HPC FAQ - Secure Shell

Supercomputer documentation is always a work in progress! Please email questions, corrections, or suggestions to the HPC support team at help-hpc@uky.edu as usual. Thanks!

The Secure Shell (SSH) is a network protocol for secure data communication, remote shell services, command execution, and other services between two computers. It is most often used to login to another computer on the network, but it can also be used to execute remote commands, to move files across machines, and for other similar purposes. For more information on the Secure Shell, see ssh.com and wikipedia.org/wiki/Secure_Shell.

Frequently Asked Questions

1. Why must I use SSH?

SSH provides strong authentication and encrypted communications, replacing telnet, rlogin, rsh, rcp, and rdist. Those older programs transmit plain text, which could expose your password and other private data. Always use ssh and slogin in place of telnet and rlogin.

2. How does SSH encrypt my connection?

By default SSH uses automatically generated public-private key pairs to encrypt the connection. You use your password as usual to login. SSH can also use a manually generated public-private key pair, which will allow you to login without giving your password. See How can I set up an SSH key pair? below for details.

3. How do I use SSH from Unix or Linux?

Most Unix and Linux systems come with the OpenSSH installed. If your workstation does not have it, then you can download it for free and compile it yourself. Use the ssh command to login to the remote machine:

ssh dlx.uky.edu

SSH will assume that your userid on the remote machine is the same as the one you're using on your local machine. If it's not, add the correct userid for the remote machine:

ssh userid@dlx.uky.edu

The very first time you connect to a remote machine, you'll see a message about a missing host key:

ssh dlx.uky.edu
Host key not found from the list of known hosts.
Are you sure you want to continue connecting (yes/no)?

Enter yes and the host key will be saved (in the hidden directory .ssh/known_hosts). On subsequent logins, you won't see the message.

Get more information by using the man ssh command.

4. How do I use SSH from Windows?

PuTTY is a free implementation of SSH (and other protocols) for Windows and Unix platforms that is widely used. You can download it from the UK Download server or from the PuTTY web page.

There are also commercial SSH Clients for Windows with more extensive features.

5. How do I use SSH from a Macintosh?

Max OS X has the SSH commands already installed. Find the Terminal.app in the Utilities folder in the Applications folder. Double click it to get a window with the command line prompt, then follow the directions for a Unix or Linux Client above.

6. How can I set up an ssh key pair?

Setting up a public/private key pair allows you to log onto the DLX (and other machines) without giving your password each time. You will have a private key stored on your workstation and a corresponding public key stored on the DLX.

On a Unix, Linux, or MacOS X workstation

  1. On your workstation, use the ssh-keygen command to generate a public/private RSA key pair. Be sure to use a strong passphrase when asked.
    $ ssh-keygen
    Generating public/private rsa key pair.
    Enter file in which to save the key (/Users/userid/.ssh/id_rsa):
    Enter passphrase (empty for no passphrase):
    Your identification has been saved in /Users/userid/.ssh/id_rsa.
    Your public key has been saved in /Users/userid/.ssh/id_rsa.pub.
  2. Now copy the public key file to the DLX with the scp command. The first argument is the source file on your workstation and the second is the destination file in your .ssh directory on the DLX.
    scp authorized_keys userid@dlx.uky.edu:.ssh/new_key
    userid@dlx.uky.edu's password:
  3. Login to the DLX as usual, change directories to the hidden .ssh directory, and concatenate the new public key onto the end of the authorized_keys file. Be careful not to clobber the existing authorized_keys file. Your DLX account requires the key generated on the cluster in its authorized_keys file for intra-node authorization.

    ssh userid@dlx.uky.edu
    cd .ssh
    cat id_rsa.pub >> authorized_keys
  4. Logout of the DLX and then login again. You won't need to give your password.
    ssh userid@dlx.uky.edu
  5. Copy the public key to any other machines you want to use it on.

There is a good discussion of setting up key pairs on this Getting started with SSH web page.

On a Windows machine using PuTTY

  1. Use the PuTTYgen.exe program, available with PuTTY, to generate a public/private RSA key pair.
    • Set SSH-2 RSA as the Type of Key.
    • Leave the Number of Bits at the default of 1024.
    • Click the Generate button.
    • Follow the directions.
  2. After the key is generated, which might take a minute:
    • Fill in a strong passphrase.
    • Click the Save Private Key button.
    • Give the file a name (like private_key) and save it. This is the key file PuTTY will use for your workstation.
    • Click the Save Public Key button. Give the file a name (like public_key) and save it.
    • Copy the public key from the field Public key for pasting into OpenSSH authorized_keys file. You will paste this key into the authorized_keysfile on the DLX.
  3. Add the key to the DLX
    • Use PuTTY to login to the DLX as usual.
    • Edit the file .ssh/authorized_keys. Paste the public key you copied in the step above in at the end of the file. Be careful not to clobber any other entries in the existing authorized_keys file. Your DLX account requires the key generated on the cluster in its authorized_keys file for intra-node authorization.
    • Save the file.
    • Logoff of the DLX.
  4. Open the PuTTY Configuration.
    • Go to Connection → SSH → Auth.
    • Go to the field Private key file for authentication.
    • Click Browse and find the private key file you saved above.
    • Click Open.
  5. Login to the DLX with PuTTY as usual. You won't need to give your password.
  6. Copy the public key to any other machines you want to use it on.

For more information, see Chapter 8 in the PuTTY documentation.

859-218-HELP (859-218-4357) 218help@uky.edu

Text Only Options

Top of page

Text Only Options

Open the original version of this page.

Usablenet Assistive is a UsableNet product. Usablenet Assistive Main Page.