Access Keys:
Skip to content (Access Key - 0)

Q: How do I connect to the Athena dialup servers using public-key authentication?

Answer

Using public-key authentication on the Athena dialup servers is somewhat different from using it on other OpenSSH servers, and is intended only for advanced users. In particular:

  • When logging in via this method, you will not automatically get Kerberos tickets, and will thus be unable to authenticate to other services (e.g. Zephyr) without running kinit or renew
  • When logging in via this method, you will not automatically get AFS tokens, and will be unable to access files in your home directory unless they are located in your ~/Public directory (or a directory with similar permissions). You will be unable to write to any files in AFS. (Do not grant world-writable permissions on any AFS directory.)
    • You can, of course, type renew to authenticate to AFS and Kerberos, but you will have to provide your password, which somewhat negates the advantage of using public key authentication in the first place.
  • When logging in via this method, your dotfiles (and, by extension, the system-wide Athena dotfiles) will not be run. Common customizations and command aliases may not be available. (For example, the name of the dialup you connect to will not get written to the ~/.lastdialup file.)

To avoid the issues listed above, consider using Kerberos authentication, as described in How can I avoid having to type my password when I login to Athena remotely?

Athena dialup authorized_keys file

The Athena dialup servers do not consult the default ~/.ssh/authorized_keys file. Users who have already set-up public/private key pairs for OpenSSH should add their public key to the file ~/Public/.ssh/athena_dialup_authorized_keys.

  • Please take care NOT to move or copy any other files in your ~/.ssh directory to avoid inadvertantly exposing any private keys.
  • Please note that the ~/Public/.ssh directory must have the same AFS permissions as your ~/Public, namely it must be readable by system:anyuser.

If you do not have a public/private key pair, you may generate one using ssh-keygen, and copy the resulting public key (~/.ssh/id_rsa.pub) into the file above.

IS&T Contributions

Documentation and information provided by IS&T staff members


Last Modified:

April 16, 2017

Get Help

Request help
from the Help Desk
Report a security incident
to the Security Team
Labels:
public public Delete
key key Delete
pubkey pubkey Delete
ssh ssh Delete
athena athena Delete
dialup dialup Delete
rsa rsa Delete
dsa dsa Delete
ecdsa ecdsa Delete
authorized_keys authorized_keys Delete
olc-dialup olc-dialup Delete
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.
Feedback
This product/service is:
Easy to use
Average
Difficult to use

This article is:
Helpful
Inaccurate
Obsolete
Adaptavist Theme Builder (4.2.3) Powered by Atlassian Confluence 3.5.13, the Enterprise Wiki