Knowledge Base

Passwordless Connections to Unix

The Secure Shell (SSH) protocol uses encryption to provide authentication and privacy when logging in to other computers over a network, such as Romulus, Remus, or the Computing Cluster. It can also be used to securely execute remote commands. By default logins use a password, but it's also possible to set up passwordless connections. The latter are very convenient, and are also required to initiate remote commands. However, for security reasons they should not be used from computers that are accessible to others.

It's a good idea to set up your keys once, and then copy them to the remote systems you wish to use. That way you can ensure you are using a single key pair everywhere, which will be less confusing (though not required). This information is stored in your home directory (folder), which is shared between Romulus and Remus, so you only need to set it up there once; you could then copy them to the computing cluster, whose nodes also share a home directory.

Setting Up an SSH Key Pair on Romulus, Remus, the Cluster, or Another Unix System (Including a Macintosh)

For these instructions you will need to access your Unix system from a shell, a text-only interface.

  • If you are on Windows, use putty to log in to the remote host;
  • If you are using a Macintosh, open the folder Applications, then the folder Utilities, and start up the application Terminal.

    If this is your personal Mac, you can set up your keys there. Otherwise, type the command

    ssh <remote host> Enter

    (Enter is the key on the keyboard, also called Return on Macs and other computers).

Command lines in Unix typically begin with account, computer, and directory information followed by a $, e.g.

[YourAccount@Host ~]$

or

Host:~ YourAccount$

The ~ represents your home directory (folder), with all of the rest of your files there or in subdirectories (subfolders). If there's no ~ in the above, or there's a / following ~, you're in another directory.

Important: be aware that spaces are used to separate the words in the commands you type below.

To set up the SSH keys:

  1. If you aren't in your home directory, return there by typing the command

    cd Enter;
      
  2. Make the OpenSSH directory by typing the command

    mkdir .ssh Enter
      
  3. Change into the OpenSSH directory by typing the command

    cd .ssh Enter
      
  4. Create your private and public keys in OpenSSH format by typing the command

    ssh-keygen Enter
      


    1. When it asks you to Enter file in which to save the key, choose the default id_rsa by pressing the key Enter;
    2. When it asks you to Enter passphrase, don't, just press the key Enter;
  5. To protect your private key from other Unix users, you should immediately change its permission mode by typing the command

    chmod go-rwx id_rsa Enter
      
  6. Copy your public key to the authentication file by typing the command

    cat id_rsa.pub >> authorized_keys Enter.

Both of the two files authorized_keys and id_rsa.pub now contain your personal public key. The first is used when you log in to this computer from elsewhere, so it can authenticate you without a password; it can have multiple keys in it (in case you've set up more than one). The second is used when you are logging in to another computer from this one. It should always contain just one public key corresponding to the single private key in id_rsa.

As discussed above, if you now log in to another computer with ssh (e.g. if you log in from Romulus to Remus), you will be queried the first time as to whether you trust this new computer. If you say yes, its public key will be stored in a fourth file in the .ssh directory named known_hosts. You can save yourself some trouble by copying the prepared file below to your .ssh directory, since it already has these keys set up for the Amherst College unix systems. Simply execute this command:

curl https://www.amherst.edu/media/view/206351/original/known_hosts.gz | gunzip >> known_hosts

Now that that your .ssh directory is set up on Unix, you can establish passwordless login capability on other Unix computers by copying this directory to them as a unit (note that this procedure will overwrite any preexisting SSH information):

  1. If you aren't in your home directory, return there by typing the command

    cd Enter
      
  2. Type the command

    scp -r .ssh <remote host>: Enter
      

    where <remote host> is the name of the destination. Note the colon (:) on the end of the name, indicating a host rather than a file!
  3. You will probably be asked again if you trust this computer, and for your password.