SSH public-private key authentication

Introduction

SSH keys establish a unique communications path between a user's workstation and the server that s/he is logging into (Shaheen/Ibex). The public-private key pair is generated on the user's workstation:

  • The private key should exist only on the laptop/workstation of the user and NEVER be shared.
  • The public key should be copied to the $HOME/.ssh/authorized_keys file on the server(s) that you are logging into (Shaheen/Ibex).

This will allow password-less SSH authentication from client to server; however we strongly recommend that you protect your private key using a passphrase, which should be different from your Active Directory password. The private key must then be "unlocked" using the passphrase each time that you make a SSH connection. If you are logging in frequently, you may also wish to investigate the use of an ssh agent to avoid continually having to enter your passphrase.

Creating the private-public key pair

On your laptop/workstation you can use the following command:

ssh-keygen -t rsa -b 4096

This will create a public key (id_rsa.pub) and a private key (id_rsa) in your workstation/laptop $HOME/.ssh directory. For example:

$ ls -lh $HOME/.ssh/
-rw------- 1 user user 3.4K Jan 25 23:20 id_rsa
-rw-r--r-- 1 user user  738 Jan 25 23:20 id_rsa.pub

Uploading/copying the key to the Server (Shaheen/Ibex)

There are two options to do this:

  1. Manually upload the PUBLIC key (id_rsa.pub).
  2. Use the ssh-copy-id command

Manually uploading the PUBLIC key (id_rsa.pub)

Open a terminal on your laptop/workstation.

Type:

cat ~/.ssh/id_rsa.pub

And copy the output.

Log into Shaheen or Ibex.

On Shaheen/Ibex, edit the authorized_keys file in your .ssh directory (don't worry if it doesn't exist):

vim ~/.ssh/authorized_keys

And paste what you copied previously.

Save and exit.

Change the permissions for that new file:

chmod 0600 ~/.ssh/authorized_keys

You should be able to SSH into Shaheen/Ibex without being prompted for a password

Using the ssh-copy-id command:

This one is much easier.

You open a terminal in your laptop/workstation and type:

ssh-copy-id    -i    /home/user/.ssh/id_rsa.pub    user@shaheen.hpc.kaust.edu.sa