Passwordless SSH

RSA keys allow users to SSH into a system without having to enter a password. Instead, a locally stored key file is authenticated using the RSA cryptosystem (read more here). This practically allows users to write automated scripts utilizing SSH login without having to compromise password security.

 

Audience: Faculty, Postdocs, Researchers, Staff and Students

This KB Article References: High Performance Computing
This Information is Intended for: Faculty, Postdocs, Researchers, Staff, Students
Last Updated: March 27, 2023
Average Rating: Not Rated
Your feedback is important to us, help us by logging in to rate this article and provide feedback.

For MacOS and Linux

If you want to set up passwordless SSH from a Mac/Linux machine into either Seawulf, you must first generate a public/private key pair from the terminal. This would be:

ssh-keygen -t rsa -b 4096 -C "<your_netid>@login.seawulf.stonybrook.edu"

The keygen program will prompt you to name the file. Give it whatever name you'd like:

Enter file in which to save the key (/home/<your_netid>/.ssh/id_rsa): <filename>

The absolute path in the parentheses is the default location where the file will be saved if no filename is provided. If you provide a plain filename without an absolute path, it will save the key pair in the directory where you are running the keygen program, or whatever relative path you provide. We recommend putting your key in the .ssh folder in your home directory.

You will be prompted to create a passphrase for the key:

Enter passphrase (empty for no passphrase): <passphrase>
Enter same passphrase again: <same passphrase>

You will only need to enter this passphrase once, but it is still advisable to remember it or write it down somewhere.

Finally, add your key to your machine's list of keys:

ssh-add <private key>

You will then enter the passphrase that you created earlier. Your private key is the file without the .pub extension added to the end.

Your public key is the one with the .pub extension at the end. The next step is to upload this key to the login node:

ssh-copy-id -i <mykey> <your_netid>@login.seawulf.stonybrook.edu

This will place the public key in the authorized_keys file in your .ssh directory. If the ssh-copy-id command is not available on your system, you can use the following command to upload your public key to SeaWulf:

cat ~/.ssh/id_rsa.pub | ssh <netid>@login.seawulf.stonybrook.edu 'cat >> .ssh/authorized_keys && echo "Key copied"'

You should now be able to ssh into Seawulf without entering a password.


For Windows Users

(Using MobaXTerm):

  • Download MobaXterm Home Edition.
  • Open up a local terminal by clicking "Start local terminal".
  • Then Run the command below:
ssh-keygen -t rsa
  • A prompt will come up, proceed to hit enter (unless you want to add a passphrase to your private key on the second prompt).
  • The output should look like:
Generating public/private rsa key pair.
Enter file in which to save the key (/home/mobaxterm/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/mobaxterm/.ssh/id_rsa.
Your public key has been saved in /home/mobaxterm/.ssh/id_rsa.pub.
The key fingerprint is:
<YOUR FINGERPRINT> hpc@login.seawulf.stonybrook.edu
The key's randomart image is:
<YOUR RANDOM ART IMAGE>
  • To export this key to the SeaWulf server, use this command below:
cat ~/.ssh/id_rsa.pub | ssh <netid>@login.seawulf.stonybrook.edu "cat - >> ~/.ssh/authorized_keys"
  • Logout and close all active shells.
  • Open a new MobaXterm Window and click on Session on the top left corner of the screen.
    • Select "SSH".
    • Input the remote host (login.seawulf.stonybrook.edu), check the "Specify username" checkbox and input username (NetID) in the input field.
  • Click on "Advanced SSH Settings" and check the "Use private key" checkbox and the path should default to your saved key directory.
  • Select "OK" and your session should have automatically authenticated using RSA keys leaving you in your SeaWulf home directory.

Note: If you click to connect to a recent session of Seawulf on MobaXterm, and that session wasn't configured to use your private key, it will ask for your password. Make sure you click on the most recent session for passwordless ssh or Start a new session, checking the "using your private key" box in order for passwordless SSH to work properly. 

(Using PUTTYgen and PUTTY):

  1. Download PUTTYgen.
  2. Open the PUTTYgen application.
    • Select SSH-2 RSA and 2048 bits and click the "Generate" button.
    • Move your mouse randomly in the blank area until the key generator has finished.
    • If you would like to use an additional passphrase enter and confirm this on the following window.
    • Save the public key and private key to a known location on your local machine.
    • Copy the text from the public key to your clipboard.
  3. SSH into your account using PUTTY as normal (see logging in).
  4. From your home directory change to the .ssh directory and use your favorite editor to open the authorized_keys file and paste the key you copied into a new line.
  5. Logout and close all active shells.
  6. Open a new PUTTY session.
    • Enter the information required to login as normal.
    • In Connection/SSH/Auth click the "Browse" button and select the path to the private key that you saved earlier.
    • Save this configuration in the Session tab and click the "Open" button.
  7. Your session should have automatically authenticated using RSA keys leaving you in your SeaWulf home directory.

SUBMIT A TICKET

 

Additional Information


There are no additional resources available for this article.

Provide Feedback


Your feedback is important to us, help us by logging in to rate this article and provide feedback.

Sign in with NetID

Getting Help


The Division of Information Technology provides support on all of our services. If you require assistance please submit a support ticket through the IT Service Management system.

Submit A Quick Ticket