Skip to end of metadata
Go to start of metadata

Generating ssh keys enables you to authenticate on O2 compute nodes without typing your password. Public and private keys are required for running MPI jobs, or submitting Slurm jobs that request X11 forwarding with the --x11 or --x11=batch options. 

Host keys for all O2 compute nodes are already listed in /etc/ssh/ssh_known_hosts, so there is no need for you to add them to your ~/.ssh/known_hosts file.

First, create your public and private key combination on O2:

$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/mfk8/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/mfk8/.ssh/id_rsa.
Your public key has been saved in /home/mfk8/.ssh/id_rsa.pub.
The key fingerprint is:
a5:b5:38:73:b7:3c:a6:8a:1d:a8:bd:87:4e:be:33:21 mfk8@login01

Copy the public key to your authorized_keys file:

$ cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys

Since the default new file permission will prevent these keys from being read by ssh, you will need to change it, and possibly also the parent .ssh directory.

$ chmod 0600 ~/.ssh/authorized_keys
$ chmod 0700 ~/.ssh


Now, you should be able to ssh to o2 without password, Even after doing all the above steps, you're still asked for password when logging in then make sure your home directory has no group write permissions.


$ chmod g-w /home/$USER


Note 1: Since your private key is not protected with a password, only use this key when working with O2 nodes. Do not use the public key for systems outside O2 without protecting it with a password. 

Note 2: This needs to be done only one time.

Note 3: If you have already done the above steps in Orchestra (our cluster that has been retired) you should not need to repeat this step in O2 since the /home filesystem is the same.  

  • No labels