Help:SSH

From Wikitech
Jump to navigation Jump to search


You can manage your access to Cloud VPS instances, including adding your existing public SSH keys, via your preferences on this wiki.

Once you have uploaded your public SSH key, it will be available in all the projects that you have access to from the LDAP directory. Then you will be able to access the instances in those projects.

Creating a new public and private SSH key

Warning Caution: The public key is always the file with ".pub" on the end. Always keep the private key secret and never share it with anyone else!

Generating a key in Windows

There are a few ways that you can generate an SSH keypair on Windows.

Git Bash

  1. Download and install Git Bash
  2. Open Git Bash
  3. Enter the following into the terminal, substituting your email address:
    ssh-keygen -t rsa -b 4096 -C "your_email@example.com"

    This creates a new SSH key, using the provided email as a label.

    Generating public/private rsa key pair.
  4. When you're prompted to "Enter a file in which to save the key," press Enter. This accepts the default file location.
    Enter a file in which to save the key (/c/Users/you/.ssh/id_rsa):[Press enter]
  5. You will then be prompted to enter a passphrase, and once you've done so your new SSH key will be in /c/Users/you/.ssh/id_rsa.pub
  6. Enter the following in Git Bash to copy your public key to your clipboard:
    cat /c/Users/you/.ssh/id_rsa.pub | clip
  7. Navigate to your preferences on this wiki, click "Add public SSH key", and paste the contents of your clipboard into the input box for "Public SSH key", then click Submit

PuttyGen

  1. Download and install PuttyGen
  2. Open PuttyGen
  3. Select an SSH-2 RSA key
  4. Click the Generate button
  5. Move your mouse around until the progress bar is full
  6. Type in a passphrase (you will need to remember this) and confirm it
  7. Save the private key and public key onto your local machine
  8. From the text field 'Public key for pasting into OpenSSH authorized_keys file' right click and copy
  9. Navigate to your preferences on this wiki, click "Add public SSH key", and paste the contents of your clipboard into the input box for "Public SSH key", then click Submit

Generating an SSH key on UNIX-based systems

  1. Open Terminal
  2. Enter the following into the terminal, substituting your email address:
    ssh-keygen -t rsa -b 4096 -C "your_email@example.com"

    This creates a new SSH key, using the provided email as a label.

    Generating public/private rsa key pair.
  3. When you're prompted to "Enter a file in which to save the key," press Enter. This accepts the default file location.
    Enter a file in which to save the key (/Users/you/.ssh/id_rsa):[Press enter]
  4. You will then be prompted to enter a passphrase, and once you've done so your new SSH key will be in /Users/you/.ssh/id_rsa.pub.
  5. Type the following into your terminal to copy your public key to your clipboard:
  6. cat ~/.ssh/id_rsa.pub | pbcopy
  7. Navigate to your preferences on this wiki, click "Add public SSH key", and paste the contents of your clipboard into the input box for "Public SSH key", then click Submit.

Troubleshooting

  1. If you're on a network that restricts SSH out (i.e. you are getting connection errors instead of authentication ones), find out if there's an internal server you can hop to first and then SSH out. You'll likely want to either set it as a jump host or forward agent (**NEVER** do this unless you fully trust the admins of your hop server not to impersonate you) to the hop server. You should avoid putting your SSH private key anywhere other than your local machine.
  2. Check what your remote username should be. It might be different to the username that you use to log into wikitech! If you can log into wikitech then you can find your shell username by going to preferences and looking at 'Instance shell account name'. Check what username you are actually trying to log in as - if it's not specified on your SSH command (or PuTTY session) and it's not coming from your SSH config (if you have one), it's likely defaulting to the username on your local machine, which may not be the correct username.
  3. Check what SSH keys are on your account. If you're not specifying your key using -i on the command line (or directly in PuTTY), is it in your agent? Check ssh-add -L (or Pageant, for PuTTY users).
    1. For Cloud VPS and Toolforge, you can see the SSH keys on your account at Special:Preferences#mw-prefsection-openstack (other users can find them by running ldapsearch -xLLL uid=<your username> sshPublicKey from inside labs).
    2. For Wikimedia production servers, you can see them at puppet.git modules/admin/data/data.yaml
  4. Check that your SSH keys are in the right format. Wikimedia should have the OpenSSH-formatted public key, it should not begin 'BEGIN SSH2 PUBLIC KEY' etc. If you're using the OpenSSH command line (ssh on linux hosts) your local private key file should be in OpenSSH format, not SSH2/SSH.com.

See also