Security Update: Login using RSA encryption
In March of 2009, there was close to 100,000 breakin attempts per day of the Ares cluster. Because of this we have decided to go to a PGP passphrase login system. You need a pair of public-private keys. The private key stays in the computer from where you connect to Ares: your laptop, your desktop, etc. The public key is appended in Ares to:
The keys are signed by a passphrase, as opposed to a password, this can be a real phrase, like: "I love Obama, but he hates me." You can use ssh-agent to type the passphrase only once per session. Subsequent login will not ask for password/passphrase.
on the LOCAL computer:
"ssh-keygen -t rsa" to create two files:
a secret key: ~/.ssh/id_rsa
and a public key: ~/.ssh/id_rsa.pub
(you will be asked to enter a passphrase, which can be exactly that: a phrase!)
on the REMOTE computer:
copy the one line in the public key to the end of ~/.ssh/authorized_keys
chmod 755 ~/.ssh
chmod 644 ~/.ssh/authorized_keys
Attempting to log in you will be asked to enter the passphrase.
Alternatively, start a secure shell as
and you will be never asked for the passphrase again (until the exit from that shell). For more information: