How to Generate SSH Keys

Generating ssh keys enables you to streamline authentication on O2 without typing your password.

Host keys for all O2 compute nodes are already listed in /etc/ssh/ssh_known_hosts, so there is no need for you to add them to your ~/.ssh/known_hosts file.

First, create your public and private key combination

  • To create keys for connecting from one O2 system to another, run the following ssh-keygen command from an O2 login server.

  • To create keys for connecting from your desktop to O2, run the following ssh-keygen command (or equivalent) on your desktop.

$ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/mfk8/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/mfk8/.ssh/id_rsa. Your public key has been saved in /home/mfk8/.ssh/ The key fingerprint is: a5:b5:38:73:b7:3c:a6:8a:1d:a8:bd:87:4e:be:33:21 mfk8@login01

For either desktop or intra-O2 usage, append the public key to the authorized_keys file in your O2 home directory:

$ cat ~/.ssh/ >> ~/.ssh/authorized_keys

Since the default new file permission will prevent these keys from being read by ssh, you will need to change it, and possibly also the parent .ssh directory.

$ chmod 0600 ~/.ssh/authorized_keys $ chmod 0700 ~/.ssh

Now, you should be able to ssh within O2 and the Transfer Cluster nodes without password. If after doing all the above steps, you're still asked for password when logging in then make sure your home directory has no group write permissions.

Note 1: Since your private key is not protected with a password, only use this key when working with O2 nodes. Do not use the public key for systems outside O2 without protecting it with a password. 

Note 2: This needs to be done only one time.

Note 3: If you have already done the above steps in Orchestra (our cluster that has been retired) you should not need to repeat this step in O2 since the /home filesystem is the same.