CS 374: SSH Key Authentication

The MPI library used in CS 374 HPC can be configured to use either rsh (remote shell) or ssh (secure shell) for to launch processes on remote hosts.

Dahl (the Beowulf cluster) is configured to use host-based rsh. This means that once you've logged into a master node (either on the console, or via ssh from a remote location), you can rsh to all of the slaves (and the other master node) without being prompted for a password. This, in turn, allows you to run MPI-based programs without having to type your password a zillion (or so) times per invocation.

However, the UNIX lab, where you write and debug your programs, is not configured to use host-based authentication for either rsh or ssh. So, in order to be able to test your MPI programs without being forced to authenticate for each remote call you make, you can set up ssh key-based authentication.

Note that these instructions apply to the version of SSH that is used in the lab.

1. If you have no .ssh directory in your home directory, ssh to some other machine in the lab; then Ctrl-d to close the connection, creating .ssh and some related files.
2. From your home directory, make .ssh secure by entering:

         chmod 700 .ssh
    

3. Next, make .ssh your working directory by entering:

         cd .ssh
      

4. To list/view the contents of the directory, enter:

         ls -a
      

5. To generate your public and private keys, enter:

         ssh-keygen -t rsa
      

   The first prompt is for the name of the file in which your private key will be stored; press Enter to accept the default name (id_rsa).

   The next two prompts are for the password you want, and since we are trying to avoid entering passwords, just press Enter at both prompts, returning you to the system prompt.

6. To compare the previous output of ls and see what new files have been created, enter:

         ls -a
      

   You should see id_rsa containing your private key, and id_rsa.pub containing your public key.
7. To make your public key the only thing needed for you to ssh to a different machine, enter:

        cat id_rsa.pub >> authorized_keys
      

8. To make it so that only you can read or write the file containing your private key, enter:

      chmod 600 id_rsa
      

9. To make it so that only you can read or write the file containing your authorized keys, enter:

      chmod 600 authorized_keys
      

Now you should be able to ssh to any UNIX lab machine without being prompted for a password. Note that the first time you ssh to a particular machine, you will be prompted to accept and cache its hostkey in your known_hosts file. You just have to do this once per machine (e.g. in the first lab); after that, ssh will get the information from known_hosts..

If you experience difficulty getting this procedure to work, please contact Professor Adams or Gary Draving.