Activating your Seawulf Account
Contents
Generate an SSH key pair
To generate your SSH key pair for use on seawulf, execute the following command on your desktop or whatever machine you want to use to connect to seawulf:
ssh-keygen -q -b 2048 -t rsa -f ~/.ssh/seawulf
This will create a 2048-bit RSA key pair. You will be asked for a password (also called passphrase). This will create one public (named 'seawulf.pub') and one private (named 'seawulf'). The key will be created in your '.ssh' directory. See ssh-keygen for details.
Email public key to seawulf admins
Note that .ssh is a hidden folder and you might not see it in your file browser. To copy the public to your desktop for emailing, use the command:
cp ~/.ssh/seawulf.pub ~/Desktop
Email your PUBLIC key (seawulf.pub) and username to seawulf_admin@lists.sunysb.edu.
In the subject line of the email please put AMS-536 account. In the body of the email please select a username for your account; it can be the same username as the one you use in mathlab. Send the file seawulf.pub as an attachment in your email. The seawulf admins will read the email and install the key. Once the key has been installed, you will be able to log into seawulf.
Your private key, named 'seawulf', should NEVER be shared or transmitted over an insecure channel (e.g.: email.)
Logging in to Seawulf with your key
It will take some time for the seawulf admins to read your email and install the key. You will be able to log in only once your key has been installed. First make sure you are logged on to compute.mathlab.sunysb.edu
ssh compute.mathlab.sunysb.edu
If you have not logged into compute before, this is what you will see: Answer 'yes' to the question asked.
The authenticity of host 'comopute.mathlab.sunysb.edu (129.49.17.38)' can't be established. RSA key fingerprint is xx:xx:xx:56:9a:5e:ca:d2:28:5e:5e:71:12:bd:00:ba. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'compute.mathlab.sunysb.edu,129.49.17.38' (RSA) to the list of known hosts.
Log in to seawulf using the following command:
ssh -i ~/.ssh/seawulf username@seawulf.stonybrook.edu
After the '-i' option you should provide the path to your private key file. Use the password you chose for your RSA key pair. Change username with your seawulf username. You can omit the username, and just use seawulf.stonybrook.edu if you have the same username from on both mathlab and seawulf.
Protecting your private key
If your key is saved on a shared nfs that others can read, change the access permission to prevent others from reading your private key. Set the permissions on your private key file to 600. This means only you and no one else can read the private key file.
chmod 600 ~/.ssh/seawulf
Create an ssh config file
Create the file called "config" in your .ssh folder on compute.
Host seawulf.stonybrook.edu sw User username Hostname seawulf.stonybrook.edu ForwardX11 no ForwardAgent no Protocol 2 StrictHostKeyChecking no IdentityFile ~/.ssh/seawulf
Replace username with your own username. You have now made an alias 'sw' to seawulf.
You can also log in to seawulf with just
ssh sw
Note, the permissions for the "config" file need to be -rw-r--r-- otherwise none of the ssh programs will work. Use the following command.
chmod 644 ~/.ssh/config
Copying files to and from seawulf
You can now copy files from compute to seawulf as
scp file.mol2 sw:/path/in/seawulf
You can also copy files from Seawulf using
scp sw:/path/in/seawulf/file.txt /path/in/mathlab
If you just copy the file to sw: it will be saved in the home directory on seawulf.
Changing your passphrase
If you need to change the passphrase for your private key, use the following command:
ssh-keygen -p -f ~/.ssh/seawulf
Where '-i' is again followed by the path to your private key file. This will only change the passphrase on your private key. Now you can log in using this new password. This will not change your public key and you do not have to email it to the seawulf admins again.
Using ssh-agent (Optional)
If you are tired of tired in your passphrase every time you log in, ssh-agent can help. ssh-agent allows your credentials to be used anywhere on the network.
eval `ssh-agent -c` will start an ssh-agent properly on a C-style shell (csh,
tcsh)
eval `ssh-agent -b` will start an ssh-agent properly on a Bourne-style shell (sh, bash)
Once the agent is started, add your private key.
ssh-add ~/.ssh/seawulf
You will be prompted once for your passphrase. After this prompt you will not need to retype your passphrase for this key until the ssh-agent process dies. Now you can log in to seawulf through multiple machines without having your private key anywhere but on your workstation.
[forwarding your credentials from your workstation to somewhere]
ssh -A -i ~/.ssh/seawulf username@somewhere.sunysb.edu
[ssh'ing from somewhere to elsewhere, forwarding your credentials]
ssh -A username@elsewhere.sunysb.edu
[finally, ssh'ing from elsewhere to seawulf]
ssh username@seawulf.stonybrook.edu
If you don't want to ssh out from seawulf using the same credentials as you use to log in, you can omit '-A' as shown in the example.