Opened 7 months ago

Closed 6 months ago

#3346 closed help (fixed)

Can't copy ssh-key from Puma to Archer

Reported by: sallyaw Owned by: ros
Component: PUMA Keywords: UM Setup
Cc: Platform: PUMA
UM Version:

Description

Following the instructions to generate ssh-key pair and copy the public key to Archer on (http://cms.ncas.ac.uk/wiki/ArcherSshAgent) I used

$ source ~um/um-training/install-ssh-keys sallyaw@login.archer.ac.uk

which successfully generates the key pair but then cannot access Archer, I am not prompted to enter my password and get the following error:

Uploading your key to sallyaw@login.archer.ac.uk... you will be prompted for your password.

The authenticity of host 'login.archer.ac.uk (193.62.216.46)' can't be established.
ECDSA key fingerprint is SHA256:+YQxjgwooKSZM+QxS5y7XgS2qaARSqH9H2AgIk8dk9s.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'login.archer.ac.uk,193.62.216.46' (ECDSA) to the list of known hosts.
--------------------------------------------------------------------------------
This is a private computing facility. Access to this service is limited to those
who have been granted access by the operating service provider on behalf of the
contracting authority and use is restricted to the purposes for which access was
granted. All access and usage are governed by the terms and conditions of access
agreed to by all registered users and are thus subject to the provisions of the
Computer Misuse Act, 1990 under which unauthorised use is a criminal offence.

If you are not authorised to use this service you must disconnect immediately.
--------------------------------------------------------------------------------

Permission denied (publickey).
ERROR: ssh-copy-id failed

Change History (3)

comment:1 Changed 7 months ago by ros

  • Owner changed from um_support to ros
  • Status changed from new to accepted

Hi Sally,

With ARCHER moving to 2 factor authentication the set up to submit suites from PUMA to ARCHER has had to change. We are in the process of updating those instructions as we have been working with ARCHER to develop a robust solution.

You will need to generate a separate ssh-key for use only for the purpose of submitting suites to ARCHER. This is a totally separate key to the one you have previously uploaded to ARCHER SAFE website and that you use to login to ARCHER interactively.

  1. On PUMA type
    ssh-keygen -t rsa -b 4096 -C "me@somewhere.ac.uk" -f ~/.ssh/id_rsa_archerum
    

Use a good and not-blank passphrase that you haven’t used before.

Let me know when you have done this so we can pass the key to ARCHER.

  1. In your PUMA ~/.ssh/config file add the following section:
    Host login7.archer.ac.uk
    User <archer_username>
    IdentityFile ~/.ssh/id_rsa_archerum
    ForwardX11 no
    ForwardX11Trusted no
    
  1. Setup ssh-agent
cp ~um/um-training/setup/ssh-setup ~/.ssh

Logout of PUMA and then back in again.

Add your archerum key to your ssh-agent by running:

ssh-add ~/.ssh/id_rsa_archerum

You will be prompted for your passphrase.

  1. Specify login7.archer.ac.uk as the host in the appropriate .rc file (suite.rc or archer.rc), for example, host = login7.archer.ac.uk
  1. You should then be able to submit suites to ARCHER.

In the next few weeks this mechanism will be rolled out to all ARCHER login nodes not just login7. You will receive a mailing when this has happened.

Cheers,
Ros.

comment:2 Changed 7 months ago by ros

Hi Sally,

Your archerum key has now been installed on ARCHER.

Regards,
Ros.

comment:3 Changed 6 months ago by ros

  • Keywords UM Setup added
  • Resolution set to fixed
  • Status changed from accepted to closed
Note: See TracTickets for help on using tickets.