Version 11 (modified by annette, 4 years ago) (diff)

SSH setup for PUMA to Archer

Please Note: If you already have ssh keys set up on PUMA, follow the instructions at the bottom of the page: Using an existing ssh agent.

1. Set up PUMA environment

If this is the first time you have used your PUMA account, you will need to create a .profile. Copy our standard one:

puma$ cd ~
puma$ cp ~um/um-training/setup/.profile .

(If you already have a .profile, make sure it includes the lines from the standard file.)

2. Generate the authentication key on PUMA and install it on ARCHER

Run the install-ssh-keys script. This will take you through ssh-key creation and copy the key over to ARCHER.

puma$ source ~um/um-training/install-ssh-keys <archer-username>

When prompted to "Enter passphrase", this should be a fairly complicated and unguessable passphrase. You can use spaces in the passphrase if it helps you to remember it more readily. It is recommended that you don’t use your password in case it is hacked.

Warning: DO NOT use an empty passphrase as this presents a security issue.

After generating your ssh-key, the script will copy it over to ARCHER.

When prompted for "Password", enter your ACRHER password.

3. Verify the authentication works

puma$ ssh <archer-user-name>
Enter passphrase for key '/home/<puma-username>/.ssh/id_rsa':

If you don’t get asked for your Passphrase, then something has gone wrong. In this case, make sure the public key, was successfully copied over to ARCHER by logging into ARCHER and opening the file ~/.ssh/authorized_keys. It should contain something similar to:

ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAt1JmHYgsuf0UWVLqNqnDSaUUP2xJ+Um0H5WnUt/i

If it doesn’t, and no errors were reported from the install-ssh-keys script, please contact the CMS team.

Once you have this part working, log out of ARCHER.

4. Start up ssh-agent

Run the following command and type your passphrase:

puma$ ssh-add
Enter passphrase for /home/<puma-username>/.ssh/id_rsa:

You may need to do this every time a new agent is started. The ssh agent should keep running even when you log out of puma, however it may stop from time to time, for example if PUMA is rebooted.

5. Checks this works by ssh-ing into ARCHER

You should now be able to ssh from PUMA to ARCHER without a password or passphrase.

Using an existing ssh agent

If you already have ssh keys and an ssh agent set up on PUMA (for example from the UM training course or for MONSooN) you can use this to connect to ARCHER.

First you need to find the name of the public key in your .ssh directory:

puma$ ls ~/.ssh
environment.puma  id_rsa  known_hosts  ssh-setup

The public key ends with .pub and will usually be called or

Now run the script to copy the key to your ARCHER account, making sure to use the correct name for your key:

puma$ ssh-copy-id -i ~/.ssh/ <archer-username>

You will be prompted for your ARCHER password.

If successful, you should now be able to login to ARCHER without a password or passphrase. If not take a look at the FAQs.