Can't copy ssh-key from Puma to Archer

[sallyaw]

Following the instructions to generate ssh-key pair and copy the public key to Archer on (http://cms.ncas.ac.uk/wiki/ArcherSshAgent) I used

$ source ~um/um-training/install-ssh-keys sallyaw@login.archer.ac.uk

which successfully generates the key pair but then cannot access Archer, I am not prompted to enter my password and get the following error:

Uploading your key to sallyaw@login.archer.ac.uk... you will be prompted for your password.

The authenticity of host 'login.archer.ac.uk (193.62.216.46)' can't be established.
ECDSA key fingerprint is SHA256:+YQxjgwooKSZM+QxS5y7XgS2qaARSqH9H2AgIk8dk9s.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'login.archer.ac.uk,193.62.216.46' (ECDSA) to the list of known hosts.
--------------------------------------------------------------------------------
This is a private computing facility. Access to this service is limited to those
who have been granted access by the operating service provider on behalf of the
contracting authority and use is restricted to the purposes for which access was
granted. All access and usage are governed by the terms and conditions of access
agreed to by all registered users and are thus subject to the provisions of the
Computer Misuse Act, 1990 under which unauthorised use is a criminal offence.

If you are not authorised to use this service you must disconnect immediately.
--------------------------------------------------------------------------------

Permission denied (publickey).
ERROR: ssh-copy-id failed

[ros]

Hi Sally,

With ARCHER moving to 2 factor authentication the set up to submit suites from PUMA to ARCHER has had to change. We are in the process of updating those instructions as we have been working with ARCHER to develop a robust solution.

You will need to generate a separate ssh-key for use only for the purpose of submitting suites to ARCHER. This is a totally separate key to the one you have previously uploaded to ARCHER SAFE website and that you use to login to ARCHER interactively.

1. On PUMA type

   ssh-keygen -t rsa -b 4096 -C "me@somewhere.ac.uk" -f ~/.ssh/id_rsa_archerum
   

Use a good and not-blank passphrase that you haven’t used before.

Let me know when you have done this so we can pass the key to ARCHER.

2. In your PUMA ~/.ssh/config file add the following section:

   Host login7.archer.ac.uk
   User <archer_username>
   IdentityFile ~/.ssh/id_rsa_archerum
   ForwardX11 no
   ForwardX11Trusted no
   

3. Setup ssh-agent

cp ~um/um-training/setup/ssh-setup ~/.ssh

Logout of PUMA and then back in again.

Add your archerum key to your ssh-agent by running:

ssh-add ~/.ssh/id_rsa_archerum

You will be prompted for your passphrase.

4. Specify login7.archer.ac.uk as the host in the appropriate .rc file (suite.rc or archer.rc), for example, host = login7.archer.ac.uk

5. You should then be able to submit suites to ARCHER.

In the next few weeks this mechanism will be rolled out to all ARCHER login nodes not just login7. You will receive a mailing when this has happened.

Cheers,
Ros.

[ros]

Hi Sally,

Your archerum key has now been installed on ARCHER.

Regards,
Ros.