SLAC CD Software Engineering Group

Stanford Linear Accelerator Center

UNIX DEVELOPMENT ENVIRONMENT

 

UNIX Authentication Setup

SLAC Computing

Software Engineering

SWE Detailed

topic-homepage, e.g. ESD Standards

 


 

This page descibes how to set up RSA based authenticate for passwordless login. This setup is required in order to use CD software's deployment facility.

RSA key pair generation:

First, you need to make sure you have a valid public key in $HOME/.ssh/identity.pub. If you don't have one, you must generate one. You can generate your RSA key pair on any public UNIX development machine (flora, for example). Log in using your AFS account and issue the following command.

    ssh-keygen -t rsa1

    ssh-keygen -t dsa

    

Respond to all prompts with return. For example:

jingchen@flora03 $ ssh-keygen -t rsa1
Generating public/private rsa1 key pair.
Enter file in which to save the key (/u/cd/jingchen/.ssh/identity):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /u/cd/jingchen/.ssh/identity.
Your public key has been saved in /u/cd/jingchen/.ssh/identity.pub.
The key fingerprint is:
22:a4:8d:25:68:31:7c:07:3f:d2:c2:5e:73:d2:43:2d jingchen@flora03

(take the default prompts for the DSA key generation)

Updating authorized key list

Your public key will be saved in $HOME/.ssh/identity.pub. This key must be then added to /u/cd/cddev/.ssh/authorized_keys, the authorized key list for AFS cddev account, and /u1/cddev/.ssh/authorized_keys, the authorized key list for local cddev account on PEPII gateway machines. This is needed if you want to deploy to prodcution machines both taylored and standalone using your AFS account from any public UNIX development machine.

Ask the owner of cddev account (Judy Rock, Brobeck, Jingchen) to do the following for you:

  • Add your identity.pub to the authorized key list for AFS cddev account

 

Log in as cddev using password via Tera Term on any public UNIX machine. Make sure your old key is removed if it exists.
   $ cat  /u/cd/YOUR_USERNAME/.ssh/identity.pub
   (select and copy)

     

               $ emacs /u1/cd/cddev/.ssh/authorized_keys

(paste)

  • Add your DSA key to the authorized key list for local cddev account

Log in as cddev account on opi00gtw00. Make sure your old key is removed if it exists. 

   $ cat /u/cd/YOUR_USERNAME/.ssh/.public/id_dsa.pub
   (select and copy)     
$ emacs  /u1/cddev/.ssh/authorized_keys2
(paste)
 

Now,   test if you can log in opi00gtw04 as cddev account without password

               
               $ ssh –l cddev opi00gtw04 
               cddev@opi00gtw04 $

and log in opi00gtw00 as cddev account without password

               $ ssh -l cddev opi00gtw00
               opi00gtw00:cddev%
 

[SLAC ESD Software Engineering Group][ SLAC Home Page]

Author: Jingchen Zhou, 05-19-03
Modified by: 14-Jun-2005 Daniel Blackwell updated for DSA