SSH Connection: Two Local Machines with One Virtual Machine

#1

SSH Connection: Two Local Machines with One Virtual Machine

In this guide, we check how to use the same SSH key pair from two different local machines to access the same Virtual Machine (VM). You’ll need to follow these steps on both local machines and the VM, assuming you’re using OpenSSH as your SSH client and server.

The steps are for general use, but it applies to ThreeFold and the Dashboard.

1. Generate or Use an Existing SSH Key Pair

Option A: If You Already Have a Key Pair

If you already have a private key file (id_rsa) and its corresponding public key file (id_rsa.pub), proceed to the next step.

Option B: Generating a New SSH Key Pair if Necessary

If not, you can generate one using OpenSSH with:


ssh-keygen -t rsa

This command generates a new key pair in your ~/.ssh/ directory. It’s recommended to use -t rsa for compatibility.

2. Copy the Public Key

Copy the contents of id_rsa.pub (not the private key, just the public key) to the VM’s authorized_keys file. This can be done manually by logging into the VM or remotely using SSH with a password and then copying the key directly via:


ssh user@vm_ip "mkdir -p ~/.ssh; echo 'your_public_key' >> ~/.ssh/authorized_keys"

Replace 'your_public_key' with the actual content of your id_rsa.pub, and make sure to include the VM’s SSH path correctly.

Note: The public key is automatically copied into the VM running on the TFGrid e.g. when you deploy with the Dashboard.

3. Restrict Access (Optional)

If you have multiple local machines accessing the same VM, consider adding restrictions in the authorized_keys file on the VM to only allow access from specific IP addresses or hostnames using the following format:


command="echo 'Your command output'; exit 0" ssh-rsa your_public_key user@host1

Replace 'your_public_key' with your actual public key, and update user@host1 to match each of your local machine’s usernames and hostnames.

4. Configure SSH Agent

On both local machines:

  • Ensure that the SSH agent is running (ssh-agent -s).

  • Add the private key to the SSH agent for use by all users on the system with ssh-add /path/to/your/id_rsa.

This allows you to access the VM without typing your password each time, as long as the SSH client can connect to the agent process.

5. Connect

On both local machines:

Use the following command to connect to the VM using the shared key pair:


ssh -i /path/to/your/id_rsa user@vm_ip

Replace /path/to/your/id_rsa with the path where you store your private key (id_rsa).

Important Considerations

  • Key Security: Ensure that both local machines’ SSH agent processes are secure, especially if multiple users have access to them. The security of the shared key depends on these settings.

  • SSH Agent Persistence: If one machine’s SSH agent goes away (e.g., due to logout or restart), you might need to reconnect it to use your keys.

Using a single SSH key pair across different machines for accessing the same VM can simplify management, especially when multiple users and machines need to access it. However, securing this key and ensuring that its storage complies with security policies is crucial.

2 Likes
#2

Use an SSH Key Pair from One Local Machine to Another Local Machine to SSH into a VM

Here is a quick guide to learn how to use an SSH key pair that you generated on a computer (say local computer 1) on another computer (say local computer 2) to access a VM. This works as long as you copy the private key to local computer 2. Here’s how you can do that:

  1. Locate the SSH Key Files: On local computer 1, your SSH keys are typically located in ~/.ssh/. The default key files are id_rsa (private key) and id_rsa.pub (public key).

  2. Copy the Private Key: You need to securely copy the private key (e.g., id_rsa) from local computer 1 to local computer 2. Important: Make sure you do this securely and do not expose your private key. Using a USB drive or secure file transfer methods is recommended. The private key should never be shared publicly.

  3. Place the Key on Local Computer 2: On local computer 2, place the private key in the ~/.ssh/ directory. Make sure to set the correct permissions on the key file. You can do this with the following commands:

    mkdir -p ~/.ssh
cp /path/to/copied/id_rsa ~/.ssh/
chmod 600 ~/.ssh/id_rsa  # Only the user should have read and write permissions

  4. Add the Public Key (if necessary): If the public key is not already present in the ~/.ssh/authorized_keys file on the VM, you might need to add it there. You can do this by copying the public key from local computer 1 and appending it to the ~/.ssh/authorized_keys file on the VM.

    Note: If you use the Dashboard to deploy a VM, the public key is already set in the authorized_keys folder.

  5. Connect to the VM: Now you should be able to access the VM from local computer 2 using the following command:

    ssh username@vm_ip_address

Ensure to replace username with the appropriate user on the VM, and vm_ip_address with the actual IP address or hostname of the VM.

Security Considerations:

  • Keep your private key private: The private key should be kept secure and not shared with anyone.
  • Use passphrases: Consider using a passphrase for added security when generating the SSH key pair to enhance security.
  • Remove unused keys: If you no longer need access from local computer 1, consider removing the private key from that machine.