SSH Key Generation & SFTP
This page describes the methodology of firstly generating a Secure Shell (SSH) Keypair, and secondly, how to Secure File Transfer Protocol (SFTP) into a storage device.
The same method that works for STFP into a Storage Device can also be used to SFTP into a Running job (which can be useful in some scenarios).
Prerequisites – SSH Key Generation
Important: Storage Devices that were setup BEFORE adding your public key to Rescale, will need the key adding manually. Storage devices setup AFTER adding your public key to Rescale will automatically be attached to the storage device, and any job.
Software Required (Windows)
Putty & Putty Key Gen
If you have administrator privileges, download the “package files” compatible with your machine (likely to be 64-bit x86). Install using default methods unless there is a need to change it.
If you don’t have administrator privileges, download the alternative binary files for putty.exe and puttygen.exe.
Generating SSH Keys
- Launch puttygen, either directly from the exe downloaded, or search in the Start Menu for “puttygen.”
- Under the Key menu, ensure that SSH-2 RSA Key is selected (it should be by default).
- Press Generate and move your cursor around inside the window until the green bar fills. Note that this is using the randomness of your cursor movements to generate a sufficiently randomized key.
- Once filled, save the public key to a known location, and give the key a name “putty_key_username.pub”.
- This location should be somewhere persistent, so avoid saving to the Downloads folder or similar. Replace username with your username (or something similar).
- Recommended location: C:/Users/USERNAME/ssh (create ssh folder if this doesn’t already exist).
- To save the private key, click the Conversions menu and then click Export OpenSSH Key.
- Save the key without a passphrase by clicking Yes.
- Save the key in the same location as the public key giving the name putty_key_username (note the removal of the .pub extension).
Add Your Public Key to Your Rescale User Profile
- Log into Rescale, and in the top right of the screen, hover over your email address and navigate to User Profile Settings.
- Open your public key with notepad or a similar text editor.
- Copy and paste your key, starting from the text that states “ssh-rsa” to the end of the string.
- Ensure your Access Restriction is set to Everywhere.
- Select Save.
You have successfully added your public key to your Rescale User Profile.
Starting a Storage Device
Start a test Storage Device to determine if the key has been successfully generated.
Adding Additional Keys to Existing Storage Device
In order to enable access for additional users to the storage device, their public keys must be added to the device after it has been launched.
After Storage Device Started
After Additional Keys Have Been Added
- Navigate to the work folder of the Storage Device, via the Files tab, and create a new folder called temp_keys.
- Upload the public keys that you want to add to the Storage Device via the Upload from this computer button. Ensure you have the temp_keys folder selected in the tree structure on the left.
- Navigate to the Status tab and launch an In-Browser SSH Window by clicking on the Server IP address.
- Navigate to the temp_keys folder in the SSH window via cd ~/work/temp_keys.
- Replace KEY_FILE_NAME with the name of the file uploaded to temp_keys.
- Replace HOST_NAME_IP with the username & IP from the SSH window. This will take the form udeprod.XXXXXX@XX.XX.XX.XX
cat KEY_FILE_NAME | ssh HOST_NAME_IP 'cat > ~/tmp_id_rsa.pub && mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat ~/tmp_id_rsa.pub >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys && rm ~/tmp_id_rsa.pub && echo “Done”'
KEY_FILE_NAME = putty_key_bob.pub HOST_NAME_IP = udeprod.ttooPb@ip-10-54-7-67
cat putty_key_bob.pub | ssh udeprod.ttooPb@ip-10-54-7-67 'cat > ~/tmp_id_rsa.pub && mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat ~/tmp_id_rsa.pub >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys && rm ~/tmp_id_rsa.pub && echo “Done”'
This is to be repeated for each key that needs to be added.
Tip: The Clipboard icon is the way to copy and paste things from the in-browser terminal. Text highlighted in the terminal will appear in the clipboard, and can then be highlighted, copied from there.
The process also works in the opposite way. Pasting text into the clipboard, and then right clicking on the ssh session; this will paste whatever was in the clipboard into the terminal.
A successful operation will result in the feedback “/five”.
- Navigate to ~/.ssh/ via the in browser terminal.
- show contents of the file “authorised_keys”
- You should be able to see the public key at the bottom of this file.
Tip: Typing the first few characters of an item in terminal, then pressing Tab will auto-complete the item. Refusal to auto-complete indicates there is more than one item with the characters you have typed.
You have successfully added an additional key to the Storage Device.
Connecting to Storage Device with an SFTP Client
There are many SFTP clients available on the web. The two recommended are FileZilla & WinSCP.
FileZilla – https://filezilla-project.org/ (Cross Platform)
To use FileZilla:
- Launch FileZilla after Installation.
- Go to File > Site Manager
- Click New Site.
- Protocol is SFTP.
- Enter IP Address of Storage Device as the Host.
- Enter the Host ID (takes the form udeprod.XXXXX) as the User.
- Set Logon Type to Key File. The Key File is the Private Key.