SSH Key Generation & SFTP

Overview

This page describes the methodology of firstly generating a Secure Shell (SSH) Keypair, and secondly, how to Secure File Transfer Protocol (SFTP) into a storage device. 

The same method that works for STFP into a Storage Device can also be used to SFTP into a Running job (which can be useful in some scenarios).

Prerequisites – SSH Key Generation

Important: Storage Devices that were setup BEFORE adding your public key to Rescale, will need the key adding manually. Storage devices setup AFTER adding your public key to Rescale will automatically be attached to the storage device, and any job.

Software Required (Windows)

Putty & Putty Key Gen

https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html

If you have administrator privileges, download the “package files” compatible with your machine (likely to be 64-bit x86x86 is a widely used computer architecture and instruction s... More). Install using default methods unless there is a need to change it. 

If you don’t have administrator privileges, download the alternative binary files for putty.exe and puttygen.exe.

Generating SSH Keys

1. Launch puttygen, either directly from the exe downloaded, or search in the Start Menu for “puttygen.”
2. Under the Key menu, ensure that SSH-2 RSA Key is selected (it should be by default).

3. Press Generate and move your cursor around inside the window until the green bar fills. Note that this is using the randomness of your cursor movements to generate a sufficiently randomized key.

4. Once filled, save the public key to a known location, and give the key a name “putty_key_username.pub”.

• This location should be somewhere persistent, so avoid saving to the Downloads folder or similar. Replace username with your username (or something similar).
• Recommended location: C:/Users/USERNAME/ssh (create ssh folder if this doesn’t already exist).

5. To save the private key, click the Conversions menu and then click Export OpenSSH Key.

• Save the key without a passphrase by clicking Yes.
• Save the key in the same location as the public key giving the name putty_key_username (note the removal of the .pub extension).

Add Your Public Key to Your Rescale User Profile

1. Log into Rescale, and in the top right of the screen, hover over your email address and navigate to User Profile Settings.

(For User Profile Settings, we should go to “Job Settings”)

2. Open your public key with notepad or a similar text editor.

• Copy and paste your key, starting from the text that states “ssh-rsa” to the end of the string. 

3. Ensure your Access Restriction is set to Everywhere.

4.

You have successfully added your public key to your Rescale User Profile.

Starting a Storage Device

Start a test Storage Device to determine if the key has been successfully generated.

Adding Additional Keys to Existing Storage Device

In order to enable access for additional users to the storage device, their public keys must be added to the device after it has been launched.

After Storage Device Started

After Additional Keys Have Been Added

Steps

1. Navigate to the work folder of the Storage Device, via the Files tab, and create a new folder called temp_keys.

2. Upload the public keys that you want to add to the Storage Device via the Upload from this computer button. Ensure you have the temp_keys folder selected in the tree structure on the left. 

3. Navigate to the Status tab and launch an In-Browser SSH Window by clicking on the Servera server is a computer program that provides services to oth... More IP address.

>
4. Navigate to the temp_keys folder in the SSH window via cd ~/work/temp_keys.
5. Modify the following command:
   • Replace KEY_FILE_NAME with the name of the file uploaded to temp_keys.
   • Replace HOST_NAME_IP with the username & IP from the SSH window. This will take the form udeprod.XXXXXX@XX.XX.XX.XX

cat KEY_FILE_NAME | ssh HOST_NAME_IP  'cat > 
~/tmp_id_rsa.pub && mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat 
~/tmp_id_rsa.pub >> ~/.ssh/authorized_keys && chmod 600 
~/.ssh/authorized_keys && rm ~/tmp_id_rsa.pub && echo “Done”'

Example

KEY_FILE_NAME = putty_key_bob.pub
HOST_NAME_IP = udeprod.ttooPb@ip-10-54-7-67

cat putty_key_bob.pub | ssh udeprod.ttooPb@ip-10-54-7-67  'cat > 
~/tmp_id_rsa.pub && mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat 
~/tmp_id_rsa.pub >> ~/.ssh/authorized_keys && chmod 600 
~/.ssh/authorized_keys && rm ~/tmp_id_rsa.pub && echo “Done”'

This is to be repeated for each key that needs to be added.

Tip: The Clipboard icon is the way to copy and paste things from the in-browser terminal. Text highlighted in the terminal will appear in the clipboard, and can then be highlighted, copied from there.

The process also works in the opposite way. Pasting text into the clipboard, and then right clicking on the ssh session; this will paste whatever was in the clipboard into the terminal.

A successful operation will result in the feedback “/five”.

Overcheck

1. Navigate to ~/.ssh/ via the in browser terminal.
   • cd ~/.ssh/

2. show contents of the file “authorised_keys”
   • cat authorised_keys

3. You should be able to see the public key at the bottom of this file. 

Tip: Typing the first few characters of an item in terminal, then pressing Tab will auto-complete the item. Refusal to auto-complete indicates there is more than one item with the characters you have typed.

You have successfully added an additional key to the Storage Device.

Connecting to Storage Device with an SFTP Client

There are many SFTP clients available on the web. The two recommended are FileZilla & WinSCP. 

FileZilla – https://filezilla-project.org/ (Cross Platform)

To use FileZilla:

1. Launch FileZilla after Installation.
2. Go to File > Site Manager
3. Click New Site.
4. Protocol is SFTP.
5. Enter IP Address of Storage Device as the Host.
6. Enter the Host ID (takes the form udeprod.XXXXX) as the User.
7. Set Logon Type to Key File. The Key File is the Private Key.

Details from Status Page of Storage Device

Example Screen