How to give other people access to an instance¶
These instructions will describe how to share direct ssh access to an instance with another person. Note that this process works for one instance user at a time (e.g. ubuntu
).
Receive their public ssh key¶
The first step to allow another person access to an instance is to receive a public ssh key from them. If they're unfamiliar with creating ssh keys, or if they need to create a new pair specifically for this context, they can follow the relevant section in the Training Handout.
Once the person has generated their keypair, direct them to send you their public ssh key in a text file. The contents of public ssh key should have this form:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6D3RuR2j6BvVy6I3Q1amScKYFs+qmI5D37bS9/vgdUvbQx0CnkyuAsx7UpPltXTz3+jkIcGJQqZJUZV1v00/y4iiaHTzp/PxRMT8bzIMw9cOnfZxhSQ1ekUr+wTfT8e5Hs+NabP4bfni/htE7LBk+Mrywgb5I4Mr3fKmKGH4DJzh2YUCt6oC/TivxuKYVrQPEy0BznFuwrHbpQoT6swUa3GaB5nIi/nPyHd6E/EIZ1be+U2y7+efmY9JlQKLaJg6iYumSbibLBQ8qw+ohHbcSBhDUmEiOosuYtvv8L8r3Bvj+2zyFU5DdArSvIPFQbma3/s9oqfYctcqGzVRmFeeJ
Danger
Private keys should never be shared or transferred from the machine where they were generated. Public ssh keys may be transferred or shared. Public ssh keys should have the file extension .pub
and can be viewed by running cat ~/.ssh/id_rsa.pub
. If you have any questions, please contact Science IT.
Add the public key to the authorized_keys
file¶
Once you have received the public key from the person who will access the instance, you must add it to the ~/.ssh/authorized_keys
file on your instance.
At any time, you can view the current contents of the ~/.ssh/authorized_keys
file by running this command from your instance :
cat ~/.ssh/authorized_keys
By default, the file will contain the public ssh key of the person who created the instance.
Option 1: Use ssh-copy-id from your client¶
You can use ssh-copy-id
to add a public ssh key for a user.
From Mac, Linux, or WSL on Windows:
ssh-copy-id -i ~/path/to/local/key.pub user@ipaddress
This will add the public ssh key to the server, stored as a new line in the file ~/.ssh/authorized_keys
.
Option 2: Use a terminal-based text editor from the server¶
Using a terminal-based text editor to edit the authorized_keys
file is also an option if you prefer a more manual approach.
First, it is suggested to make a backup of the authorized_keys
file, in case you make any errors during this process.
cp ~/.ssh/authorized_keys ~/.ssh/authorized_keys_copy
To add a new public ssh key, and with the the nano
text editor, to open the authorized_keys
file:
nano ~/.ssh/authorized_keys
Each line of the authorized_keys
file is a public ssh key. The first line of the file that you see is the SSH key used when creating the instance. If there are any more lines, each is a public ssh key that has been added to the instance.
To add a new public ssh key, simply move the cursor to a new line and paste the desired public ssh key. When you are finished, exit the nano
editor with CTRL+x
. To confirm type y + ENTER
.
Before you close the connection, open a second connection to the instance to verify that you have not corrupted the authorized_keys
file. If you have any trouble establishing a new connection to the same instance, consider restoring the file from the backup copy: mv ~/.ssh/authorized_keys_copy ~/.ssh/authorized_keys
.
Verify a new public ssh key¶
Once you have added another public ssh key to the authorized_keys
file, they should be able to access the instance as described in the Training Handout.
To verify that the ssh login works with the new key pair, confirm that you can access your instance via ssh from a client:
ssh -i ~/.ssh/key user@ipaddress
Info
Access to ScienceCloud virtual machines is, by default, restricted to users on the UZH campus networks or using the UZH VPN. If you need to grant access to an instance to an external collaborator who does not have access to the UZH VPN, please request a guest UZH account for them from your IT Coordinator.