-
Notifications
You must be signed in to change notification settings - Fork 7
4. SSH for connecting to servers and to github
From a terminal, you should be able to ssh unicorn.cim.mcgill.ca to connect to unicorn. Set up SSH keys both for security and because it is far more convenient!
To use github while you are logged into unicorn, you will need to upload your public key to github through your github settings. However, DO NOT put your private key on unicorn so that you can git clone from github while on unicorn! The correct way is to use ForwardAgent in your ~/.ssh/config. This will safely forward your private key(s) through unicorn to github. For example, my ~/.ssh/config on my laptop contains:
Host unicorn
User <your unicorn account name>
HostName unicorn.cim.mcgill.ca
ForwardAgent yes
You can verify that your private key has been added by running ssh-add -l.
Then, from my laptop, I can ssh unicorn, then once I'm logged in, git clone --recurse-submodules [email protected]:Shared-Reality-Lab/IMAGE-server.git, and I don't have to type a password since my private key on my local computer is being forwarded to github for authentication. It might ask you to set your email address. Make sure to set it to one that is associated with your github account. At this point, you should be able to branch, make changes, and push to github, no passwords necessary! Note that you can also test whether it is working with ssh -T [email protected], which will give an error if it is not working.
If you have a Windows machine and you are having trouble connecting to Unicorn or others via SSH fear not! This a fairly common problem and we will be addressing this issue in no time. Usually, this happens because Windows does not have the SSH-agent turned on by default which won't allow you to properly leverage the "Forwarding Agent" that will allow you to clone github repos on Unicorn.
Before we get started, make sure you have the most recent version of PowerShell installed and open a window as administrator. If you haven't already, you will need to generate an SSH-key and add it to your github account, you can follow instructions here This is important as it is this key that the "ForwardAgent" will use to access github.
IMPORTANT: DO NOT GENERATE A KEY PRIVATE KEY ON A MACHINE YOU DO NOT OWN.
Private keys, the ones generated by the ssh-keygen command, should only reside in a machine you have full control and cannot be reached by others for security reasons. You public keys, which is the one generated and saved on github is safe to use on other machines.
Finally by following the steps found in Practically using github while SSH'ed into a test or production server you should be able to access Unicorn and we are finally ready to set up our ForwardAgent.
Prior to running the ssh-agent, you will need to update OpenSSH as the default Windows ForwardAgent does not work with Ubuntu 22+. To do this you will open Powershell as administrator and run the following commands:
Search for the package:
-
winget search "openssh beta"Install new OpenSSH: winget install "openssh beta"
Now the new OpenSSH should be installed!
Incase you want to uninstall you can run this command:
winget uninstall "openssh beta"
Back to setting up the SSH ForwardAgent. If the follow command:
Get-Service ssh-agent
Gives you a "Stopped" status for your SSH agent as seen below:
Status Name DisplayName
------ ---- -----------
Stopped ssh-agent OpenSSH Authentication Agent
And if Get-Service ssh-agent | Select StartType
Shows gives the following output:
StartType
---------
Disabled
This means that Windows does no currently have an agent running. To activate a new SSH-Agent you will need to do the following:
- Set the agent to Manual activation:
Get-Service -Name ssh-agent | Set-Service -StartupType Manual
- Then you activate your agent:
Start-Service ssh-agent
- Add the path to your SSH-keys:
ssh-add path\to\ssh\key
- Sanity check, if the following command gives you a long string of random things it worked! Otherwise it will give you a message regarding missing ssh-agents.
ssh-add -L
When using tmux, the socket for ForwardAgent gets messed up if you're disconnecting and reconnecting. The symptom will be that you can connect to the server fine, but when you try and do git operations or ssh to a third server, it fails. The fix requires some configuration which is discussed in this thread, with additional hints here. The tldr is to modify the configuration on each server you're using (e.g., pegasus/unicorn):
Create ~/.ssh/rc with this content:
#!/usr/bin/sh
if [ ! -S ~/.ssh/ssh_auth_sock ] && [ -S "$SSH_AUTH_SOCK" ]; then
ln -sf $SSH_AUTH_SOCK ~/.ssh/ssh_auth_sock
fi
Then make sure to chmod 755 ~/.ssh/rc to make it executable
In your ~/.ssh/config, add the following:
# https://gist.github.com/martijnvermaat/8070533?ref=jwon.me
Host *
IdentityAgent ~/.ssh/ssh_auth_sock
DEPPRECATED: .tmux.conf.local changes should not be necessary, but keeping in case it fixes unusual cases. The above two file changes should be sufficent... If you find otherwise, please contact jeffbl so these instructions are accurate.
In ~/.tmux.conf.local, add:
# https://stackoverflow.com/questions/21378569/how-to-auto-update-ssh-agent-environment-variables-when-attaching-to-existing-tm
set-option -g -u update-environment[3]
# https://serverok.in/ssh-agent-forwarding-with-tmux
set-environment -g 'SSH_AUTH_SOCK' ~/.ssh/ssh_auth_sock