Jump to content

Help:SSH

From Wikitech

You can manage your access to Cloud VPS instances, including adding your existing public SSH keys, via the Wikimedia Identity Management system for developers.

Once you have uploaded your public SSH key, it will be available in all the Cloud VPS projects that you have access to. Then you will be able to access the instances in those projects.

Creating a new public and private SSH key

Caution: The public key is always the file with ".pub" on the end. Always keep the private key secret and never share it with anyone else!

Generating a key in Windows

There are a few ways that you can generate an SSH keypair on Windows.

Git Bash

  1. Download and install Git Bash
  2. Open Git Bash
  3. Enter the following into the terminal, substituting your email address: 
    ssh-keygen -t rsa -b 4096 -C "your_email@example.com"

    This creates a new SSH key, using the provided email as a label. 

    Generating public/private rsa key pair.
  4. When you're prompted to "Enter a file in which to save the key," press Enter. This accepts the default file location. 
    Enter a file in which to save the key (/c/Users/you/.ssh/id_rsa):[Press enter]
  5. You will then be prompted to enter a passphrase, and once you've done so your new SSH key will be in /c/Users/you/.ssh/id_rsa.pub
  6. Enter the following in Git Bash to copy your public key to your clipboard: 
    cat /c/Users/you/.ssh/id_rsa.pub | clip
  7. Log into https://idm.wikimedia.org/, select the SSH keys tab and click Upload new key. You need to paste the contents of your clipboard into the SSH public key field. If you have more than one key, you can leave an optional Comment. Finally confirm with Upload new SSH key.

PuttyGen

  1. Download and install PuttyGen
  2. Open PuttyGen
  3. Select an SSH-2 RSA key
  4. Click the Generate button
  5. Move your mouse around until the progress bar is full
  6. Type in a passphrase (you will need to remember this) and confirm it
  7. Save the private key and public key onto your local machine
  8. From the text field 'Public key for pasting into OpenSSH authorized_keys file' right click and copy
  9. Log into https://idm.wikimedia.org/, select the SSH keys tab and click Upload new key. You need to paste the contents of your clipboard into the SSH public key field. If you have more than one key, you can leave an optional Comment. Finally confirm with Upload new SSH key.

Generating an SSH key on UNIX-based systems

  1. Open Terminal
  2. Enter the following into the terminal, substituting your email address: 
    ssh-keygen -t rsa -b 4096 -C "your_email@example.com"

    This creates a new SSH key, using the provided email as a label. 

    Generating public/private rsa key pair.
  3. When you're prompted to "Enter a file in which to save the key," press Enter. This accepts the default file location. 
    Enter a file in which to save the key (/Users/you/.ssh/id_rsa):[Press enter]
  4. You will then be prompted to enter a passphrase, and once you've done so your new SSH key will be in /Users/you/.ssh/id_rsa.pub.
  5. Type the following into your terminal to copy your public key to your clipboard:
    6. cat ~/.ssh/id_rsa.pub | pbcopy
  6. Log into https://idm.wikimedia.org/, select the SSH keys tab and click Upload new key. You need to paste the contents of your clipboard into the SSH public key field. If you have more than one key, you can leave an optional Comment. Finally confirm with Upload new SSH key.

Troubleshooting

  1. If you're on a network that restricts SSH out (i.e. you are getting connection errors instead of authentication ones), find out if there's an internal server you can hop to first and then SSH out. You'll likely want to either set it as a jump host or forward agent (**NEVER** do this unless you fully trust the admins of your hop server not to impersonate you) to the hop server. You should avoid putting your SSH private key anywhere other than your local machine.
  2. Check what your remote username should be. It might be different to the username that you use to log into wikitech! If you can log into wikitech then you can find your shell username by going to preferences and looking at 'Instance shell account name'. Check what username you are actually trying to log in as - if it's not specified on your SSH command (or PuTTY session) and it's not coming from your SSH config (if you have one), it's likely defaulting to the username on your local machine, which may not be the correct username.
  3. Check what SSH keys are on your account. If you're not specifying your key using -i on the command line (or directly in PuTTY), is it in your agent? Check ssh-add -L (or Pageant, for PuTTY users).
    1. For Cloud VPS and Toolforge, you can see the SSH keys on your account at idm.wikimedia.org (other users can find them by running ldapsearch -xLLL uid=<your username> sshPublicKey from inside labs).
    2. For Wikimedia production servers, you can see them at puppet.git modules/admin/data/data.yaml
  4. Check that your SSH keys are in the right format. Wikimedia should have the OpenSSH-formatted public key, it should not begin 'BEGIN SSH2 PUBLIC KEY' etc. If you're using the OpenSSH command line (ssh on linux hosts) your local private key file should be in OpenSSH format, not SSH2/SSH.com.

See also

Retrieved from "https://wikitech.wikimedia.org/w/index.php?title=Help:SSH&oldid=2181714"