/
SSH Setup and Troubleshooting

SSH Setup and Troubleshooting

Owned by Daniel Arroyo
Last updated: May 23, 2024
2 min read

SSH keys expire after 3 months. If you need to create a new key pair follow these steps.

Setup:

Creating SSH key pair

  1. In Terminal, run (substituting your email address in):

    ssh-keygen -t ed25519 -C "your @allenai.org email address"

  2. This will prompt you to enter a name and location for the keys. Just hit enter to set default keys “id_ed25519” and “id_ed25519.pub,” or you can manually set a location and name for your keys.

  3. Set a password for the key when prompted. This can be the same as your laptop password

  4. Run (modify the path and name if you set a different name)

    cat ~/.ssh/id_ed25519.pub

    and select and copy the contents of that file

  5. Paste the full contents of your .pub file to https://bridge.allenai.org/ssh
    Example:

    ssh-ed25519 AAAAC3NzaC1lZDI1NLAjkksdkflai123jLAKKNndTTBNEObC9wznqdgYt johns@allenai.org

  6. Wait 15 minutes then you should be able to access servers via SSH

  7. To temporarily cache your credentials and avoid having to type your key password each time you connect to a resource via SSH, when you log in to your machine run the following command in terminal and type in your key’s password when prompted (substitute your private key path).

 

If servers have stopped allowing you to log in, or are prompting for an account password, either refresh your key-pair in Bridge by clicking the “renew key” button or create a new key-pair using the above steps, then wait 15 minutes for the change to sync and try logging in again.

Troubleshooting:

Permission denied (publickey):

  • Verify you are logging in using the correct username, you should be logging in with the same username as your Okta login, typically

  • For more detailed information, add verbose to review what keys it is attempting to use

  • If you are a new hire, your account may not have been pushed to our hosts yet, even if you have added your keys to Bridge. If you were hired within the last week, contact IT in the #it slack channel to verify your account is not pending a PR to deploy to the servers

ssh: Could not resolve hostname: nodename nor servname provided, or not known

  • Verify you are using the correct hostname. The hostnames of all Beaker hosts can be found at: https://reconfig-web.apps.allenai.org/

  • Make sure you are connected to VPN, even if you are at the office. The wifi networks at AI2 do not have access to the internal network, so a VPN is still needed.