Key Generation
In this part of the documentation, the term client refers to the computer where Agilab is installed. The remote account refers to the account provided during the AGI installation process. This account is used by AGI to establish SSH connections to the remote server. Ensure that the account exists on the server.
Generate the keys
On the client, generate a pair of public and private key using:
ssh-keygen -a 100 -t ed25519
You will be prompted for a passphrase. Store it securely, such as in a password manager.
If you have not changed the default path, the public key will be stored in ~/.ssh/id_ed25519.pub and the private key in ~/.ssh/id_ed25519.
Loading the private key in SSH Agent
Load the private key
To load the private key into the SSH agent, follow these steps:
On windows:
ssh-add $env:USERPROFILE/.ssh/id_ed25519
On Linux:
ssh-add ~/.ssh/id_ed25519
If you have set a passphrase, you will be asked to enter it. If you encounter any permission-related errors, refer to the Permissions section.
On Linux, if a window titled “Enter password to unlock the private key” appears when trying to establish an SSH connection, enter the passphrase and check the box “Automatically unlock this key whenever I’m logged in”.
Verify the key Addition
To check if the key has been correctly added to the agent:
ssh-add -l
It should display the public key (not private). To manually check the public key:
On Windows:
cat $env:USERPROFILE/.ssh/id_ed25519.pub
On Linux:
cat ~/.ssh/id_ed25519.pub
Copy the public key to the server
To authorize connections to the server, add your public key to the server’s authorized keys:
– Unix client and Unix Server:
ssh-copy-id -i ~/.ssh/id_ed25519 <remote account>@<server ip address>
– Unix client and Windows Server:
cat ~/.ssh/id_ed25519.pub | ssh <remote account>@<windows server ip> "cat >> C:/Users/<remote account>/.ssh/authorized_keys"
– Windows client and Windows server:
Get-Content -Raw "${env:USERPROFILE}\.ssh\id_ed25519.pub" | ssh <remote account>@<server ip> "cat >> C:/Users/<remote account>/.ssh/authorized_keys"
– Windows client and Unix server:
Get-Content -Raw "${env:USERPROFILE}\.ssh\id_ed25519.pub" | ssh <remote account>@<linux server ip> "cat >> ~/.ssh/authorized_keys"
SSHD Service
Check the configuration
Check the SSH server configuration in the sshd_config file:
Windows Server:
C:\ProgramData\ssh\sshd_configUnix Server:
/etc/ssh/sshd_config
Ensure the following configuration is set:
PubkeyAuthentication yes
PasswordAuthentication no
To modify, open the file in an elevated text editor, update the lines as shown above, and restart the SSH server (see `Restart SSH Server`_ section).
Restart the SSHD service
– On Windows Server (admin):
Restart-Service sshd # Restart SSH Server Restart-Service ssh-agent # Restart SSH Agent
– On Unix Server:
sudo systemctl restart ssh # Restart SSH Server eval "$(ssh-agent -s)" # Restart SSH Agent
Check the service status:
– On Windows Server (admin):
Get-Service sshd Get-Service ssh-agent
– On Unix Server:
sudo systemctl status ssh # Check SSH Server status ssh-add -L # Check if the SSH agent is running
Permissions
On Windows
Ensure that the .ssh folder and files id_ed25519 and authorized_keys have the correct permissions:
.ssh\id_rsa AUTORITE NT\Système:(F)
BUILTIN\Administrateurs:(F)
%USERNAME%:(M)
To view permissions:
icacls "$env:userprofile\.ssh"
To set correct permissions:
icacls "$env:userprofile\.ssh\id_ed25519" /inheritance:r /grant "AUTORITE NT\Système:(F)" "BUILTIN\Administrateurs:(F)" "$env:username:(M)"
On Linux
Ensure the .ssh folder and files have correct permissions:
chmod 700 ~/.ssh
chmod 600 ~/.ssh/id_ed25519
chmod 600 ~/.ssh/authorized_keys
To verify:
ls -l "~/.ssh"
Useful links
If you need more informations about ssh configuration, the following guides may be helpful: - For Unix: Debian documentation
For Windows/ Microsoft documentation