Versions Compared

Old Version 10

changes.mady.by.user Lisa Stafford

Saved on

compared with

New Version 11

changes.mady.by.user Lisa Stafford

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Overview

This article provides details and specifics for how to set up a Password-Free SSH key to connect to ARCC HPC Clusters from a Windows client.

...

Excerpt
nameTroubleshooting SSH key

Troubleshooting your SSH Key Configuration on Windows

In the event you are unable to ssh to the cluster or still being prompted for our username and password, the above instructions haven’t worked. This is likely due to permissions associated with your new key and possibly the permissions associated with the enveloping folder.

Additional steps may be necessary and may be performed . You can correct ssh key issue through command line via command prompt, or powershell and these . These options should be performed attempted first. In the event that the problem is not corrected through command prompt or Powershell, please use steps to correct using Windows GUI.

Option 1: Correcting Permissions using Command Prompt (cmd)

  1. Open an elevated command prompt

    1. Go to your start menu.

    2. In the search box type in: cmd

    3. Your first option under Best match should be a command prompt

    4. Right click this option and choose the option to “Run as administrator”

    5. Once opened enter the following command lines (one command per line in the order below). Each command should be followed by an enter/return to run them in order:

      Code Block
      Set Key “%UserProfile%\.ssh\id_ecdsa”
Icacls %Key% /c /t /Inheritence:d
Icacls %Key% /c /t /Grant %UserName%:F
Icacls %Key% /c /t /Remove:g "Authenticated Users" BUILTIN\Administrators BUILTIN Everyone System Users
Icacls %Key%
set "Key="

Option 2: Correcting key Permissions using Powershell

  1. Open an elevated command prompt

    1. Go to your start menu.

    2. In the search box type in: powershell

    3. You should be presented with an option for Windows Powershell or Windows Powershell (x86)

    4. Right click the option and choose the option to “Run as administrator”

    5. Once opened enter the following command lines (one command per line in the order below). Each command should be followed by an enter/return to run them in order:

      Code Block
      New-Variable -Name Key -Value "$env:UserProfile\.ssh\id_rsa"
Icacls $Key /c /t /Inheritance:d
Icacls $Key /c /t /Grant ${env:UserName}:F
TakeOwn /F $Key
Icacls $Key /c /t /Grant:r ${env:UserName}:F
Icacls $Key /c /t /Remove:g Administrator "Authenticated Users" BUILTIN\Administrators BUILTIN Everyone System Users
Icacls $Key
Remove-Variable -Name Key

Option 3: Correcting Permissions using Windows GUI (Only to be used if above solutions using command prompt and powershell fail):

Expand
titleCorrecting SSH Key Permissions Issues using Windows GUI

The following instructions provide correction using Windows GUI interface.

  1. Disable permission inheritance for the .ssh folder

    1. Go up to the folder containing your key and certificate files. (Usually this is C:\Users\<your_username_on_the_computer>\)

    2. Right click on the .ssh folder (or whichever folder contains your new key files).

    3. Choose Properties from the list of options in the menu (you may also select the .ssh folder so it is highlighted and hit Alt+Enter)

    4. This will bring up a Properties window for your folder.

    5. Click on the Security tab in the window then click the Advanced button.

    6. This will bring up a new window for the folders Advanced Security Settings. Ensure that the Permissions tab is selected, then click the button to disable inheritance.

  2. Convert your directory/folder permissions to explicit permissions.

    1. You will be prompted for how to handle the blocked inheritance. Choose the option to Convert inherited permissions into explicit permissions on the object.
      Warning: Choosing the other option (to remove all inherited permissions from this object) can make the entire folder inaccessible. Do not select that option. If accidently selected, click the Cancel button at the bottom.

    2. After converting the inherited permissions to explicit permissions set them to remove all users except for SYSTEM and yourself. Ensure that both you and SYSTEM have Full Control under access:

    3. After confirming permissions for the folder are set correctly, Click the Apply button. Permissions should now be correctly set.

  3. Update permissions for the key files:

    1. Within the folder in which your key files are stored, perform the same actions to update permissions on each of the following files:

    2. id_ecdsa, id_ecsda.pub id_ecdsa-cert should all have the following permission properties:
      SYSTEM and your_username on the computer should have full control while no one else has access to them.