Key-only ssh auth not working?

When logging into baobab I previously, once using ssh-copy-id, was able to log in without a password prompt if a pre-shared key was passed. However this doesn’t seem to be the case any more, and I’m prompted for my password even after removing ~/.ssh/authorized_keys/ and repeating ssh-copy-id. Is this a change in access policy to the cluster?

Hi @Berk.Gercek

The ssh-copy, copies your ssh key into the AuthorizedKeyFile. Changing the authentication method to sshPublicKey in LDAP is the same thing. (To summarize roughly) It’s as if the new AuthorizedKeyFile were the LDAP itself.

I’m checking in LDAP, so far you don’t have any sshPublicKey registered.
Could you check that your sshKey has been correctly registered https://my-account.unige.ch/main/home in the “My SSH public key” section?

The synchronization between my-account and LDAP shouldn’t take too long.

Hey Adrien,

Thanks for the reply! Previously I did not register a public key with Unige, but rather simply used the copy command which worked immediately.

I have several keys, one for each different device I own usually, and so the limitation of the Unige system for a single key would not be great. I used this copy command on each of these devices to baobab, and was then able to use the specific key.

Is the change to LDAP recent? Or was I somehow linked to an older auth system before and now I need to provide a pw after being unlinked? For reference I believe I’ve been on the cluster since 2018

Hi @Berk.Gercek

We sent emails and post on HPC-community to inform in advance of the deployment. We also answer to some question including handling multiple ssh-key in LDAP, in the post:

Please feel free to comment on the previous given post if you have any other questions.

Best Regards,

1 Like

Ok, sorry for missing the emails! I’ll adapt in that case, thanks.