WinSCP includes a program called PuTTYgen and allows you to generate a key pair where the private key is in the .ppk format.

...

Next, generate a key pair and save the private key.

...

Edit or create a new session. Under Advanced>SSH>Authentication, check “Allow agent forwarding” and locate the private key file that you previously generated.

...

You should now be able to connect without the DUO prompt!

Common Errors

Info

If you encounter the following error, fear not!

Code Block
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
Please contact your system administrator.
Add correct host key in /home/hostname /.ssh/known_hosts to get rid of this message.
Offending RSA key in 
RSA host key for pong has changed and you have requested strict checking.
Host key verification failed.

Simply remove hpc2 from your known hosts with the following command:

Code Block
ssh-keygen -R hpc2.storrs.hpc.uconn.edu

You should now be able to log in again (big grin)