Using SSH to Access PSC Resources
SSH is a program that enables secure logins over an unsecure network. It encrypts the data passing both ways so that if it is intercepted it cannot be read.
SSH is client-server software; both machines must have SSH installed. SSH server software is installed on all the PSC machines. You must install SSH client software on your local machine.
SSH is available without charge for almost all versions of Unix. Clients for Mac and Windows are available free from vendors or from the Internet. One popular client for Windows is PuTTY. You can find many others by searching the internet.
A command line version of ssh is installed by default on Macs and can be used in the Terminal application.
Why does the PSC require me to use SSH?
We are concerned with the increasing frequency of attacks on computers and networks and want to provide you with a secure environment in which to conduct your research.
Authenticating to PSC with SSH
You can use SSH to authenticate to PSC systems using a password or with a public-private key pair.
Authenticating using your password
Your password is encrypted when you use SSH, so even if it is intercepted, it is secure. To access PSC computing resources this way:
- Start your SSH client from your local machine.
- A connection window requesting the hostname to connect to and optionally your username and password may automatically open. If it does not, select "Open" from the File menu, and the connection window will appear.
- For "Hostname", specify the PSC machine you wish to access.
- If you are using password authentication, enter your username and PSC password.
The first time that you use SSH to connect to a PSC machine, you will receive a warning that SSH has received an unknown host key from the host server. You can:
- Select "Accept once". You will be logged in, but the next time you use SSH to connect to this PSC host, you will receive the same warning.
- Select "Accept and save". You will be logged in. You should NOT receive this warning when connecting to this host via SSH again.
- Select "Cancel". Your connection to PSC will be dropped.
Authenticating using a public-private key pair
When you use a public-private key pair, the authentication messages passed between the local and remote systems are encrypted. See more about public-private key pairs.
You can authenticate to PSC systems using a SSH public-private key pair by following these steps:
- Generate your public and private keys on your local machine. Your SSH client should provide a way to do this.
- Submit your public key to PSC via the PSC SSH Key Management system. Use your Kereberos password to gain access to the Key Manager.
Within one business day, someone from PSC User Services will contact you at the phone number on file for you at PSC to verify the key addition.
Once your key has been verified and installed, use the PSC SSH Key Management System to edit or delete your keys.