First Login and PGA Keys Setup


Security Update: Login using RSA encryption

In March of 2009, there was close to 100,000 breakin attempts per day of the Ares cluster. Because of this we have decided to go to a PGP passphrase login system. You need a pair of public-private keys. The private key stays in the computer from where you connect to Ares: your laptop, your desktop, etc. The public key is appended in Ares to:

~/.ssh/authorized_keys

The keys are signed by a passphrase, as opposed to a password, this can be a real phrase, like: "I love Obama, but he hates me." You can use ssh-agent to type the passphrase only once per session. Subsequent login will not ask for password/passphrase.

Direction:

on the LOCAL computer:
"ssh-keygen -t rsa" to create two files:
a secret key: ~/.ssh/id_rsa
and a public key: ~/.ssh/id_rsa.pub
(you will be asked to enter a passphrase, which can be exactly that: a phrase!)

on the REMOTE computer:
copy the one line in the public key to the end of ~/.ssh/authorized_keys

check permissions:

chmod 755 ~/.ssh
chmod 644 ~/.ssh/authorized_keys
Attempting to log in you will be asked to enter the passphrase.

Alternatively, start a secure shell as

ssh-agent $SHELL
ssh-add


and you will be never asked for the passphrase again (until the exit from that shell). For more information:


Copyright © 2009 Texas Southern University High Performance Computing Center