Skip to content

User Support banner image

SDSC > User Support > Consulting > Consulting: Using SSH

Using Secure Shell (SSH) at SDSC

What is SSH?

SSH is a program to log in to another computer over a network, to execute commands on a remote machine, and to move files from one machine to another using UNIX shell commands. It provides strong authentication and secure communications. The SSH2 protocol is required for logging in to SDSC compute resources. There are many SSH clients; if you do not already have one, SDSC provides free downloads at:

SDSC FTP site: SSH Client Downloads

Direct Log in with Username and Password

From your SSH2 client, use the login name and password that you received in your user packet to connect to the login node of either BlueGene or the IA-64 Linux cluster. After your first login to an SDSC system, change your password using https://passive.sdsc.edu. If you forget your password, you can request a new one using the SDSC Password Form.

SSH2 required
SDSC resources require the SSH version 2 protocol. If you attempt to log in using SSH1, you will receive an error message; the error text will differ depending on the client that you are using. Please download one of the SSH2 clients or see your local administrator to upgrade to SSH version 2.

Example of a command line to log in at SDSC:

ssh <username>@trestles.sdsc.edu   (trestles)
ssh <username>@dash.sdsc.edu   (dash)

After the SSH2 client has connected to the remote host, enter your username and password in response to challenge from the host.

SSH with Key Pairs and Passphrase

You can use SSH for identity-based authentication. With this method, you create an SSH identity on your local computer (your workstation, laptop, or UNIX server) from which you will connect to the remote host (in this case BlueGene or the IA-64 cluster). This SSH identity is a private/public key pair that you generate on your local machine. You keep the private key on your local machine in a secure directory and place the public key on the remote machine.

After you have set up the SSH identity and the keys reside in the correct directories, the ssh program will use the key pairs to establish your identity and allow access when you connect from your client, without your having to provide your username and password.

(Authentication by key pairs is sometimes referred to as "passwordless login", although that is something of a misnomer, since you still have to use a passphrase. In addition, you will need to use your username and login on the remote host the first time so that you can set up to log in with key pairs.)

Generating a Key Pair

The key pair consists of two files that are generated by ssh. They are kept in the .ssh directories of the local and remote hosts under your home directories.

~/.ssh/id_rsa (private key—local)
~/.ssh/id_rsa.pub (public key—remote)
  1. On a UNIX machine, run ssh-keygen from the command line. If asked to supply -t <type>, use ssh-keygen -t rsa. Use the default file name (~/.ssh/id_rsa)
  2. Create and enter a passphrase when prompted; follow the guidelines for picking a strong password. Passphrases can be any length—the longer the better. Remember this passphrase.
  3. Add your keys to the ssh-agent's memory via the ssh-add command, followed by your passphrase, when prompted.
  4. Confirm that the permissions are set correctly: rwx by only the owner for the directory and rw by only the owner for the files.

    drwx------ 2 bill mygroup 1024 ... .ssh/

    -rw------- 1 bill mygroup 391 ... id_rsa
    -rw------- 1 bill mygroup 391 ... id_rsa.pub
    -rw------- 1 bill mygroup 906 ... known_hosts


  5. Copy your public key to the remote host.
    1. Use your username and password to log in to the remote host.
    2. In your home directory, create a .ssh directory.
    3. Copy your public key to the ~/.ssh directory
    4. Set permissions to the directory and file as follows:

    drwx------ 2 bill mygroup 1024 ... .ssh/

    -rw------- 1 bill mygroup 391  ... id_rsa.pub


(If you are using a Windows client to generate a key pair directly on your workstation or laptop, see the instructions for your particular client for generating a key pair.)

Keep the private key in your local .ssh file only; do not send it to anyone.

Remember your passphrase.

Logging in Using SSH using Key Pairs

The syntax used to initiate a connection to an SDSC resource using key pairs is exactly the same as for logging in using your username and password. However, you will be asked for your passphrase that you used to generate the key pair above, instead of your username and password.

Example of a command line to log in at SDSC:

ssh <username>trestles@sdsc.edu   (trestles)
ssh <username>@dash.sdsc.edu   (dash)

After the SSH2 client has connected to the remote host, it will locate the public key and respond to the challenge for a private key. Once your private key has been verified, SSH will prompt you for the passphrase that you used to create your key pair. After you have logged in using your key pair, you will not have to re-enter your password for any interactions on the server during the current session.

Send questions about using SSH at SDSC to SDSC Consulting.


Did You Get
What You
Wanted?
Yes No
Comments