SSH Config

Public and Private SSH keys

If you don't have these you're going to have a bad time

If you don't have SSH keys, run

1
ssh-keygen -t rsa

You must set a password on your SSH key. This should normally be the same password as your standard login password.

It is possible to avoid having to actually type the password, so this is not any kind of inconvenience.

Copying your public SSH Key to other servers

To stop having to type in an SSH password, you can authenticate using your SSH key instead.

To add your public key to a server:

If your server is named in ~/.ssh/config (such as cluster1)

1
ssh-copy-id servername-in-ssh-config

If it's another server:

1
ssh-copy-id user@server

This will copy your local SSH key at ~/.ssh/id_rsa.pub to the server's ~/.ssh/authorized_keys file. You can then log in without having to enter the remote server's password.

Remembing SSH Key Password

On Gnome, if you set your password. The first time you use the SSH key actually on a normal desktop session. You should then see a popup asking you for the password with a tickbox to always remember. TICK THE BOX

SSH Agent

If you are being asked for passwords for your SSH keys all the time then it might be that you need to get SSH Agent running

You can paste this directly into your terminal or also add to your bashrc file

1
2
3
4
if [ -z "$SSH_AUTH_SOCK" ] ; then
  eval `ssh-agent -s`
  ssh-add
fi

Share the SSH_AUTH_SOCK between users

1
sudo bash -c "echo 'Defaults env_keep+=SSH_AUTH_SOCK' >> /etc/sudoers"

SSH Config

Add the following to ~/.ssh/config

1
2
Host *
  ServerAliveInterval 240

Redacted

Make sure it's got 600 permissions with chmod 600 ~/.ssh/config

It is important that you also copy the SSH config to the root users's ssh config at this point as root is used for a number of commands later on. Be sure to also include your public and private keys when copying your SSH directory as they will allow you access to the clusters through key authentication.

Copying SSH Config to root

Also be sure to copy the new keys to the root user's home directory.

1
2
3
sudo bash
cp /home/<myusername>/.ssh /root/. -r
chown root:root /root/.ssh -R

SSH Folder Permissions

Run the following as your normal desktop user

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
#change owner accordingly
for owner in $(whoami) root
do
    sudo bash -c "
    sshFilesPath=/home/$owner/.ssh
    if [[ $owner == root ]]
    then
        sshFilesPath=/root/.ssh
    fi
    chown -R $owner:$owner \$sshFilesPath
    chmod -R u+rwX,go-rwx \$sshFilesPath
    "
done

Testing root password after changing the password

There are situations where you want to change root password, and after changing it, you want to know if new password works, but because your are already authenticated and existing as secure user in the known hosts file, even after password change, you are not prompted to reenter password. That's why you want to force the password prompt. To do that type the command below:

1
ssh -o PreferredAuthentications=keyboard-interactive,password -o PubkeyAuthentication=no {user}@{host}