====== SSH Access ======

You can make it easier accessing Linux systems when you use SSH keys, they are also MUCH more secure and the preferred access method.

<WRAP center round important 60%>
HRZ will block SSH access from outside university somewhen in 2024!
Then you need to start VPN first.
</WRAP>

You need to create first an SSH key and then add the **public** part in the ''.ssh/authorized_keys'' file in your home directory on the remote system.

Creating a new key is simple with [[https://man.openbsd.org/ssh-keygen|ssh-keygen]]:

  ssh-keygen -t ed25519

This will create a private and public (default would be id_ed25519 and id_ed25519.pub, respectively) keys in your  ~/.ssh folder.
The *.pub key is the one you need to distribute. 

There is a helper script on most Linux system to aid you with that:

  ssh-copy-id -i ~/.ssh/id_ed25519.pub  username@remote_system
    

Choose a difficult and long passphrase, you do not have to type it often as most Linux systems have an ssh-agent setup. You only need to "unlock" the key once (!) on 
your local PC. From then on you can have password free logins to all systems where you added your SSH public key.

Access to your PC depends on your group:

  * [[agdrossel:working_remotely_on_the_cluster| AG Drossel]]
  * AG Vogel
  * AG Liebchen

If you logout and login again, most desktop environments will ask you to provide the passphrase to unlock your key(s).
If not, you can unlock  the key in the terminal with the command ''ssh-add''.

You can also "forward" keys from one server to the next, i.e. if you use a jump host. Then use the ''-A'' parameter with the ''ssh'' command.

A nice tutorial from DigitalOcean can be found [[https://www.digitalocean.com/community/tutorials/ssh-essentials-working-with-ssh-servers-clients-and-keys|here]], another one is from [[https://documentation.suse.com/sles/15-SP2/html/SLES-all/cha-ssh.html|OpenSUSE]]. 

If you have lots of different systems you can make it easire by providing shortcuts in the ''.ssh/config'' file.

<code>
Host dix
	Hostname dix.fkp.physik.tu-darmstadt.de
	ForwardAgent yes
        User KnechtRootrecht
        IdentityFile ~/.ssh/my_seperate_key_only_for_dix
        IdentitiesOnly yes
Host dax
	Hostname dax.fkp.physik.tu-darmstadt.de
        User otheruser
</code>  


If they agent is not working (ssh-add does not work) you can try to start it manually with:

  eval ssh-agent $SHELL

Other solution would be [[https://stackoverflow.com/a/18915067/492432|here]]

Access depends on your group:
  * [[agdrossel:working_remotely_on_the_cluster|AG Drossel]]
  * [[agliebchen:cluster#how_can_i_connect_to_the_cluster|AG Liebchen]]
  * AG Vogel