Access to Placentia from Siku

From ACENET
Jump to: navigation, search


Access to Placentia (and Glacdyn2) from Siku requires the use of ecdsa keys for both the host-key as well as SSH-public-key authentication.

~/.ssh/config on Siku

Add the following lines to your ~/.ssh/config on Siku: 

Host placentia
   HostName     placentia.ace-net.ca
   #User        placentia_username  # if different from Siku
   IdentitiesOnly yes
   IdentityFile ~/.ssh/id_ecdsa
   PubkeyAcceptedKeyTypes ecdsa-sha2-nistp521
   HostKeyAlgorithms      ecdsa-sha2-nistp521

# uncomment the following lines if access to glacdyn2 is needed:
#Host glacdyn2   
#   Hostname     glacdyn2
#   #User        glacdyn_username  # if different from Siku
#   ProxyJump    placentia
#   IdentitiesOnly yes
#   IdentityFile ~/.ssh/id_ecdsa
#   PubkeyAcceptedKeyTypes ecdsa-sha2-nistp521
#   HostKeyAlgorithms ecdsa-sha2-nistp521

remove old RSA hostkeys

Old RSA hostkeys need to be removed from the known_hosts file, e.g. with the following commands: 

ssh-keygen -R placentia.ace-net.ca -f ~/.ssh/known_hosts
ssh-keygen -R glacdyn2             -f ~/.ssh/known_hosts

generate an ECDSA keypair on Siku

ssh-keygen -t ecdsa -b 521  -C "$(date --iso) ${USER}@siku for placentia"
ssh-copy-id -i ~/.ssh/id_ecdsa user@placentia 
ssh-copy-id -i ~/.ssh/id_ecdsa user@glacdyn2

At this time you will likely be prompted to verify and accept Placentia's and Glacdyn2's ECDSA host keys.

Their fingerprints are: 

521 SHA256:hxBXW1kAP8WS8dTvDvNOgdvazlgA/IwNA5Xvvahr+1k placentia.ace-net.ca (ECDSA)
521 SHA256:Htx7lgNNjJi7ivh6ehMNkX8Ao9ObJU5XEnSyjpxgXiU glacdyn2 (ECDSA)
Retrieved from "https://wiki.ace-net.ca/w/index.php?title=Access_to_Placentia_from_Siku&oldid=14635"