Private/Public Key Authentication
Creating a Private/Public Key Pair
If you have never use public key authentication before, you will have to start by creating a key pair. Once the key pair is created, you need to keep the private key in a safe location. Never upload the private key, and never send it by Email. Whoever has your private key can use it to try logging in to ARROW. So, treat the private key as a secret at all times.
The easiest way to prepare a key pair is the use of "puttygen", part of the "putty" software on Windows. Pressing the Windows Key together with R will open a window where you enter "puttygen". Once you press "Ok", the software opens up:
We can go with the defaults and just click on the "Generate" button. Some randomness depends on you moving the mouse around on the screen. Once enough random data is gathered, the private and public key will be generated.
Once the keys have been generated, you need to store the private key in a easy to find location on your local file system. I recommend creating a folder "Keys" within your "Documents" folder, but any other location is fine as well. The idea is that you may easily forget where the key is stored when you need it a later point in time.
Click on "Save private key", which will create the following dialog box for you:
In an ideal world, assigning a password for your private key would be best, but that also means that you may have to enter that password every time you use the key, which can be a problem. Not assigning a password is one more reason to never risk losing this private key file.
Navigate to the "Keys" folder in the "Documents: folder, and give the key a meaningful name. Something that tells you what it is used for, like "arrow-private". The extension ppk is automatically added when the key is saved.
Regarding the public key: It is not necessary to save the public key. When loading a private key, the public key is automatically displayed again at the top of the "puttygen" window. It looks somewhat like this:
Uploading the public key to one of the ARROW login nodes
The "puttygen" window still shows the public key at the top.
ssh-rsa AAAAB3NzaC1yc2EAfAADAQABAAABAQDOHgbwUYAAo+BMpvskvLw6eTqqs8OVUMSbAIobbC2/518PpJ/b jW0n9NM4jlNJlEpuT79ZSv5RwSW8rP82qtcLdSEisxhXkyRLLjbzRWQSGxlVUI+K6MfZeFRYD+nqEH4Q1nSvxWJM FigswLuWsygcJnGxv0FBGBP7pUrK5pz6AEv5Blf0MCuy0bvuIGhOYEMO4JeId6WYrAwJmZ3mjHqVwO3uQtrYP1Gi 71A+yk4x2hZepwW5fHiTbeCU/kDycqWPsXOI3e+eBIDBHmaaD7uOkIWT/GnSBTvYr4NkF2xVxnmCsQ5eks13QdY6 MX1/gjwLl3nOPl6HBLc+KiHPLlMB rsa-key-20260325
You can use your mouse to highlight the entire string (starting at ssh-rsa and ending with the date) and copy it into your copy and paste buffer (this is actually a single line altogether). But first we want to do the following:
- create a terminal connection to one of the login nodes (putty, or even ThinLinc)
- navigate to the folder "~/.ssh"
- edit or create a file called "authorized_keys"
- paste the key from puttygen into this file (it should be a single line of text)
- save the file
Using the private key to log in
The procedure is different for the various pieces of software that can be used to connect to the cluster.
Configuring PuTTY Connections
When creating or editing a PuTTY connection, connect your private key as shown here:
Once you save your connection, the key is stored for all future connections to this machine.
Configuring WinSCP
When creating or editing a WinSCP connection, connect your private key as shown here. Start with the WinSCP page where you choose your connection, then click on "Advanced", and configure the connection as shown:
Once you save your connection, the key is stored for all future connections to this machine.
Configuring FileZilla
When creating or editing a FileZilla connection (see Edit/Settings), connect your private key as shown here:
Once you save your connection, the key is stored for all future connections to this machine.