Setting up Passwordless ssh

It’s often useful to set up passwordless ssh when working with several servers in the department. This guide will walk you through setting up the keys on your local machine as well as the department machines.

(1) Local Machine (your laptop) to USF CS

First, we need to be able to reach the CS network. If you can already run:

ssh username@stargate.cs.usfca.edu

…and log in without entering a password, then you can move on to (2) Between Servers Within USF CS.

If it prompts you for a password, continue to the next step.

Do you already have an ssh key?

Start by running ssh-keygen. If you see the following:

[matthew@silicon:~]$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/matthew/.ssh/id_rsa): (press enter)
/Users/matthew/.ssh/id_rsa already exists.
Overwrite (y/n)? n

Then you don’t need to create the key. Enter n to quit ssh-keygen. And skip down to (2) Between Servers Within USF CS.

Otherwise…

A note about passwords: you don’t have to create a password for the key you generate below, but that means if someone is able to access your private key they will be able to impersonate you. You will have the weigh the security/convenience trade-off here.

# If the key doesn't already exist, the output from ssh-keygen will look like
# the following. Just hit <enter> for each of the prompts to accept the defaults!
[matthew@silicon:~]$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/matthew/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /Users/matthew/id_rsa.
Your public key has been saved in /Users/matthew/id_rsa.pub.
The key fingerprint is:
...
(fingerprint and randomart image display here)
...

Copying the key to the CS network

# Now we need to copy our public key to the CS network.
[matthew@silicon:~]$ ssh-copy-id username@stargate.cs.usfca.edu
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/Users/matthew/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
mmalensek@stargate.cs.usfca.edus password:

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'mmalensek@stargate.cs.usfca.edu'"
and check to make sure that only the key(s) you wanted were added.

[matthew@silicon:~]$ ssh stargate.cs.usfca.edu
Last login: Wed Jan 23 22:00:31 2019 from 75.25.144.132
[stargate:~]$ # hooray! It didn't ask for a password.

(2) Between Servers Within USF CS

The next thing we need to be able to do is jump between servers inside the CS network. If you can ssh gojira from stargate without typing your password, you can skip this step.

# Once again, the defaults (just hitting enter) are fine.
[mmalensek@stargate]$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home4/mmalensek/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home4/mmalensek/.ssh/id_rsa
Your public key has been saved in /home4/mmalensek/.ssh/id_rsa.pub
The key fingerprint is:
...
(fingerprint and randomart image display)
...

[mmalensek@stargate]$ cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
[mmalensek@stargate]$ chmod 700 ~/.ssh
[mmalensek@stargate]$ chmod 600 ~/.ssh/authorized_keys

Since our lab machines have shared home directories, you can now log into any of the machines in the department without a password.

Transferring Files

You can also use the scp utility to copy files to the department machines. The basic usage looks like:

scp local-file.txt mmalensek@stargate.cs.usfca.edu:

Don’t forget the trailing : character. This tells scp to store the file in your home directory. You can also specify a remote file name, or store in a particular folder/directory:

scp local-file.txt mmalensek@stargate.cs.usfca.edu:other-name.txt
scp local-file.txt mmalensek@stargate.cs.usfca.edu:my_great_dir/subdirectory/