Differences

This shows you the differences between two versions of the page.

--- general:ssh [2023-05-24 11:56] – created Markus Rosenstihl
+++ general:ssh [2023-12-08 11:38] (current) – Markus Rosenstihl
@@ Line 1: / Line 1: @@
 ====== SSH Access ======
-You can make it easier accessing Linux systems when you use SSH keys, they are alos more secure and the recommended access method.
+You can make it easier accessing Linux systems when you use SSH keys, they are also MUCH more secure and the preferred access method.
+<WRAP center round important 60%>
+HRZ will block SSH access from outside university somewhen in 2024!
+Then you need to start VPN first.
+</WRAP>
 You need to create first an SSH key and then add the **public** part in the ''.ssh/authorized_keys'' file in your home directory on the remote system.
@@ Line 7: / Line 12: @@
 Creating a new key is simple with [[https://man.openbsd.org/ssh-keygen|ssh-keygen]]:
-    ssh-keygen -t ed25519
+  ssh-keygen -t ed25519
 This will create a private and public (default would be id_ed25519 and id_ed25519.pub, respectively) keys in your  ~/.ssh folder.
@@ Line 14: / Line 19: @@
 There is a helper script on most Linux system to aid you with that:
-    ssh-copy-id -i ~/.ssh/id_ed25519.pub  username@remote_system
+  ssh-copy-id -i ~/.ssh/id_ed25519.pub  username@remote_system
-Choose a difficult and long passphrase, you do not have to type it often as most Linux have an ssh-agent setup. You only need to "unlock" the key once (!) on your local PC. From then on you can have password free logins to all systems where you added your SSH public key
+Choose a difficult and long passphrase, you do not have to type it often as most Linux systems have an ssh-agent setup. You only need to "unlock" the key once (!) on
+your local PC. From then on you can have password free logins to all systems where you added your SSH public key.
+Access to your PC depends on your group:
+  * [[agdrossel:working_remotely_on_the_cluster| AG Drossel]]
+  * AG Vogel
+  * AG Liebchen
+If you logout and login again, most desktop environments will ask you to provide the passphrase to unlock your key(s).
+If not, you can unlock  the key in the terminal with the command ''ssh-add''.
 You can also "forward" keys from one server to the next, i.e. if you use a jump host. Then use the ''-A'' parameter with the ''ssh'' command.
@@ Line 24: / Line 38: @@
 A nice tutorial from DigitalOcean can be found [[https://www.digitalocean.com/community/tutorials/ssh-essentials-working-with-ssh-servers-clients-and-keys|here]], another one is from [[https://documentation.suse.com/sles/15-SP2/html/SLES-all/cha-ssh.html|OpenSUSE]].
+If you have lots of different systems you can make it easire by providing shortcuts in the ''.ssh/config'' file.
+<code>
+Host dix
+	Hostname dix.fkp.physik.tu-darmstadt.de
+	ForwardAgent yes
+        User KnechtRootrecht
+        IdentityFile ~/.ssh/my_seperate_key_only_for_dix
+        IdentitiesOnly yes
+Host dax
+	Hostname dax.fkp.physik.tu-darmstadt.de
+        User otheruser
+</code>
+If they agent is not working (ssh-add does not work) you can try to start it manually with:
+  eval ssh-agent $SHELL
+Other solution would be [[https://stackoverflow.com/a/18915067/492432|here]]
+Access depends on your group:
+  * [[agdrossel:working_remotely_on_the_cluster|AG Drossel]]
+  * [[agliebchen:cluster#how_can_i_connect_to_the_cluster|AG Liebchen]]
+  * AG Vogel