SSH Key Authentication

Owned by Lisa Stafford
Last updated: Aug 02, 2024
4 min read

Overview

UW ARCC has changed the way you authenticate to HPC. HPC resources are now accessible using a public/private ssh key combination and certain HPC resources (including MedicineBow HPC) are only accessible through SSH with your SSH key and certificate. This makes it possible for you to authenticate on our HPCs without always needing to enter your password and approving two-factor authentication.

The diagram below shows a user with 3 SSH keys and 2 devices.

  • Each key is associated with a person’s identity and is a key to access a HPC cluster resource. It can be thought of like a key on a user’s keychain.

  • This key can be generated a number of ways, then configured on the server/HPC and any device owned by the user from which they will use SSH to access the resource.

    • ARCC Key Management Application pre-configures the key on the server/HPC resource, so that all a user needs to do is get the key from the key management app, and then configure it on their end client(s).

    • Any devices configured with a specific key will be able to access the resource as Taylor when logged into the device as Taylor.

    • Users should not configure these keys on shared devices where other device users could access them.

Generating and Managing SSH Keys with SSH Key Manager

To set up access:

  1. First, log into the OnDemand resource for the HPC you want to set up SSH keys for.

    1. For MedicineBow, log in at https://medicinebow.arcc.uwyo.edu/. Step-by-step directions for logging into MedicineBow OnDemand are available here.

    2. For WildIris, log in at https://https://wiodm01.arcc.uwyo.edu/. Step-by-step directions for logging into WildIris OnDemand are available here.

  2. Once you’re logged in, you should be presented with the HPC Dashboard. Click the following icon to set up SSH key authentication:

  3. Each key is associated with your identity, therefore you do not need to create a new key for every client you use to ssh into the HPC.

    If you haven’t set up an SSH key previously, you should see an empty screen/list with the option to generate a new a key. Click that button if you need to set up a key.

    Doing this will create a new set of files associated with your login to the HPC.

    If you’ve already created a key previously you don’t need another one. Skip this step and download a key you’ve already generated for your account as described in the next step.

  4. Click the download button associated with the key ID for your ssh key to download them to your client/computer.

Please be careful with these files. Do not change their permissions, put them in an insecure digital location, or share them with others. They are your “virtual keys” to log in as yourself on the HPC. If provided to or shared with others, they will be able to log into that ARCC HPC resource as you

Device Configuration

The following steps should be performed on the machine from which you typically SSH into HPC and you should configure the key on any computer you ssh to the HPC from. Further directions for configuration then depend on your preferred SSH client from that machine.
Directions for Windows, MacOS, an Linux are available below. Expand the section associated with the operating system on your local computer from which you plan to ssh into the cluster.

Windows Specific Instructions

In the event you’re unable to log in with your SSH key, go to the Windows SSH Key Configuration page and check out our Troubleshooting section.

Mac Specific Instructions

Linux Specific Instructions

 

Links to Directions for specified clients and OS configurations:


Prior directions for Cyberduck on MacOS - Replace references to WildIris with MedicineBow or Beartooth.
Prior directions for MobaXTerm on Windows
Windows Subsystem Linux (pending)