Difference between revisions of "Activating your Seawulf Account"

From Rizzo_Lab
Jump to: navigation, search
(No difference)

Revision as of 12:15, 8 December 2009

Generate an SSH key pair

To generate your SSH key pair for use on seawulf, execute the following command on your desktop or whatever machine you want to use to connect to seawulf:

ssh-keygen -q -b 2048 -t rsa -f ~/.ssh/seawulf

This will create a 2048-bit RSA key pair. You will be asked for a password (also called passphrase). This will create one public (named 'seawulf.pub') and one private (named 'seawulf'). The key will be created in your '.ssh' directory. See ssh-keygen for details.

Email public key to seawulf admins

Note that .ssh is a hidden folder and you might not see it in your file browser. To copy the public to your desktop for emailing, use the command:

cp ~/.ssh/seawulf.pub ~/Desktop

Email your PUBLIC key and username to seawulf_admin@lists.sunysb.edu. Select a username for your account; it can be the same username as the one you use in mathlab. Preferably send the file seawulf.pub as an attachment in your email. The seawulf admins will read the email and install the key eventually. Once the key has been installed, you will be able to log into seawulf.

Your private key, named 'seawulf', should NEVER be shared or transmitted over an insecure channel (e.g.: email.)

Logging in to Seawulf with your key

It will take some time for the seawulf admins to read your email and install the key. You will be able to log in only once your key has been installed. First make sure you are logged on to Silver.mathlab.sunysb.edu

ssh Silver.mathlab.sunysb.edu

If you have not logged into silver before, this is what you will see: Answer 'yes' to the question asked.

The authenticity of host 'silver.mathlab.sunysb.edu (129.49.17.38)' can't be established.
RSA key fingerprint is xx:xx:xx:56:9a:5e:ca:d2:28:5e:5e:71:12:bd:00:ba.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'silver.mathlab.sunysb.edu,129.49.17.38' (RSA) to the list of known hosts.

Log in to seawulf using the following command:

ssh -i ~/.ssh/seawulf username@seawulf.stonybrook.edu

After the '-i' option you should provide the path to your private key file. Use the password you chose for your RSA key pair. Change username with your seawulf username. You can omit the username, and just use seawulf.stonybrook.edu if you have the same username from on both mathlab and seawulf.

You should also be able to log on to seawulf from compute.mathlab.sunysb.edu in addition to Silver.

Protecting your private key

If your key is saved on a shared nfs that others can read, change the access permission to prevent others from reading your private key. Set the permissions on your private key file to 600. This means only you and no one else can read the private key file.

chmod 600 ~/.ssh/seawulf


Create an ssh config file

Create the file called "config" in your .ssh folder on Silver.

Host seawulf.stonybrook.edu sw
  User username
  Hostname seawulf.stonybrook.edu
  ForwardX11 no
  ForwardAgent no
  Protocol 2
  StrictHostKeyChecking no
  IdentityFile ~/.ssh/seawulf

Replace username with your own username. You have now made an alias 'sw' to seawulf.

You can also log in to seawulf with just

ssh sw

Note, the permissions for the "config" file need to be -rw-r--r-- otherwise none of the ssh programs will work. Use the following command.

chmod 644 ~/.ssh/config

Copying files to and from seawulf

You can now copy files from Silver to seawulf as

scp file.mol2 sw:/path/in/seawulf

You can also copy files from Seawulf using

scp sw:/path/in/seawulf/file.txt /path/in/mathlab

If you just copy the file to sw: it will be saved in the home directory on seawulf.

Changing your passphrase

If you need to change the passphrase for your private key, use the following command:

ssh-keygen -p -f ~/.ssh/seawulf

Where '-i' is again followed by the path to your private key file. This will only change the passphrase on your private key. Now you can log in using this new password. This will not change your public key and you do not have to email it to the seawulf admins again.

Using ssh-agent (Optional)

If you are tired of tired in your passphrase every time you log in, ssh-agent can help. ssh-agent allows your credentials to be used anywhere on the network.


eval `ssh-agent -c` will start an ssh-agent properly on a C-style shell (csh, tcsh)

eval `ssh-agent -b` will start an ssh-agent properly on a Bourne-style shell (sh, bash)


Once the agent is started, add your private key.

ssh-add ~/.ssh/seawulf

You will be prompted once for your passphrase. After this prompt you will not need to retype your passphrase for this key until the ssh-agent process dies. Now you can log in to seawulf through multiple machines without having your private key anywhere but on your workstation.

[forwarding your credentials from your workstation to somewhere]

ssh -A -i ~/.ssh/seawulf username@somewhere.sunysb.edu

[ssh'ing from somewhere to elsewhere, forwarding your credentials]

ssh -A username@elsewhere.sunysb.edu

[finally, ssh'ing from elsewhere to seawulf]

ssh username@seawulf.stonybrook.edu

If you don't want to ssh out from seawulf using the same credentials as you use to log in, you can omit '-A' as shown in the example.