| `cat ~/.ssh/id_ed25519.pub` | copy-paste and send to hpc-mgr@uni-koeln.de |
| `cat ~/.ssh/id_ed25519.pub` | print content of public key file; copy-paste and send to hpc-mgr@uni-koeln.de |
| Procedure for circumventing passphrase at ssh-login (optional): |
| Procedure for circumventing passphrase at SSH login (optional): |
| `eval "$(ssh-agent -s)"` | set environment variables of the SSH agent |
| `eval "$(ssh-agent -s)"` | set environment variables of the SSH agent |
| `ssh-add ~/.ssh/id_ed25519` | provide private key identity to agent |
| `ssh-add ~/.ssh/id_ed25519` | provide private key identity to agent |
| `ssh-add -l` | list managed identities (should show at least one entry) |
| `ssh-add -l` | list managed identities (should show at least one entry) |
...
@@ -131,15 +131,15 @@ First, check if your agent is at home by typing
...
@@ -131,15 +131,15 @@ First, check if your agent is at home by typing
```
```
ssh-add -l # with `-l` as in "list"
ssh-add -l # with `-l` as in "list"
```
```
This will list all identities currently represented by the agent. Think of "identity" as an SSH key that you want to add to the SSH authentication agent. If you see the message `"Could not open a connection to your authentication agent"`, you need to activate the agent first:
This will list all identities currently represented by the agent. Think of "identity" as an SSH key that you want to add to the SSH authentication agent. If you see the message `"Could not open a connection to your authentication agent."`, you need to activate the agent first:
```
```
eval "$(ssh-agent -s)"
eval "$(ssh-agent -s)"
```
```
When the agent is active, you may see a listing of identities, and you're good to go if your Ramses-key is part of it. However, if you see a message like `This agent has no identities.`, your key still needs to be added:
When the agent is active, you may see a listing of identities, and you're good to go if your Ramses-key is part of it. However, if you see a message like `"This agent has no identities."`, your key still needs to be added:
```
```
ssh-add ~/.ssh/id_ed25519 # supply your private-key, may also be ~/.ssh/id_rsa
ssh-add ~/.ssh/id_ed25519 # supply your private-key, may also be ~/.ssh/id_rsa
```
```
Alternatively, you can just run `ssh-add` which adds all keys located in default file names. In either case, `ssh-add` will ask for the passphrase (as set with `ssh-keygen`) once more. Afterwards,`ssh-add -l` will produce a listing similar to
Alternatively, you can just run `ssh-add` which adds all keys located in default file names. In either case, `ssh-add` will ask for the passphrase (as set with `ssh-keygen`) once more. Afterwards,`ssh-add -l` will produce a listing similar to
Even though the message `Autopushing...` appears twice, only one push is executed and only one verification is needed.
Even though the message `"Autopushing..."` appears twice, only one push is executed and only one verification is needed.
#### Login to `ramses4`
#### Login to `ramses4`
On **ramses4**, you can choose different Cisco Duo authenticators, if you have configured any:
On **ramses4**, you can choose different Cisco Duo authenticators, if you have configured any:
...
@@ -191,10 +191,10 @@ Enter a passcode or select one of the following options:
...
@@ -191,10 +191,10 @@ Enter a passcode or select one of the following options:
In this example, if you choose '1', an authentication request is pushed to your phone and you just have to confirm it with a tap on the screen. Alternatively, instead of choosing a number in the above example, you could also open the Duo Mobile app on your device and enter the 6-digit passcode shown in the app. This code changes every 30 seconds.
In this example, if you choose '1', an authentication request is pushed to your phone and you just have to confirm it with a tap on the screen. Alternatively, instead of choosing a number in the above example, you could also open the Duo Mobile app on your device and enter the 6-digit passcode shown in the app. This code changes every 30 seconds.
**IMPORTANT NOTE**: Be careful with scripted logins: Any login attempt with your SSH key that triggers Duo Autopush is counted by Duo. If you don't respond in your Duo-app, your account will be blocked after 10 attempts. Only an admin can then unlock it.
**IMPORTANT NOTE**: Be careful with scripted logins: Any login attempt with your SSH key that triggers Duo Autopush is counted by Duo. If you don't respond in your Duo-app, your account will be blocked after 10 attempts. Only an admin can then unlock it (see [FAQ section](../FAQ#access_ramses)).
#### Facilitating your login
#### Facilitating your login
To facilitate login, we suggest to set an alias upon your shell-initialization (`~/.bashrc`, `~/.zshrc` or similar):
To facilitate login, we suggest to set an alias upon initialization of your shell (`~/.bashrc`, `~/.zshrc` or similar):
Make adjustments according to your preferences. In case you just happened to wish for enabling shorter attention spans during your ramses sessions: The default of `ServerAliveInterval` (in seconds) may cause automatic logouts after a relatively short idle time. Overriding this behaviour, as done above, can also be done globally on your host through (sudo) editing the file `/etc/ssh/ssh_config`. Then, it would simply be a line entry like `ServerAliveInterval 1000`.
Make adjustments according to your preferences. In case you just happened to wish for enabling shorter attention spans during your ramses sessions: The default of `ServerAliveInterval` (in seconds) may cause automatic logouts after a relatively short idle time. Overriding this behaviour, as done above, can also be done globally on your host through (sudo) editing the file `/etc/ssh/ssh_config`. Then, it would simply be a line entry like `ServerAliveInterval 1000`.
