SSH Access to Penobscot using a Keypair
Introduction:
Key-based SSH authentication provides a convenient and secure way of starting an SSH session on a login node without using a password. This page takes you through the steps to create a new keypair and use it to connect to login1, the primary login node for the Penobscot Cluster.
Step 1: Generate the keypair
On your own computer, open a Terminal or Command Prompt window and type
ssh-keygen -t ed25519 -a 100
(Note: the ssh-keygen command should be present on Linux, Mac and recent Windows systems. If you don't have the command, you can generate a keypair with a different tool. Contact us at acg.support@maine.edu for help.)
Press enter to accept the default name/location for the new private key. (If you're warned about overwriting an existing file, don't do it, you might lose access to a different system. You may be able to use your existing keys, contact acg.support@maine.edu.)
You'll be prompted for a passphrase, which you'll need to enter twice. The passphrase provides an added layer of security in case your computer is compromised.
The keypair consists of a private key, which never leaves your computer, and a public key, which other computers can use to encrypt data so that it can only be read with your private key. You'll need to copy your public key to your HPC account. To see your public key, type
type .ssh\id_ed25519.pub (Windows)
cat .ssh/id_ed25519.pub (Linux or MacOS)
Step 2: Connect to ACG's Open OnDemand portal
The Open OnDemand system provides an easy way to get into your HPC account. Connect to https://login1.acg.maine.edu with a browser and log in using your UMS Single Sign-On credentials.
Step 3: Add the public key to your authorized_keys file
In the Open OnDemand web portal, choose Files | Home Directory. Scroll down to the folder named ".ssh" and click into it. Find the file named "authorized_keys", and select Edit from the ... menu button in that row.
In the web text editor for "authorized_keys", copy the line from the end of Step 1 (it starts with "ssh-ed25519") as a new line at the end of the file and press the Save button. You can close the browser tab.
Step 4: SSH to login1 using the keypair
Now when you SSH to login1 using your computer's built-in SSH client, your public key will identify you. Return to the Terminal or Command Prompt on your computer and type
ssh <your.name>@login1.acg.maine.edu
You'll be prompted for your passphrase, then you'll have a shell on login1.