SLAC ESD Software Engineering Group

Stanford Linear Accelerator Center

UNIX DEVELOPMENT ENVIRONMENT

 

RSA Authentication Setup

SLAC Computing

Software Engineering

SWE Detailed

topic-homepage, e.g. ESD Standards

 

This page descibes how to set up RSA based authenticate for passwordless login. This setup is required in order to use ESD's software deployment facility.

RSA key pair generation:

You can generate your RSA key pair on any public UNIX development machine (flora, for example). Log in using your AFS account and issue the following command.

  ssh-keygen -t rsa

Respond to all prompts with return. For example: 

jingchen@flora05 $ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/u/cd/jingchen/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /u/cd/jingchen/.ssh/id_rsa.
Your public key has been saved in /u/cd/jingchen/.ssh/id_rsa.pub.
The key fingerprint is:
09:5c:d9:22:33:f6:a3:94:f5:eb:21:96:b4:44:71:fd jingchen@flora05

Updating authorized key list

Your public key will be saved in $HOME/.ssh/id_rsa.pub. This key must be then added to /u/cd/cddev/.ssh/authorized_key, the authorized key list for AFS cddev account, and /u1/cddev/.ssh/authorized_keys, the authorized key list for local cddev account on PEPII gateway machines. This is needed if you want to deploy to prodcution machines both taylored and standalone using your AFS account from any public UNIX development machine.

Ask the owner of cddev account to do the following for you:

  • Log in as cddev on any public UNIX machine;
  • Make sure your old key is removed if it exists;  
   $ cat /u/cd/YOUR_USERNAME/.ssh/id_rsa.pub
   (select and copy)     
$ cat >> /u/cd/cddev/.ssh/authorized_keys 
(paste)
ctrl+d
  • Log in as cddev account on opi00gtw00
  • Make sure your old key is removed if it exists;  
   $ cat /u/cd/YOUR_USERNAME/.ssh/id_rsa.pub
   (select and copy)     
$ cat >> /u1/cddev/.ssh/authorized_keys 
(paste)
ctrl+d

Now,   test if you can log in opi00gtw04 as cddev account without password 

               
               $ ssh –l cddev opi00gtw04 
               cddev@opi00gtw04 $

and log in opi00gtw00 as cddev account without password 

               $ ssh -l cddev opi00gtw00
               opi00gtw00:cddev%

[SLAC ESD Software Engineering Group][ SLAC Home Page]

Author: Jingchen Zhou, 05-19-03
Modified by: dd-Mmm-yy, user name, short comment. dd-Mmm-yy, username, short comment. Note, all modifications are listed on same line!