Setting Up Password-Free SSH Authentication

Owned by Lisa Stafford
Last updated: Jun 20, 2024
5 min read

Overview

UW ARCC has changed the way you authenticate to HPC. HPC resources are now accessible using a public/private ssh key combination and certain HPC resources (including MedicineBow HPC) are only accessible through SSH with your SSH key and certificate. This makes it possible for you to authenticate on our HPCs without always needing to enter your password and approving two-factor authentication.

General instructions for all OS’s and Clients

To set up access:

  1. First, log into the OnDemand resource for the HPC you want to set up SSH keys for.

    1. For MedicineBow, log in at https://medicinebow.arcc.uwyo.edu/. Step-by-step directions for logging into MedicineBow OnDemand are available here.

    2. For WildIris, log in at https://https://wiodm01.arcc.uwyo.edu/. Step-by-step directions for logging into WildIris OnDemand are available here.

    3. For Loren Password-Free SSH Authentication instructions are different from our other HPC resources, and may be found here.

  2. Once you’re logged in, you should be presented with the HPC Dashboard. Click the following icon to set up SSH key authentication:

  3. Each key is associated with your identity, therefore you do not need to create a new key for every client you use to ssh into the HPC.

    If you haven’t set up an SSH key previously, you should see an empty screen/list with the option to generate a new a key. Click that button if you need to set up a key.

    gennewkey.png

    Doing this will create a new set of files associated with your login to the HPC.

    If you’ve already created a key previously you don’t need another one. Skip this step and download a key you’ve already generated for your account as described in the next step.

  4. Click the download button associated with the key ID for your ssh key to download them to your client/computer.

Please be careful with these files. Do not change their permissions, put them in an insecure digital location, or share them with others. They are your “virtual keys” to log in as yourself on the HPC. If provided to or shared with others, they will be able to log into that ARCC HPC resource as you

 

The following steps should be performed on the machine from which you typically SSH into HPC and you should configure the key on any computer you ssh to the HPC from. Further directions for configuration then depend on your preferred SSH client from that machine.
Directions for Windows, MacOS, an Linux are available below. Expand the section associated with the operating system on your local computer from which you plan to ssh into the cluster.

Windows Specific Instructions

In the event you’re unable to log in with your SSH key, go to the Windows SSH Key Configuration page and check out our Troubleshooting section.

Mac Specific Instructions

  1. Unzip the files associated with your login.

  2. Open your terminal ( or hit keys)

  3. Confirm you’re in your home directory by changing directories to your home with the following command: cd ~

  4. List the contents (including hidden items) of your home directory with the following command: ls -lah

  5. If you have a .ssh directory, it will be in this list. If you don’t have one, you will need to create one.

  6. To create a .ssh directory using the terminal run following command: ssh-keygen -t rsa. This will begin the key generation process.

  7. The utility will ask you where to store the key. To use the default location, leave this blank and hit Enter. A key pair will now be generated and output will look similar to the following screenshot:

  1. You will then be asked to create a passphrase. If you would like to create one, put that in now, and make note of it, since it will be required later. Otherwise, hit Enter to accept the default with no passphrase.

  2. Assuming the files you downloaded from <onDemand> were downloaded and extracted to your Downloads folder, copy your extracted files to your ssh folder with: cp ~/Downloads<username>/* ~/.ssh

  3. If your key has been configured properly, when you open a terminal and log into the cluster, you will be logged in automatically, and will not be prompted for a password (first factor), nor second factor authentication for login.

Linux Specific Instructions

a. Check to see if you have a .ssh directory already created on your system. If it shows up in the list, skip step b.

cd ~ ls -lah

b. If your .ssh directory does not exist in the list use ssh-keygen to create the folder and set permissions appropriately:

ssh-keygen -t rsa

Use the default location to store the key by hitting Enter. A key pair will be generated.

c. You will then be asked to create a passphrase. If you would like to create one, put that in now, and make note of it, since it will be required later. Otherwise, hit Enter to accept the default with no passphrase.

d. Unzip the files associated with your login to your .ssh folder:

unzip <username>.zip -d ~/.ssh/

e. Test configuration. Open up a new terminal/command line window and log into <cluster>. If configured properly, you will be logged in automatically, and will not be prompted for a password (first factor), nor second factor authentication for login.

 


Prior directions for Cyberduck on MacOS - Replace references to WildIris with MedicineBow or Beartooth.
Prior directions for MobaXTerm on Windows
Windows Subsystem Linux (pending)