OpenSSH on MacOS or Linux
- Ambrish Raghoonundun, Mr
MacOS includes pre-installed OpenSSH client.
For Linux, please refer to the manual for your distribution. The most common ways are Debian/Ubuntu:
sudo apt-get install openssh-clientor on CentOS/Fedora
sudo yum install openssh-clientsGenerate a ssh key pair
You should generate either "RSA" or "Ed25519" key. "RSA" keys will give you the greatest portability, while "Ed25519" will give you the best security but requires recent versions of client & server.
Run the following commands in the terminal emulator (Terminal.app, gnome-terminal, konsole) to generate a ssh key pair:
Create .ssh directory:
test -d $HOME/.ssh || mkdir $HOME/.sshChange its permissions:
Generate a private key (replace "test-key" by choosen filename and "username@physics.mcgill.ca" by your email address):
For "RSA":For "Ed25519":
Enter the chosen passphrase when you will be prompted for it. Do not set a blank passphrase!
Now it is time to add the new ssh public key to your physics account (replace "test-key" by the name of your key).
If you are using a department computer: bring the file $HOME/.ssh/test-key.pub on a usb stick and run
If you are working remotely: send the file $HOME/.ssh/test-key.pub to science.it@.mcgill.ca.
Test the connection with your new key.
Create .ssh/socket directory:
mkdir $HOME/.ssh/socketChange its permissions:
chmod 0700 $HOME/.ssh/socketCreate the file $HOME/.ssh/config:
vi $HOME/.ssh/configornano $HOME/.ssh/configAdd the following content to this file (replace “*.physics.mcgill.ca” with “*.meteo.mcgill.ca“ or “*.cs.mcgill.ca“ depending on your department, "test-key" by the name of your key and "username" by your physics/aos/cs username):
For MacOS:
For Linux:
Save and close this file
Connect to one of our department jump hosts:
You will be prompted for the passphrase of your ssh private key
Using ssh-agent
SSH agent allows a user to enter their passphrase for unlocking various SSH keys once at the start of a session.
MacOS has ssh-agent already pre-configured and unlocked upon logon. You can test it by running
Since we added "UseKeychain yes" into ssh configuration file, no further configuration required. MacOS will handle key unlocking automatically.
Various Linux distributions have different approaches of how to run ssh-agent. It could be handled by GNOME Keyring or KDE Wallet or a bash script. Below we will describe the most generic way to start ssh-agent on logon.
Check if ssh-agent already running:
If you see "The agent has no identities." or even an unlocked key — no further configuration required.
If the message says "Could not open a connection to your authentication agent.", add to the end of file $HOME/.profile the following:
Run
source $HOME/.profileto apply changes.
Now it is time to add your ssh private key to ssh-agent. Depending of your settings, you should do it on each logon or only once.
Check ssh-agent for loaded keys:
Add your key to ssh-agent (replace "test-key" by the name of your key):
You will be prompted for the passphrase of your ssh private key
Check ssh-agent again:
Now you should be connected to choosen portal without any prompts.