Managing SSH Keys

Owned by Marcel-Brian Wilkowsky
Last updated: Jun 11, 2024
2 min read

How-To

For Windows users only:

This documentation assumes the use of PowerShell (not the standard command prompt). Type "powershell" in the Windows search bar and select the following entry:

powershell_windows_search.png

Creating SSH Keys

We recommend using the ed25519 algorithm.

ssh-keygen -t ed25519 [-C "your comment"] [-f path/to/new/key]

Example:

ssh-keygen -t ed25519 -C "pc2-cluster-access"

This command will generate a key with the comment “pc2-cluster-access” inside the default ssh key location: $HOME/.ssh/

Important: Always create your key with a passphrase! If your device is stolen or compromised, the attacker will not have access to your private key.

You now have two new files there, the private key filename (without extension) and the corresponding public key filename.pub (the default is id_ed25519.pub).

Configure the key for SSH Login

A) If you are not a member of Paderborn University and have a new account for a compute time project, you have to upload your newly generated SSH key using our PC2 user portal.

To do so, open the public key (created in the previous section) in your favourite text editor and paste it into

https://portal.pc2.uni-paderborn.de/settings#sshkey

B) Members of Paderborn University can log in to our HPC systems with the IMT password. The public part of the SSH key can be uploaded with ssh-copy-id:

ssh-copy-id [-i /path/to/private/key] noctua1|noctua2

If you have not yet created any SSH config aliases, have a look here:

Example:

Troubleshooting

Remote server still asks for password

If this is the first time you have uploaded your public key via our user portal and login into our HPC systems is still not working, please contact us via mail: pc2-support@uni-paderborn.de

Check following things:

  1. Does your $HOME/.ssh/authorized_keys contains your public key part?

    1. On the remote server (e.g. Noctua 2 login node): cat $HOME/.ssh/authorized_keys

    2. On your device: ssh-add -L # lists all loaded ssh keys

      1. The authorized_keys file should contain the public part of your SSH key listed in the output of ssh-add -L

  2. Ensure that the correct access permissions are set on the server side:

    1. $HOME/.ssh/ directory: drwx------ 2 username user 374 31. Feb 10:05 .ssh

    2. $HOME/.ssh/authorized_keys file: -rw------- 1 username user 1885 31. Feb 09:06 .ssh/authorized_keys

    3. If you are unsure, please contact us via mail: pc2-support@uni-paderborn.de