#acl DynareTeamGroup:read,write,delete,revert,admin All:read

= SSH keys howto =

This page describes how to log in via SSH and don't wan't to type their password everytime. Authentification is done through a system of public/private keys.

The commands given below have to be run in a Bash shell (under Windows/Cygwin or Linux). It is assumed that you have installed the ssh package on your local machine.

== Creating your personal keys ==

This has to be done only once.

On your local machine, just type:
{{{
ssh-keygen
}}}

Accept the default for the location of the file location. Choose a passphrase to protect your key; if you choose an empty passphrase, anybody who has access to your private key file (see below) can log into your remote accounts. You can use an SSH agent to avoid the hassle of typing the passphrase every time you log in (GNOME provides an SSH agent by default).

This should have created two files in the {{{~/.ssh}}} directory:
 * {{{id_rsa.pub}}}: it contains the public part of your key. This file can be made public. It should contain a single line beginning with {{{ssh-rsa}}}.
 * {{{id_rsa}}}: it contains the private part of your key. '''The content of this file has to be kept secret'''. Anybody having access to this file could break through your personal accounts which have been configured as described below.

== Configuring remote hosts ==

The following procedure has to be repeated on every remote host you'd like to connect to with your key.

Suppose you have an account {{{user}}} on machine {{{hostname}}}.

Log in:
{{{
ssh user@hostname
}}}

On the remote machine, edit the file {{{~/.ssh/authorized_keys}}} (create it if it doesn't exist). With emacs, you would type:
{{{
emacs ~/.ssh/authorized_keys
}}}

With a simple copy/paste, just add the content of the file {{{id_rsa.pub}}} (your '''public''' key, beginning with {{{ssh-rsa}}}) at the end of the {{{authorized_keys}}} file. Save and exit. Log out.

You should now be able to log into the remote machine with your key: it will ask for your passphrase the first time; if you have an SSH agent, the passphrase will be kept in memory for subsequent logins.

''Note:'' it is possible to put several keys in the {{{authorized_keys}}} file, one key per line. All keys will be granted access without password. This can be useful if several people share the same account (such as the {{{dynare}}} account on the Dynare workstation), or if you use several keys for yourself (for example if you have several personal workstations).

''Note 2:'' if your private key gets compromised, you should immediately delete its public counterpart in the {{{authorized_keys}}} files you've put it in (otherwise your accounts can be compromised too!). You should then stop to use this keys, and create new ones.