Generate SSH key pair and add the public key to your account

Overview

CMS Connect will require SSH-key-based logins due to the changes in the backend authorization service. If you have not added an SSH key before, upload your public SSH key to your CMS Connect user profile (choose "Update Profile" after signing into the http://connect.uscms.org/ website) or to the submit host (login-el7.uscms.org).

You need to follow a two-step process to set up the SSH key to your account.

  1. Generate SSH key pair.

  2. Add your public key to the submit host.

After completing the process, you can log in from local machine (your laptop or desktop) to the CMS Connect submit host using ssh:

 ssh <your_cms_connect_username>@login-el7.uscms.org

or using your Windows SSH client

Step 1: Generating SSH Keys

We will discuss how to generate a SSH key pair on both Unix-based and Windows.

Please note: The key pair consist of a private key and a public key. Keep the private key on machines that you have direct access to, i.e. your local machine (your laptop or desktop).

Unix-based operating system (Linux/Mac)

On your local machine:

Generate ssh-keys
 mkdir ~/.ssh
 chmod 700 ~/.ssh
 ssh-keygen -t rsa


The last command will produce a prompt similar to

 Generating public/private rsa key pair.
 Enter file in which to save the key (/home/<local_user_name>/.ssh/id_rsa):

Unless you want to change the location of the key, continue by pressing enter. Now you will be asked for a passphrase. Enter a passphrase that you will be able to remember and which is secure:

 Enter passphrase (empty for no passphrase):
 Enter same passphrase again:

When everything has successfully completed, the output should resemble the following:

 Your identification has been saved in /home/<local_user_name>/.ssh/id_rsa.
 Your public key has been saved in /home/<local_user_name>/.ssh/id_rsa.pub.
 The key fingerprint is:
 ae:89:72:0b:85:da:5a:f4:7c:1f:c2:43:fd:c6:44:38 myname@mymac.local
 The key's randomart image is:
 +--[ RSA 2048]----+
 |                 |
 |         .       |
 |        E .      |
 |   .   . o       |
 |  o . . S .      |
 | + + o . +       |
 |. + o = o +      |
 | o...o * o       |
 |.  oo.o .        |
 +-----------------+

Windows

Putty

  1. Open the PuTTYgen program.

  2. For Type of key to generate, select SSH-2 RSA.

  3. Click the Generate button.

  4. Move your mouse in the area below the progress bar. When the progress bar is full, PuTTYgen generates your key pair.

  5. Type a passphrase in the Key passphrase field. Type the same passphrase in the Confirm passphrase field. You can use a key without a passphrase, but this is not recommended.

  6. Click the Save private key button to save the private key. Warning! You must save the private key. You will need it to connect to your machine.

  7. Right-click in the text field labeled Public key for pasting into OpenSSH authorized_keys file and choose Select All.

  8. Right-click again in the same text field and choose Copy.

alt text

Git Bash

Follow the instructions here to generate keys:

https://help.github.com/articles/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent/#platform-windows

Step 2: Add the public SSH key to login node

CMS Website

To add your public key to the Globus Online interface:

  1. Go to http://connect.uscms.org

  2. Go to "Profile"

  3. Click on "Edit Profile" and add your key in the following box:

The key is now added to your profile in Globus Online. This will automatically be added to the login nodes within a couple hours.



Troubleshooting

Permission denied (publickey)

If SSH returns the error

 Permission denied (publickey).

This most likely means that the remote permissions are too unconstrained. Please execute:

chmod go-w ~/
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys


on login.uscms.org

Getting Help

For assistance or questions, please email the CMS User Support team a cms-connect-support@cern.ch