The basic idea behind password-less safe login is to create keys and store them in your computer (local machine) and in your account in the cluster (remote machine). These keys authenticate your machine to login to the cluster with no password. (Remember, if your cluster access only through VPN, you need to enable VPN first to make this work).
Here are the steps to set-up password-less SSH login to a cluster.
Step 1: Generate public and private keys in your personal MacOSX/Linux
Use ssh-keygen command to generate public and private DSA keys in your Mac/Linux machine from the terminal. Just type
ssh-keygen -t dsa
and you will be asked to name a file name to save the key. It will also show the default location and name it will save. In most cases you can save it at the default location (Users/uname/.ssh) with the default file name (id_dsa). Then it will ask you to enter a password. Identification key will be generated and saved as “id_dsa”. And save a public key as id_dsa.pub at “/Users/uname/.ssh”. Here is a sample generation of the public and private keys using ssh-keygen
mac:~ uname$ ssh-keygen -t dsa Generating public/private dsa key pair. Enter file in which to save the key (/Users/uname/.ssh/id_dsa): /Users/uname/.ssh/id_dsa already exists. Overwrite (y/n)? y Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /Users/uname/.ssh/id_dsa. Your public key has been saved in /Users/uname/.ssh/id_dsa.pub. The key fingerprint is: 13:93:73:1c:ag:27:95:6b:b0:b1:eh:97:h0:1g:93:8b uname@mac.edu The key's randomart image is: +[ DSA 1024]+ | ... | | ... | | . .Z . | | +a+. | | oo+S | | =.. | | .df . | | . == .. | | A o . .. | +----------+
Step 2: Copy Private Key to Your Cluster and Rename as “authorized_keys”
Next step is to copy the generated private key to your cluster, where you want to login without password. Copy the file “id_rsa.pub” to “$HOME/.ssh/” and save it as “authorized_keys” with user permission “600” on the remote server/cluster. Here is how to do it.
From your local home directory, copy the “id_dsa.pub” file using “scp”
scp .ssh/id_dsa.pub userid@cluster.univ.edu:~
Then login to the cluster and change directory to the “.ssh” directory. Append the key to the end of “authorized_keys” file if it exists already.
cat ../id_dsa.pub >> authorized_keys
or just rename the id_dsa.pub file as “authorized_keys”. Then give correct permissions to the file by typing
chmod 600 authorized_keys
at the terminal. Now you are all set to login to your cluster using SSH, but with no password. You only need to type the password when you reboot your machine (the passphrase that you set when setting up “ssh-keygen”).