Difference between revisions of "Generate Certificates"

From NMSL
(New page: __TOC__ == Generate SSH Certificate == The instructions below are for Linux and Mac OSX. If you are not on Linux or OSX, you should SSH into either ''nsl.cs.sfu.ca'' or one of the cluste...)
 
Line 3: Line 3:
 
== Generate SSH Certificate ==
 
== Generate SSH Certificate ==
  
The instructions below are for Linux and Mac OSX. If you are not on Linux or OSX, you should SSH into either ''nsl.cs.sfu.ca'' or one of the cluster machines in the lab.
+
The instructions below are for Linux and Mac OSX. If you are not on Linux or OSX, you should either check for appropriate instructions to perform this on you operating system, use a Linux emulation environment (e.g. Cygwin or MinGW), or SSH into either ''nsl.cs.sfu.ca'' or one of the cluster machines in the lab.
  
The first step is to generate an private and public keys. Follow the instructions on the screen. When prompted for passphrase - leave it blank! Make note of the location of the keys.
+
The first step is to generate both a private and public key. This is done using the '''ssh-keygen''' key generation command. Simply type the command followed by the type of key to generate as shown below and follow the instructions on the screen. For Planet-Lab, the RSA algorithm is used for the type of the key. Make note of the location of the keys.
  
 
<pre>
 
<pre>
Line 11: Line 11:
 
</pre>
 
</pre>
  
Once the keys are generated you will need to submit the public key (.pub) to your PlanetLab account (under My Account->Keys). The private key should be copied to the ~/.ssh/ folder if it's not already there.
+
During the key generation process, you will be prompted for a ''passphrase''. This is because the generated private key will be encrypted and this passphrase will be used to decrypt the key later on whenever it is used. Although it is not recommended, when prompted for passphrase, you can just leave it blank! If you do enter a passphrase, you may need to use '''ssh-agent''' as will be shown in the following section.
 +
 
 +
Once the keys are generated you will need to submit the public key (.pub) to your Planet-Lab account (under My Account->Keys). The private key should be copied to the ~/.ssh/ folder if it's not already there.
 +
 
 +
 
 +
== Using ssh-agent ==
 +
 
 +
Each time you will login using ''ssh'' or ''pssh'', you will be asked for your passphrase in order to decrypt the private key. If you want to enable a login session without entering the passphrase each time you should activate the ssh-agent:
 +
 
 +
<pre>
 +
eval `ssh-agent`
 +
ssh-add
 +
</pre>
 +
 
 +
For the rest of this session you will not be prompted for passphrase.
  
  

Revision as of 05:14, 31 December 2009

Generate SSH Certificate

The instructions below are for Linux and Mac OSX. If you are not on Linux or OSX, you should either check for appropriate instructions to perform this on you operating system, use a Linux emulation environment (e.g. Cygwin or MinGW), or SSH into either nsl.cs.sfu.ca or one of the cluster machines in the lab.

The first step is to generate both a private and public key. This is done using the ssh-keygen key generation command. Simply type the command followed by the type of key to generate as shown below and follow the instructions on the screen. For Planet-Lab, the RSA algorithm is used for the type of the key. Make note of the location of the keys.

ssh-keygen -t rsa

During the key generation process, you will be prompted for a passphrase. This is because the generated private key will be encrypted and this passphrase will be used to decrypt the key later on whenever it is used. Although it is not recommended, when prompted for passphrase, you can just leave it blank! If you do enter a passphrase, you may need to use ssh-agent as will be shown in the following section.

Once the keys are generated you will need to submit the public key (.pub) to your Planet-Lab account (under My Account->Keys). The private key should be copied to the ~/.ssh/ folder if it's not already there.


Using ssh-agent

Each time you will login using ssh or pssh, you will be asked for your passphrase in order to decrypt the private key. If you want to enable a login session without entering the passphrase each time you should activate the ssh-agent:

eval `ssh-agent`
ssh-add

For the rest of this session you will not be prompted for passphrase.


Configuring SSH

The next step is to relax SSH. Open/create the file ~/.ssh/config

Make sure you have these two lines in the config file.

StrictHostKeyChecking no
BatchMode yes