Setting Up Passwordless Login

Passwordless login allows users to run scripts remotely without the need to pass their passwords into the script but rather enter it once before running multiple scripts.

Mac and Linux

To setup passwordless login you will need two files:

  • ~/.ssh/id_rsa
  • ~/.ssh/id_rsa.pub  

If you don't already have the above files, you will have to generate them with the following command:

ssh-keygen -t rsa

This will ask you for a location to save the keys (leave this option blank unless you plan to save them somewhere other than the default), and a passphrase for the keys. This passphrase is for the key itself, not for your login to the remote host. Type in a passphrase of your choice and hit ENTER.

If you do not enter a passphrase, your keys will not require a passcode to be used. While this is simpler, it leaves your keys unsecured. If you choose this route, be sure to keep your keys in a safe place.

 

Run the following command to copy your id keys to the authorized_keys list on the remote host:

ssh-copy-id -i ~/.ssh/id_rsa.pub HAWKID@argon.hpc.uiowa.edu

this will ask you for your HawkID password one last time. After you've logged in, your ID key should be appended to the file ~/.ssh/authorized_keys.

If you get this message

-bash: ssh-copy-id: command not found

you will have to append your keys manually.

 

cat ~/.ssh/id_rsa.pub|ssh HAWKID@argon.hpc.uiowa.edu 'cat ->>~/.ssh/authorized_keys'

You will be asked for your HawkID password. After you’ve entered it, your public key will be added to the authorized key list.

If you chose the no passphrase option when creating the key, you are done. You can now log into the cluster without a password on that machine. If you encrypted the key with a passphrase, which is recommended, then you will need to authenticate the key with an ssh agent, which will then authenticate future connections using that key.

Keychain

When you log into the cluster with an encrypted key, you may be asked to save this passphrase to your keychain. Keychains are used on Macs and Linux, depending on the Linux distribution. If you check this box, your passphrase will be saved on this machine and you will not have to use the ssh-agent method explained below. You may have to enter your local password to unlock keychain access.

If you are not using a keychain you can start an ssh agent from a terminal session.

eval `ssh-agent`

 then add your key file to the agent:

 

ssh-add <path/to/key>
where the path is usually in $HOME/.ssh

this will ask you for the passphrase you created above. After you have entered the passphrase, you will be able to login to the cluster without a password until the agent session is closed.

 

MAC Users

You may also add a key, and unlock it in the keyring using the command “ssh-add -K”.


Windows

 

The walkthrough here is for PuTTY users. You can download PuTTY from (here)

PuTTY main site: http://www.chiark.greenend.org.uk/~sgtatham/putty/

Start PuTTYGEN.exe and click “generate” to create your key pairs. Set a passphrase (unless you wish to have no passphrase, which is less secure). Your file will not be given an extension by default, so be sure to give the private key the “.ppk” extension. Now SSH into the cluster using PuTTY, and change into the .ssh directory.

Edit the authorized_keys file by typing

vim authorized_keys

switch into insert mode by pressing the letter "i". Now, on your windows machine, copy the entire line labeled “public key for pasting into authorized_keys” and paste that line into the authorized_keys file in your ~/.ssh directory on the cluster. Exit the editor by hitting ESC and typing ':wq', then hit ENTER.

On your Windows machine, save your .ppk file to a directory of your choice and give it a name. Start up Pageant.exe which will be located in your PuTTY install directory. After you have started Pageant, right-click on the icon in the system tray and select “Add key”. Browse to your private key that you just saved, and select it. If you gave your key a passphrase, Pageant will prompt you for it now. After you have added your key, Pageant will handle authentication for you until you close it down. To test if the authentication works, use PuTTY to login to the cluster.