Generating SSH keys

De Wiki de Calcul Québec
Aller à : Navigation, rechercher
Cette page est une traduction de la page Générer des clés SSH et la traduction est complétée à 100 % et à jour.

Autres langues :anglais 100% • ‎français 100%

Commercial softwares sometimes manage connections and task distribution by themselves by logging on the allocated nodes. In these cases, the connection must be made possible without any input from the user.

Generating your SSH key

To allow remote connection through SSH without passwords, you must configure what we call an SSH key. To do this, you simply need to execute the command

[nom@serveur $] ssh-keygen

This will ask you many questions. More simply, you can copy and paste the following command which will create a key without asking you any information:

[nom@serveur $] ssh-keygen -q -t rsa -N "" -f $HOME/.ssh/id_rsa

Note : Make sure NOT to share the "$HOME/.ssh/id_rsa" file to anyone, see the usage policy.

Authorize your key to allow automatic connections

The following commands will add your public key to the list of authorized keys and will prevent access to this file to anyone but your.

 [nom@serveur $] cat ~/.ssh/ >> ~/.ssh/authorized_keys
 [nom@serveur $] chmod 600 ~/.ssh/authorized_keys

Configuration of your SSH client

By default, the SSH client asks the user to authorize the RSA signature of the server when the first connection is made. It then stores this signature in the "~/.ssh/known_hosts" file. For the following connections, the server's identity is verified against this list. If the RSA signature has changed, the client will refuse to connect, which could prevent a job from running.
On some servers (such as Colosse), the compute nodes do not have a permanent RSA signature, and a new identity is created every time the server reboots. Therefore, storing and checking a node's identity does not solve this issue.

To prevent this problem from occuring, you can configure your "~/.ssh/config" to add the following block:

File : ~/.ssh/config
Host *
    StrictHostKeyChecking no

This configuration will completely override the server's identification by your SSH client.

Outils personnels
Espaces de noms

Ressources de Calcul Québec