Registration/SSH: Difference between revisions

From bwHPC Wiki
Jump to navigation Jump to search
mNo edit summary
 
(30 intermediate revisions by 4 users not shown)
Line 1: Line 1:
= SSH Key Authentication for HPC Clusters =
= Registering SSH Keys with your Cluster =


'''SSH Keys''' allow you to log into a system without entering a password. Instead of proving your identity with something you know (a password), you prove it with something you have (a cryptographic key).
{|style="background:#deffee; width:100%;"

|style="padding:5px; background:#cef2e0; text-align:left"|
{| class="wikitable" style="text-align:center;"
[[Image:Attention.svg|center|25px]]
|+ SSH Key Management Methods by Cluster
|style="padding:5px; background:#cef2e0; text-align:left"|
|-
Interactive SSH Keys are not valid all the time, but only for one hour after the last 2-factor login.
! Cluster
They have to be "unlocked" by entering the OTP and service password.
! Management Method
! Details
|-
| bwUniCluster 3.0
| style="background-color:#90EE90;" | bwIDM Portal
| Centralized key management, 180-day validity
|-
| bwForCluster BinAC 2
| style="background-color:#FFE4B5;" | ~/.ssh/authorized_keys
| Self-managed, use ssh-copy-id
|-
| bwForCluster Helix
| style="background-color:#90EE90;" | bwServices Portal
| Centralized key management, 180-day validity
|-
| bwForCluster JUSTUS 2
| style="background-color:#FFE4B5;" | ~/.ssh/authorized_keys
| Self-managed, use ssh-copy-id
|-
| bwForCluster NEMO 2
| style="background-color:#90EE90;" | bwIDM Portal
| Centralized key management, 180-day validity
|}
|}


'''Choose your cluster below:'''
'''SSH Keys''' are a mechanism for logging into a computer system without having to enter a password. Instead of authenticating yourself with something you know (a password), you prove your identity by showing the server something you have (a cryptographic key).
* [[#SSH_Keys_on_BinAC_2_and_JUSTUS_2|BinAC 2 and JUSTUS 2]] - Self-managed keys
* [[#SSH_Keys_via_bwIDM.2FbwServices|bwUniCluster 3.0, Helix, and NEMO 2]] - Centralized management


= SSH Keys on BinAC 2 and JUSTUS 2 =
The usual process is the following:


On '''bwForCluster BinAC 2''' and '''bwForCluster JUSTUS 2''', you manage SSH keys yourself using the standard <code>~/.ssh/authorized_keys</code> file.
* The user generates a pair of SSH Keys, a private key and a public key, on their local system. The private key never leaves the local system.


== Quick Setup with ssh-copy-id ==
* The user then logs into the remote system using the remote system password and adds the public key to a file called ~/.ssh/authorized_keys .


The easiest method to add your SSH key:
* All following logins will no longer require the entry of the remote system password because the local system can prove to the remote system that it has a private key matching the public key on file.


'''Step 1: Generate an SSH key''' (if you don't have one):
While SSH Keys have many advantages, the concept also has '''a number of issues''' which make it hard to handle them securely:
<pre>
ssh-keygen -t ed25519 -C "your_email@example.com"
</pre>


Press Enter to accept the default location, then set a strong passphrase.
* The private key on the local system is supposed to be protected by a strong passphrase. There is no possibility for the server to check if this is the case. Many users do not use a strong passphrase or do not use any passphrase at all. If such a private key is stolen, an attacker can immediately use it to access the remote system.


'''Step 2: Copy your key to the cluster:'''
* There is no concept of validity. Users are not forced to regularly generate new SSH Key pairs and replace the old ones. Often the same key pair is used for many years and the users have no overview of how many systems they have stored their SSH Keys on.
<pre>
# For BinAC2:
ssh-copy-id username@login.binac2.uni-tuebingen.de


# For JUSTUS2:
* SSH Keys can be restricted so they can only be used to execute specific commands on the server, or to log in from specified IP addresses. Most users do not do this.
ssh-copy-id username@justus2.uni-ulm.de
</pre>


To fix these issues '''it is no longer possible to self-manage your SSH Keys by adding them to the ~/.ssh/authorized_keys file''' on bwUniCluster/bwForCluster.
Enter your service password and OTP when prompted. Your public key will be automatically added to <code>~/.ssh/authorized_keys</code>.
SSH Keys have to be managed through bwIDM/bwServces instead.
Existing authorized_keys files are ignored.


'''Step 3: Test your connection:'''
== Minimum requirements for SSH Keys ==
<pre>
# For BinAC2:
ssh username@login.binac2.uni-tuebingen.de


# For JUSTUS2:
Algorithms and Key sizes:
ssh username@justus2.uni-ulm.de
</pre>


You should now be able to log in using your SSH key and OTP.
* 2048 bits or more for RSA
* 521 bits for ECDSA
* 256 Bits (Default) for ED25519


== Manual Setup (Alternative) ==
ECDSA-SK and ED25519-SK keys (for use with U2F Hardware Tokens) cannot be used yet.


If <code>ssh-copy-id</code> is not available on your system:
'''Please set a strong passphrase for your private keys.'''


'''Step 1: Display your public key:'''
<pre>
cat ~/.ssh/id_ed25519.pub
</pre>


Copy the entire output.
= Adding a new SSH Key =


'''Step 2: Log into the cluster''' using your service password and OTP
{|style="background:#deffee; width:100%;"

|style="padding:5px; background:#cef2e0; text-align:left"|
'''Step 3: Add the key to authorized_keys:'''
[[Image:Attention.svg|center|25px]]
<pre>
|style="padding:5px; background:#cef2e0; text-align:left"|
mkdir -p ~/.ssh
Copy only the contents of your public ssh key file to bwIDM/bwServices.
chmod 700 ~/.ssh
The file ends with <code>.pub</code> ( e.g. <code>~/.ssh/<filename>.pub</code>).
echo "paste-your-public-key-here" >> ~/.ssh/authorized_keys
You can only add SSH keys that have not been used yet.
chmod 600 ~/.ssh/authorized_keys
</pre>

Replace <code>paste-your-public-key-here</code> with your actual public key.

= SSH Keys via bwIDM/bwServices =

On '''bwUniCluster 3.0''', '''bwForCluster Helix''', and '''bwForCluster NEMO 2''', SSH keys are managed centrally through the registration service.

== Why Centralized Management? ==

Centralized SSH key management provides:

* Security enforcement: Keys must use strong algorithms and have 180-day validity
* Centralized control: Review and revoke all keys from one location
* Two key types: Interactive keys (manual logins) and Command keys (automated workflows)

'''Note:''' Self-managed <code>~/.ssh/authorized_keys</code> files are ignored on these clusters.

== Supported Key Types ==

=== Standard SSH Keys ===

* ED25519: 256 bits (recommended)
* RSA: 2048 bits or more
* ECDSA: 521 bits

'''Important:''' Always protect your private keys with a strong passphrase.

=== FIDO2 Hardware Keys ===

'''ED25519-SK''' keys use hardware security keys (like Yubikey) for authentication:

* Always valid - no 2-factor unlock required
* Hardware-protected - private key never leaves the device
* Physical presence required - must touch key to authenticate

'''Note:''' ECDSA-SK keys are not supported. Use ED25519-SK only.

{| class="wikitable" style="text-align:center;"
|+ FIDO2 Key Support by Cluster
|-
! Cluster
! ED25519-SK Support
|-
| bwUniCluster 3.0
| style="background-color:#90EE90;" | ✓ Supported
|-
| bwForCluster Helix
| style="background-color:#FFB6C1;" | ✗ Not supported
|-
| bwForCluster NEMO 2
| style="background-color:#90EE90;" | ✓ Supported
|}
|}


'''Get started:''' See [[Registration/SSH/SSH-FIDO2-Quick-Start|SSH with FIDO2 - Quick Start Guide]]
'''SSH keys''' are generally managed via the '''My SSH Pubkeys''' menu entry on the registration pages for the clusters.
Here you can add and revoke SSH keys. To add a ssh key, please follow these steps:


== Step 1: Add Your SSH Key to the Portal ==
1. '''Select the cluster''' for which you want to create a second factor:</br> &rarr; [https://login.bwidm.de/user/ssh-keys.xhtml '''bwUniCluster 2.0''']</br> &rarr; [https://login.bwidm.de/user/ssh-keys.xhtml '''bwForCluster MLS&WISO''']
[[File:BwIDM-twofa.png|center|frame|My SSH Pubkeys]]


First, upload your public key to the management portal:
3. Click the '''Add SSH Key''' or '''SSH Key Hochladen''' button.
[[File:Bwunicluster 2.0 access ssh keys empty.png|center|frame|Add new SSH key]]


<div style="border: 3px solid #ffc107; padding: 15px; background-color: #fff3cd; margin: 10px 0;">
4. A new window will appear.
'''Important:'''
Enter a name for the key and paste your SSH public key (file <code>~/.ssh/<filename>.pub</code>) into the box labelled "SSH Key:".
* Keys are valid for '''180 days''' and automatically revoked after expiration
Click on the button labelled '''Add''' or '''Hinzufügen'''.
* Upload only your '''public key''' file (ending in <code>.pub</code>, e.g., <code>~/.ssh/id_ed25519.pub</code>)
[[File:Ssh-key.png|center|frame|Add new SSH key]]
</div>


'''1. Navigate to SSH key management:'''
5. If everything worked fine your new key will show up in the user interface:
* [https://login.bwidm.de/user/ssh-keys.xhtml bwUniCluster 3.0 / NEMO 2] (bwIDM)
[[File:Ssh-success.png|center|frame|New SSH key added]]
* [https://bwservices.uni-heidelberg.de/user/ssh-keys.xhtml bwForCluster Helix] (bwServices)


[[File:BwIDM-twofa.png|center|600px|thumb|My SSH Pubkeys page]]
Newly added keys have a validity of three months.
After that, they are revoked and placed on a blacklist so that they can no longer be used.


'''2. Click "Add SSH Key" / "SSH Key Hochladen"'''
Once you have added SSH keys to the system, you can bind them to one or more services to use either for interactive logins ('''Interactive key'') or for automatic logins ('''Command key'').


[[File:Bwunicluster 2.0 access ssh keys empty.png|center|400px|thumb|Add SSH Key button]]
= Registering an Interactive Key =


'''3. Enter key details:'''
'''Interactive Keys''' can be used to log into a system for normal interactive use. They are not valid all the time, but only for one hour after the last 2-factor login. This means that on the first attempt to log into the bwUniCluster 2.0 system your SSH key will not be accepted, but you have to log in with an One-Time Password (OTP) and your service password. After that you won't have to enter the OTP and service password anymore for one hour because your SSH Key has been unlocked. After the hour has passed, you have to enter the OTP and service password again on your next login attempt, and then your SSH Key will be unlocked for another hour.
* '''Name:''' Descriptive identifier (e.g., "laptop-work", "desktop-home")
* '''SSH Key:''' Paste complete contents of your <code>.pub</code> file
* Click '''Add''' / '''Hinzufügen'''


[[File:Ssh-key.png|center|600px|thumb|Add SSH key dialog]]
Perform the following steps to register an interactive key:


'''4. Success!''' Your key appears in the list
1. Log into [https://bwidm.scc.kit.edu https://bwidm.scc.kit.edu].


[[File:Ssh-success.png|center|800px|thumb|SSH key successfully added]]
2. Locate the requested service (bwUniCluster) in the main menu and click on '''Set SSH Key''' or '''SSH Key setzen''' in the main menu.
'''Next:''' Bind your key to a cluster as either an [[#Step_2A:_Register_Interactive_Key|Interactive Key]] or [[#Step_2B:_Register_Command_Key|Command Key]].


== Step 2A: Register Interactive Key ==
3. The upper block shows the SSH Keys currently registered for the service. The lower block shows all SSH public keys which have been added to your account. Locate the SSH Key you want to use and click on '''Add''' or '''Hinzufügen'''.


'''Interactive Keys''' are for manual SSH logins.
[[File:Bwunicluster 2.0 access ssh keys service list.png|center]]


=== Understanding Key Validity ===
4. A new window appears. Choose '''Interactive''' under '''Type of usage''', enter an optional comment and click on '''Add''' or '''Hinzufügen'''.


'''Regular SSH Keys''' (RSA, ECDSA, ED25519):
[[File:Bwunicluster 2.0 access ssh keys service add.png|center]]
* Require 2-factor authentication unlock
* Valid for limited hours after entering OTP + service password
* Must re-authenticate when validity expires


{| class="wikitable" style="text-align:center;"
5. Your SSH key has now been registered to the service and can be used.
|+ Validity Periods for Regular SSH Keys
|-
! Cluster
! Valid Duration
|-
| bwUniCluster 3.0
| 8 hours
|-
| bwForCluster Helix
| 12 hours
|-
| bwForCluster NEMO 2
| 12 hours
|}


'''FIDO2 Hardware Keys''' (ED25519-SK):
[[File:Bwunicluster 2.0 access ssh keys service added.png|center]]
* Always valid - no 2-factor unlock needed
* Authentication via physical key touch only
* Only on bwUniCluster 3.0 and NEMO 2 (not Helix)
* See [[Registration/SSH/SSH-FIDO2-Quick-Start|SSH with FIDO2 - Quick Start Guide]]


=== Registration Steps ===
<br/>
<br/>


'''1. Add your public key''' following [[#Step_1:_Add_Your_SSH_Key_to_the_Portal|Step 1]] above
= Registering a Command Key =


'''2. Navigate to "Registered Services" / "Registrierte Dienste"'''
Passphrases, 2-factor authentication and service passwords make it impossible to integrate many scientific workflows with bwUniCluster 2.0. We therefore offer a second type of registration: '''Command Keys''', special keys which can be used for automation.


Click '''Set SSH Key''' / '''SSH Key setzen''' for your cluster
Command Keys are always valid and don't have to be unlocked. This makes these keys extremely valuable to a possible attacker and poses a security risk, so we enforce additional restrictions on these keys:


[[File:BwIDM-registered.png|center|600px|thumb|Select cluster]]
* They have to be restricted to a single command which can be executed.
* They have to be restricted to a single IP address (e.g. the workflow server) or a small number of IP addresses (e.g. the subnet of the institute).
* They have to be checked and approved by an HPC administrator before they can be used.
* The validity is reduced to one month.


'''3. Find your key and click "Add" / "Hinzufügen"'''
The process for registering a Command Key is the same as the one for an Interactive Key, but after selecting '''Command''' under '''Type of usage''' two additional field labelled '''Command''' and '''From (network address)''' appear which have to be filled in. Please also provide a comment to speed up the approval process.


[[File:Ssh-service-int.png|center|800px|thumb|Add SSH key to service]]
If you want to register a command key to be able to transfer data automatically, please use the following string as the '''Command''':


'''4. Select "Interactive" and confirm'''
<pre>

/usr/bin/rrsync -ro / -rw /
* Usage type: '''Interactive'''
</pre>
* Comment: Optional description
* Click '''Add''' / '''Hinzufügen'''

[[File:Ssh-int.png|center|600px|thumb|Set as Interactive key]]

'''5. Done!''' Your key is active for interactive logins

[[File:Ssh-service.png|center|800px|thumb|SSH key registered]]

== Step 2B: Register Command Key ==

'''Command Keys''' enable automated workflows (e.g., backups, data transfers) without manual login.

=== Security Requirements ===

<div style="border: 3px solid #dc3545; padding: 15px; background-color: #f8d7da; margin: 10px 0;">
Command keys are '''always valid''' (no 2FA required), making them security-sensitive.

'''Mandatory restrictions:'''
* Single command: Specify exact command with full path
* IP restriction: Limit to specific IP address(es) or subnet
* Admin approval: Keys require review before activation
* Short validity: Maximum 30 days
</div>

'''Common use case:''' [[Registration/SSH/rrsync|rrsync for data transfers]]

=== Registration Steps ===

'''1. Add your public key''' following [[#Step_1:_Add_Your_SSH_Key_to_the_Portal|Step 1]] above

'''2. Navigate to "Registered Services"'''

Click '''Set SSH Key''' for your cluster

[[File:BwIDM-registered.png|center|600px|thumb|Select cluster]]

'''3. Find your key and click "Add" / "Hinzufügen"'''

[[File:Ssh-service-com.png|center|800px|thumb|Add SSH key to service]]

'''4. Configure command restrictions:'''

* '''Usage type:''' Select '''Command'''
* '''Command:''' Full path with parameters (see example below)
* '''From:''' IP address or CIDR notation (e.g., <code>192.168.1.0/24</code>)
* '''Comment:''' Explain purpose (speeds up approval)
* Click '''Add''' / '''Hinzufügen'''

{| class="wikitable"
! Example: rrsync for data transfer
|-
| <pre>/usr/local/bin/rrsync -ro /home/aa/aa_bb/aa_abc1/</pre>
'''Note:''' Verify exact path on your cluster (may be <code>/usr/bin/rrsync</code>)
|}

[[File:Ssh-com.png|center|600px|thumb|Configure command key]]

'''5. Wait for approval'''

[[File:Ssh-service.png|center|800px|thumb|Key pending approval]]

== Revoking SSH Keys ==


Revoke keys that are no longer needed or potentially compromised.
After the key has been added, it will be marked as '''Pending''':


<div style="border: 3px solid #6c757d; padding: 15px; background-color: #e2e3e5; margin: 10px 0;">
[[File:Bwunicluster 2.0 access ssh keys service add command.png|center]]
'''Note:''' Revoked keys are immediately disabled and cannot be reused.
</div>


'''1. Navigate to SSH key management:'''
You will receive an e-mail as soon as the key has been approved and can be used.
* [https://login.bwidm.de/user/ssh-keys.xhtml bwUniCluster 3.0 / NEMO 2] (bwIDM)
* [https://bwservices.uni-heidelberg.de/user/ssh-keys.xhtml bwForCluster Helix] (bwServices)


[[File:BwIDM-twofa.png|center|600px|thumb|My SSH Pubkeys page]]
<br/>
<br/>


'''2. Click "REVOKE" / "ZURÜCKZIEHEN"''' next to the key you want to disable
= Revoke/Delete an SSH Key=


'''2.''' Click '''REVOKE''' / '''ZURÜCKZIEHEN''' next to the key you want to disable
# Log into [https://bwidm.scc.kit.edu https://bwidm.scc.kit.edu].
# Navigate to '''index''' or '''Übersicht'''
# Click on '''My SSH Pubkeys''' or '''Meine SSH Pubkeys''' in the main menu.
# Click on the '''Revoke''' or '''Zurückziehen''' button next to the SSH Key you want to revoke.


[[File:Ssh-success.png|center|800px|thumb|Revoke SSH key]]
'''Please note that revoked keys are blocked and cannot be used again.'''

Latest revision as of 17:47, 3 December 2025

SSH Key Authentication for HPC Clusters

SSH Keys allow you to log into a system without entering a password. Instead of proving your identity with something you know (a password), you prove it with something you have (a cryptographic key).

SSH Key Management Methods by Cluster
Cluster Management Method Details
bwUniCluster 3.0 bwIDM Portal Centralized key management, 180-day validity
bwForCluster BinAC 2 ~/.ssh/authorized_keys Self-managed, use ssh-copy-id
bwForCluster Helix bwServices Portal Centralized key management, 180-day validity
bwForCluster JUSTUS 2 ~/.ssh/authorized_keys Self-managed, use ssh-copy-id
bwForCluster NEMO 2 bwIDM Portal Centralized key management, 180-day validity

Choose your cluster below:

SSH Keys on BinAC 2 and JUSTUS 2

On bwForCluster BinAC 2 and bwForCluster JUSTUS 2, you manage SSH keys yourself using the standard ~/.ssh/authorized_keys file.

Quick Setup with ssh-copy-id

The easiest method to add your SSH key:

Step 1: Generate an SSH key (if you don't have one): 

ssh-keygen -t ed25519 -C "your_email@example.com"

Press Enter to accept the default location, then set a strong passphrase.

Step 2: Copy your key to the cluster: 

# For BinAC2:
ssh-copy-id username@login.binac2.uni-tuebingen.de

# For JUSTUS2:
ssh-copy-id username@justus2.uni-ulm.de

Enter your service password and OTP when prompted. Your public key will be automatically added to ~/.ssh/authorized_keys.

Step 3: Test your connection: 

# For BinAC2:
ssh username@login.binac2.uni-tuebingen.de

# For JUSTUS2:
ssh username@justus2.uni-ulm.de

You should now be able to log in using your SSH key and OTP.

Manual Setup (Alternative)

If ssh-copy-id is not available on your system:

Step 1: Display your public key: 

cat ~/.ssh/id_ed25519.pub

Copy the entire output.

Step 2: Log into the cluster using your service password and OTP

Step 3: Add the key to authorized_keys: 

mkdir -p ~/.ssh
chmod 700 ~/.ssh
echo "paste-your-public-key-here" >> ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys

Replace paste-your-public-key-here with your actual public key.

SSH Keys via bwIDM/bwServices

On bwUniCluster 3.0, bwForCluster Helix, and bwForCluster NEMO 2, SSH keys are managed centrally through the registration service.

Why Centralized Management?

Centralized SSH key management provides:

  • Security enforcement: Keys must use strong algorithms and have 180-day validity
  • Centralized control: Review and revoke all keys from one location
  • Two key types: Interactive keys (manual logins) and Command keys (automated workflows)

Note: Self-managed ~/.ssh/authorized_keys files are ignored on these clusters.

Supported Key Types

Standard SSH Keys

  • ED25519: 256 bits (recommended)
  • RSA: 2048 bits or more
  • ECDSA: 521 bits

Important: Always protect your private keys with a strong passphrase.

FIDO2 Hardware Keys

ED25519-SK keys use hardware security keys (like Yubikey) for authentication:

  • Always valid - no 2-factor unlock required
  • Hardware-protected - private key never leaves the device
  • Physical presence required - must touch key to authenticate

Note: ECDSA-SK keys are not supported. Use ED25519-SK only.

FIDO2 Key Support by Cluster
Cluster ED25519-SK Support
bwUniCluster 3.0 ✓ Supported
bwForCluster Helix ✗ Not supported
bwForCluster NEMO 2 ✓ Supported

Get started: See SSH with FIDO2 - Quick Start Guide

Step 1: Add Your SSH Key to the Portal

First, upload your public key to the management portal:

Important:

  • Keys are valid for 180 days and automatically revoked after expiration
  • Upload only your public key file (ending in .pub, e.g., ~/.ssh/id_ed25519.pub)

1. Navigate to SSH key management:

My SSH Pubkeys page

2. Click "Add SSH Key" / "SSH Key Hochladen"

Add SSH Key button

3. Enter key details:

  • Name: Descriptive identifier (e.g., "laptop-work", "desktop-home")
  • SSH Key: Paste complete contents of your .pub file
  • Click Add / Hinzufügen
Add SSH key dialog

4. Success! Your key appears in the list

SSH key successfully added

Next: Bind your key to a cluster as either an Interactive Key or Command Key.

Step 2A: Register Interactive Key

Interactive Keys are for manual SSH logins.

Understanding Key Validity

Regular SSH Keys (RSA, ECDSA, ED25519):

  • Require 2-factor authentication unlock
  • Valid for limited hours after entering OTP + service password
  • Must re-authenticate when validity expires
Validity Periods for Regular SSH Keys
Cluster Valid Duration
bwUniCluster 3.0 8 hours
bwForCluster Helix 12 hours
bwForCluster NEMO 2 12 hours

FIDO2 Hardware Keys (ED25519-SK):

  • Always valid - no 2-factor unlock needed
  • Authentication via physical key touch only
  • Only on bwUniCluster 3.0 and NEMO 2 (not Helix)
  • See SSH with FIDO2 - Quick Start Guide

Registration Steps

1. Add your public key following Step 1 above

2. Navigate to "Registered Services" / "Registrierte Dienste"

Click Set SSH Key / SSH Key setzen for your cluster

Select cluster

3. Find your key and click "Add" / "Hinzufügen"

Add SSH key to service

4. Select "Interactive" and confirm

  • Usage type: Interactive
  • Comment: Optional description
  • Click Add / Hinzufügen
Set as Interactive key

5. Done! Your key is active for interactive logins

SSH key registered

Step 2B: Register Command Key

Command Keys enable automated workflows (e.g., backups, data transfers) without manual login.

Security Requirements

Command keys are always valid (no 2FA required), making them security-sensitive.

Mandatory restrictions:

  • Single command: Specify exact command with full path
  • IP restriction: Limit to specific IP address(es) or subnet
  • Admin approval: Keys require review before activation
  • Short validity: Maximum 30 days

Common use case: rrsync for data transfers

Registration Steps

1. Add your public key following Step 1 above

2. Navigate to "Registered Services"

Click Set SSH Key for your cluster

Select cluster

3. Find your key and click "Add" / "Hinzufügen"

Add SSH key to service

4. Configure command restrictions:

  • Usage type: Select Command
  • Command: Full path with parameters (see example below)
  • From: IP address or CIDR notation (e.g., 192.168.1.0/24)
  • Comment: Explain purpose (speeds up approval)
  • Click Add / Hinzufügen
Example: rrsync for data transfer 
/usr/local/bin/rrsync -ro /home/aa/aa_bb/aa_abc1/

Note: Verify exact path on your cluster (may be /usr/bin/rrsync)

Configure command key

5. Wait for approval

Key pending approval

Revoking SSH Keys

Revoke keys that are no longer needed or potentially compromised.

Note: Revoked keys are immediately disabled and cannot be reused.

1. Navigate to SSH key management:

My SSH Pubkeys page

2. Click "REVOKE" / "ZURÜCKZIEHEN" next to the key you want to disable

2. Click REVOKE / ZURÜCKZIEHEN next to the key you want to disable

Revoke SSH key
Retrieved from "https://wiki.bwhpc.de/wiki/index.php?title=Registration/SSH&oldid=15632"