User Tools

Site Tools


quick:addingkeys

Adding other people's ssh keys to your account

This allows CHPC staff to assist users — submit jobs, log in to running compute nodes, inspect results.

You should never ask for someone else's password, or give your password to anyone else.

Convenience scripts to add a staff member's SSH key

The scripts are there for convenience to add or remove a staff member's SSH key into or from your .ssh/authorized_keys file to allow access to your home directory for assistance. Use the staff member's login id (username, e.g. charles) to select that person.

add_staff_sshkey.sh  staffmember 
delete_staff_sshkey.sh  staffmember
list_staff_sshkey.sh 

The staff member will be able to see any and all of your files and will be able to submit jobs as your user. It's not necessary to provide your password to staff.

ONLY in case the above scripts don't work

Instructions for CHPC staff

You only need to do this if the scripts above don't work properly, you may ignore the following if access can be obtained and revoked via the scripts.

The file system permissions allowing the above has been set up. In case a user is unable to gain access to your public SSH key, but without compromising security, verify the steps below.

Make your .ssh directory readable by others in the 'users' group.

 chmod 750 $HOME/.ssh

[ ssh has permissions checks, but this one does not prevent use of your keys for login ]

Instructions for the user

Add the staff key to their authorized_keys :-

From your shell on the login node, do this :-

 ssh-copy-id -i ~staff_user_name/.ssh/id_rsa.pub localhost

[ obviously, change staff_user_name to the staff username ]

To log in to the user account

[ from the login node ]

 ssh chpc-user@localhost

To remove access afterwards

[ This removes your key, probably at the end, of ~/.ssh/authorized_keys ]

 sed -e '/staff_user_name@/ d' -i ~/.ssh/authorized_keys
/var/www/wiki/data/pages/quick/addingkeys.txt · Last modified: 2016/07/22 08:01 by ischeepers