Changes between Initial Version and Version 1 of otm-ssh-cert-emulab


Ignore:
Timestamp:
02/09/12 17:46:01 (12 years ago)
Author:
Prasad Calyam
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • otm-ssh-cert-emulab

    v1 v1  
     1
     2= Handling SSH Keys and Certificates in Emulab =
     3'''Yingxiao Xu, Prasad Calyam'''[[BR]]
     4'''February 9, 2012'''
     5
     6The purpose of this tutorial is to give general instructions about handling SSH Keys and Certificates in Emulab.
     7
     8== 1. Login into nodes created by Emulab Java UI ==
     9
     10You can login into the nodes created by Emulab Java UI either with Emulab account/password or using private key of Emulab.
     11
     12
     13You need to upload your own public key through Emulab web portal. All the uploaded public keys will be included in the .ssh/authorized_keys file automatically. So you can login into each nodes using your own private key or Emulab generated private key.
     14
     15== 2. Login into nodes created by Flack ==
     16
     17You can only login into nodes created by Flack by using SSH key.
     18       
     19Nodes created by flack do not share the home folder.  Only the public key you uploaded through Emulab web UI  will be put in .ssh/authorized_keys file of each nodes. The Emulab generated public keys is not put in the authorized_keys file.
     20
     21So you should upload your own public key through Emulab web portal.
     22
     23== 3. Login into nodes created by OMNI/Gush ==
     24
     25The public key you specified in omni_config file (i.e., {{{ keys=~/.ssh/id_rsa.pub  }}}) will be automatically put in .ssh/authorized_keys file of each node.
     26
     27You can use the corresponding private key to login into each of the nodes.
     28
     29
     30== 4. For Linux Client ==
     31
     32You can create public/private key pairs using ssh-keygen tool in your own machine.
     33
     34Then upload the .ssh/id_rsa.pub into Emulab website.
     35
     36Then you can login into nodes created by Emulab Java UI and Flack.
     37
     38If you install OMNI or Gush in the client and specify {{{ keys=~/.ssh/id_rsa.pub  }}} in omni_config file, then you can login into nodes created by OMNI/Gush in this client.
     39
     40
     41== 5. For Windows Client ==
     42
     43You can download and re-use the key in Linux Client.
     44
     45You can also generate one using PuTTY Key Generator and save the private key and public key. Next transfer the public key to Emulab Web portal.
     46
     47Then you can start Pageant that comes with PuTTY, add the private key using Pageant.
     48
     49Then you can login into nodes created by Emulab Java UI and Flack.
     50
     51
     52== 6. Certificates ==
     53
     54A certificate is generated through Emulab portal by specifying a PassPhrase during creation. This certificate is used by Flack, OMNI/Gush.
     55
     56For Flack, it will ask you to login into Emulab web-portal and then Flack will download the certificate through the web-portal when you specify the PassPhrase.
     57
     58For OMNI/Gush, You need to copy the certificate to the OMNI/Gush client and specify it in omni_config file. You will be prompted for PassPhrase each time OMNI/Gush will use the certificate. To avoid the prompt for PassPhrase, you can create clear text certificate (i.e., keyout.pem ) using encrypted certificate (i.e., encrypted.pem ) by using the following command -
     59{{{
     60openssl rsa -in encrypted.pem -out keyout.pem
     61openssl x509 -in encrypted.pem >> keyout.pem
     62}}}
     63
     64For more information, see -
     65                          - https://www.protogeni.net/trac/protogeni/wiki/Tutorial
     66
     67                          - http://users.emulab.net/trac/emulab/wiki/kb70