Windows: SSH Key Setup
Overview
This article provides details and specifics for how to set up SSH key to authenticate and connect to ARCC HPC Clusters from a Windows client.
Each key is associated with your identity on that HPC cluster and should be thought of like a key on your keychain.
Creating and Managing SSH Keys with SSH Key Manager
Configure keys on your Windows PC
Assuming the files you downloaded from OnDemand were placed in your Downloads folder (
C:/Users/<your_username_on_the_PC>/Downloads
in this example), go into your downloads folder and look for a file named with your uwyo username, and unzip that by right clicking and choosing “Extract All”This should create a new folder with your username.
Check for a .ssh folder associated with your computer account. This should be located at
C:/Users/<your_username_on_the_PC>/.ssh
. (If your data is set to store on another drive, you may have a different drive letter in your path).If you do not have an .ssh folder under your Windows username, go to your start menu and search for command prompt. It should come up as a best match:
Once open, type in the following command into your command prompt:
ssh-keygen
then hit Enter/Return. This will generate a public/private rsa key pair (which we will be replacing) and create your .ssh folder with appropriate permissions structure.Copy the files from the extracted folder into your .ssh folder. You will be asked if it’s ok to replace the current files in the folder. Say ‘yes’ to confirm overwriting these files.
Test your access with the new key files by opening a new command prompt window and ssh’ing to the HPC with the following command replacing <username> with your UWYO or ARCC HPC username and <clustername> with the HPC name:
ssh <username>@<clustername>.arcc.uwyo.edu
.
(As an example:ssh cowboyjoe@beartooth.arcc.uwyo.edu
)If the key is configured correctly, you will be logged into the cluster without having to enter your password or authenticate over 2 factor.
Troubleshooting your SSH Key Configuration on Windows
In the event you are unable to ssh to the cluster or still being prompted for our username and password, the above instructions haven’t worked. This is likely due to permissions associated with your new key and possibly the permissions associated with the enveloping folder.
Additional steps may be necessary. You can correct ssh key issue through command line via command prompt, or powershell. These options should be attempted first. In the event that the problem is not corrected through command prompt or Powershell, please use steps to correct using Windows GUI.
Option 1: Correcting Permissions using Command Prompt (cmd)
Open an elevated command prompt
Go to your start menu.
In the search box type in:
cmd
Your first option under Best match should be a command prompt
Right click this option and choose the option to “Run as administrator”
Once opened enter the following command lines (one command per line in the order below). Each command should be followed by an enter/return to run them in order:
Set Key “%UserProfile%\.ssh\id_ecdsa” Icacls %Key% /c /t /Inheritence:d Icacls %Key% /c /t /Grant %UserName%:F Icacls %Key% /c /t /Remove:g "Authenticated Users" BUILTIN\Administrators BUILTIN Everyone System Users Icacls %Key% set "Key="
Option 2: Correcting key Permissions using Powershell
Open an elevated command prompt
Go to your start menu.
In the search box type in:
powershell
You should be presented with an option for Windows Powershell or Windows Powershell (x86)
Right click the option and choose the option to “Run as administrator”
Once opened enter the following command lines (one command per line in the order below). Each command should be followed by an enter/return to run them in order:
New-Variable -Name Key -Value "$env:UserProfile\.ssh\id_rsa" Icacls $Key /c /t /Inheritance:d Icacls $Key /c /t /Grant ${env:UserName}:F TakeOwn /F $Key Icacls $Key /c /t /Grant:r ${env:UserName}:F Icacls $Key /c /t /Remove:g Administrator "Authenticated Users" BUILTIN\Administrators BUILTIN Everyone System Users Icacls $Key Remove-Variable -Name Key
Option 3: Correcting Permissions using Windows GUI (Only to be used if above solutions using command prompt and powershell fail):
Specific SSH Application in Windows
If you’d like to configure a specific SSH connection application in Windows, specific directions may be found below:
Configuring SSH Key Authentication in MobaXTerm for Windows