| 1 | |
| 2 | = Handling SSH Keys and Certificates in Emulab = |
| 3 | '''Yingxiao Xu, Prasad Calyam'''[[BR]] |
| 4 | '''February 9, 2012''' |
| 5 | |
| 6 | The purpose of this tutorial is to give general instructions about handling SSH Keys and Certificates in Emulab. |
| 7 | |
| 8 | == 1. Login into nodes created by Emulab Java UI == |
| 9 | |
| 10 | You can login into the nodes created by Emulab Java UI either with Emulab account/password or using private key of Emulab. |
| 11 | |
| 12 | |
| 13 | You need to upload your own public key through Emulab web portal. All the uploaded public keys will be included in the .ssh/authorized_keys file automatically. So you can login into each nodes using your own private key or Emulab generated private key. |
| 14 | |
| 15 | == 2. Login into nodes created by Flack == |
| 16 | |
| 17 | You can only login into nodes created by Flack by using SSH key. |
| 18 | |
| 19 | Nodes created by flack do not share the home folder. Only the public key you uploaded through Emulab web UI will be put in .ssh/authorized_keys file of each nodes. The Emulab generated public keys is not put in the authorized_keys file. |
| 20 | |
| 21 | So you should upload your own public key through Emulab web portal. |
| 22 | |
| 23 | == 3. Login into nodes created by OMNI/Gush == |
| 24 | |
| 25 | The public key you specified in omni_config file (i.e., {{{ keys=~/.ssh/id_rsa.pub }}}) will be automatically put in .ssh/authorized_keys file of each node. |
| 26 | |
| 27 | You can use the corresponding private key to login into each of the nodes. |
| 28 | |
| 29 | |
| 30 | == 4. For Linux Client == |
| 31 | |
| 32 | You can create public/private key pairs using ssh-keygen tool in your own machine. |
| 33 | |
| 34 | Then upload the .ssh/id_rsa.pub into Emulab website. |
| 35 | |
| 36 | Then you can login into nodes created by Emulab Java UI and Flack. |
| 37 | |
| 38 | If you install OMNI or Gush in the client and specify {{{ keys=~/.ssh/id_rsa.pub }}} in omni_config file, then you can login into nodes created by OMNI/Gush in this client. |
| 39 | |
| 40 | |
| 41 | == 5. For Windows Client == |
| 42 | |
| 43 | You can download and re-use the key in Linux Client. |
| 44 | |
| 45 | You can also generate one using PuTTY Key Generator and save the private key and public key. Next transfer the public key to Emulab Web portal. |
| 46 | |
| 47 | Then you can start Pageant that comes with PuTTY, add the private key using Pageant. |
| 48 | |
| 49 | Then you can login into nodes created by Emulab Java UI and Flack. |
| 50 | |
| 51 | |
| 52 | == 6. Certificates == |
| 53 | |
| 54 | A certificate is generated through Emulab portal by specifying a PassPhrase during creation. This certificate is used by Flack, OMNI/Gush. |
| 55 | |
| 56 | For Flack, it will ask you to login into Emulab web-portal and then Flack will download the certificate through the web-portal when you specify the PassPhrase. |
| 57 | |
| 58 | For OMNI/Gush, You need to copy the certificate to the OMNI/Gush client and specify it in omni_config file. You will be prompted for PassPhrase each time OMNI/Gush will use the certificate. To avoid the prompt for PassPhrase, you can create clear text certificate (i.e., keyout.pem ) using encrypted certificate (i.e., encrypted.pem ) by using the following command - |
| 59 | {{{ |
| 60 | openssl rsa -in encrypted.pem -out keyout.pem |
| 61 | openssl x509 -in encrypted.pem >> keyout.pem |
| 62 | }}} |
| 63 | |
| 64 | For more information, see - |
| 65 | - https://www.protogeni.net/trac/protogeni/wiki/Tutorial |
| 66 | |
| 67 | - http://users.emulab.net/trac/emulab/wiki/kb70 |