GECo Trac
How to get a new GECo computer account
There are two ways to obtain an account on the GECo network:
- See the administrator in person. He/she will create your account and give you a password.
- If you can not see the administrator in person, send to the administrator
via email the following information:
- full name
- prefered username
- email address
- a phone number where you can be reached so that your new password can be given to you verbally
- If you have your own computer, send to the administrator via email the
following information:
- full name
- prefered username
- email address
- a copy of the public key from an ssh RSA key pair (see below for how to generate an ssh keypair)
SSH key authentication
SSH public key authentication uses a pair of keys that are generated on a local private machine. The key pair consists of two keys: a public key, and a private key. The public key is copied on to the remote machines to which you wish to connect via ssh. The private key is *PRIVATE*. It is to be closely guarded, never shared or given away, and preferably protected by a password. You should think of the key pair as an electronic identity.
Generating an SSH key pair
Generating an ssh keypair can be done on most posix-based systems (Linux, BSD MacOSX, Cygwin on windows) by issuing the following command at the command prompt (the following is an example of running the command as username 'user' on a Debian Linux system named 'localhost'):
user@localhost:~$ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/user/.ssh/id_rsa): Enter passphrase (empty for no passphrase): foobar Enter same passphrase again: foobar Your identification has been saved in /home/user/.ssh/id_rsa. Your public key has been saved in /home/user/.ssh/id_rsa.pub. The key fingerprint is: xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx user@localhost user@localhost:~$
Although you can have empty passwords for your RSA key, it is a *highly* recomended that you protect your key with a password. Once you enter the password, an RSA key pair will be generated in your ~/.ssh directory. The public key will probably be called "~/.ssh/id_rsa.pub". The contents of this file are what you need to send to the administrator. The private key is stored in the file "~/.ssh/id_rsa". Keep the private key private. Don't let anyone else have acess to it, or they will be able to access your account.
Once you have sent your RSA public key to the administrator, they will set you up with an account. You may then log into geco.phys.columbia.edu with ssh using your new GECo username and the RSA key that you generated (this should happend automatically when you try to log into geco.phys.columbia.edu via ssh) (see next section). Things to note:
- You must log into GECo using ssh from the same account where you generated the RSA key pair.
- Do not move the private RSA key from the account where it was originally generated. It is a grave security risk to do so. If you must log into GECo from a different account, generate a new RSA key pair in the new account, and append the new public part of the key pair to the ~/.ssh/authorized_keys file in your GECo home directory.
Windows users can also use the PuttyGen utility to generate RSA key pairs.
Once you have your GECo account
Once you have your GECo account, you should verify that you can log onto the main GECo server (zajos) via ssh. When logging on for the first time, you will be asked to verify the fingerprint of the RSA key of the server. The RSA key fingerprint for zajos is:
fc:09:78:d6:eb:3d:a4:80:e0:e9:af:9f:d2:ac:75:32
You should therefore see the following when you ssh to zajos for the first time:
user@localhost:~$ ssh user@geco.phys.columbia.edu The authenticity of host 'geco.phys.columbia.edu (128.59.170.159)' can't be established. RSA key fingerprint is fc:09:78:d6:eb:3d:a4:80:e0:e9:af:9f:d2:ac:75:32. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'geco.phys.columbia.edu,128.59.170.159' (RSA) to the list of known hosts. Password: foobar user@zajos:~$
If the fingerprint does not agree, check the hostname, and then contact the administrator.
Finally, you must read the GECo Computer Users Guide.