Enable SSH Access on Remote Server

HowTo Enable SSH Access on Remote Server

This document explains how to connect to a remote server via ssh. It covers the basic creation of an ssh key, how to add an ssh key on a SlapOS instance in both the configuration parameters and the webrunner directly as well as on a remote server.

Table of Content

  • Generating SSH Key
  • Using SSH Key

Generating SSH Key

The following section will show the steps required to generate an SSH key.

Keygen

ls -al ~/.ssh
ssh-keygen -t rsa -b 4096 -C "your_email@example.com"

Before starting verify there are no existing key you can use. If the below outputs a number of files/folders including id_rsa.pub (your existing public key), you can use this key and go continue to the next step.

# list existing keys
$ ls -al ~/.ssh

# show existing public key
$ cat id_rsa.pub

# create new ssh key
$ ssh-keygen -t rsa -b 4096 -C "your_email@example.com"

When creating a new key you will be prompted to "Enter a file in which to save the key". Press enter to store it in the default location. Enter the passphrase you want to use and confirm it. You will be asked for this passphrase whenever making a SSH connection. The passphrase must be 20 characters long to be really secure. Once done, you should have a new id_rsa.pub. You can copy the key and continue.

Using the SSH key

This section will demonstrate how to use the SSH key on a SlapOS server, a hosting subscription and on the Webrunner IDE.

Add SSH key on a (SlapOS node) server

$ ssh debian@xx.xx.xx.xxx
Enter passphrase for key '/home/chronos/user/.ssh/id_rsa':
(...)

debian@slapostest:~$ pwd
/home/debian
debian@slapostest:~$ cd ~/.ssh
debian@slapostest:~/.ssh$ ls
authorized_keys
debian@slapostest:~/.ssh$

To add or change the ssh key on a server, access your server and find the .ssh folder. To access the server without the SSH key means you need to have a different way of accessing it before being able to use SSH.

ssh debian@xx.xx.xx.xxx
    Enter passphrase for key '/home/chronos/user/.ssh/id_rsa':
    (...)
    debian@slapostest:~$ pwd
    /home/debian
    debian@slapostest:~$ cd ~/.ssh
    debian@slapostest:~/.ssh$ ls
    authorized_keys
    debian@slapostest:~/.ssh$

Add the public key you can find on your machine at the same location (~/.ssh) inside the id_rsa.pub file. Next time you log in, you should be prompted for the passphrase you chose for your public key.

Add SSH key on SlapOS hosting subscription

SlapOS - Addding ssh access to hosting subscription

When instantiating a new service on SlapOS (for example here: webrunner) you can add your ssh private key in the Configuration Parameters directly:

<?xml version="1.0" encoding="utf-8"?>
    <instance/>
    <parameter id="user-authorized-key">ssh-rsa xxxxxxxxxxxxxxxxx...
    </parameter>
    <instance/>
    

Click "Save". To then access the webrunner via ssh, use the ssh-command parameter in connection parameter table below. It will look something like this:

ssh-command ssh slapuserXXX@xxxx:xxx:xxxx:x:xx::xxxx -p xxxxx

Use the command in the terminal. Provide the passphrase associated with your ssh key and make sure you are on a IPv6 network as you are using an IPv6 address in your ssh command. More info on use of IPv6 in SlapOS can be found in the SlapOS architecture Design Document.

Refer to gitlab for the full list of available configuration parameters for a Webrunner and resilient Webrunner.

Add SSH key inside Webrunner

Webrunner - Adding ssh access to inside a Webrunner

When using a Webrunner you can enable ssh access by adding your ssh key in Runner's Services Parameter tab. Click new, add parameter name/value and finish by clicking Update Values and then pressing the green button. Once done, you should be able to access your Webrunner using the ssh-command parameter in SlapOS interface connection parameter table. It will look something like this:

ssh-command ssh slapuserXXX@xxxx:xxx:xxxx:x:xx::xxxx -p xxxxx

Thank You

Image Nexedi Office
  • Nexedi SA
  • 147 Rue du Ballon
  • 59110 La Madeleine
  • France