Skip to content

How to give other people access to an instance

These instructions will describe how to share direct ssh access to an instance with another person. Note that this process works for one instance user at a time (e.g. ubuntu).

Receive their public ssh key

The first step to allow another person access to an instance is to receive a public ssh key from them. If they're unfamiliar with creating ssh keys, or if they need to create a new pair specifically for this context, they can follow the relevant section in the Training Handout.

Once the person has generated their keypair, direct them to send you their public ssh key in a text file. The contents of public ssh key should have this form:

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6D3RuR2j6BvVy6I3Q1amScKYFs+qmI5D37bS9/vgdUvbQx0CnkyuAsx7UpPltXTz3+jkIcGJQqZJUZV1v00/y4iiaHTzp/PxRMT8bzIMw9cOnfZxhSQ1ekUr+wTfT8e5Hs+NabP4bfni/htE7LBk+Mrywgb5I4Mr3fKmKGH4DJzh2YUCt6oC/TivxuKYVrQPEy0BznFuwrHbpQoT6swUa3GaB5nIi/nPyHd6E/EIZ1be+U2y7+efmY9JlQKLaJg6iYumSbibLBQ8qw+ohHbcSBhDUmEiOosuYtvv8L8r3Bvj+2zyFU5DdArSvIPFQbma3/s9oqfYctcqGzVRmFeeJ

Danger

Public ssh keys can be transferred or shared. Public ssh keys should have the file extension .pub and can be viewed by running cat ~/.ssh/id_rsa.pub. Private keys should never be shared or transferred from the machine where they were generated. If you have any questions or concerns, please contact S3IT support.

Add the public key to the authorized_keys file

Once you have received the public key from the person who will access the instance, you must add it to the ~/.ssh/authorized_keys file on your instance.

At any time, you can view the current contents of the ~/.ssh/authorized_keys file by running this command from your instance :

cat ~/.ssh/authorized_keys

By default, the file will contain the public ssh key of the person who created the instance.

Option 1: Use ssh-copy-id from your client

You can use ssh-copy-id to add a public ssh key for a user.

From Mac, Linux, or WSL on Windows:

ssh-copy-id -i ~/path/to/local/key.pub user@ipaddress

This will add the public ssh key to the server, stored as a new line in the file ~/.ssh/authorized_keys.

Option 2: Use a terminal-based text editor from the server

Using a terminal-based text editor to edit the authorized_keys file is also an option if you prefer a more manual approach.

First, it is suggested to make a backup of the authorized_keys file, in case you make any errors during this process.

cp ~/.ssh/authorized_keys ~/.ssh/authorized_keys_copy

To add a new public ssh key, and with the the nano text editor, to open the authorized_keys file:

nano ~/.ssh/authorized_keys

Each line of the authorized_keys file is a public ssh key. The first line of the file that you see is the SSH key used when creating the instance. If there are any more lines, each is a public ssh key that has been added to the instance.

To add a new public ssh key, simply move the cursor to a new line and paste the desired public ssh key. When you are finished, exit the nano editor with CTRL+x. To confirm type y + ENTER.

Before you close the connection, open a second connection to the instance to verify that you have not corrupted the authorized_keys file. If you have any trouble establishing a new connection to the same instance, consider restoring the file from the backup copy: mv ~/.ssh/authorized_keys_copy ~/.ssh/authorized_keys.

Verify a new public ssh key

Once you have added another public ssh key to the authorized_keys file, they should be able to access the instance as described in the Training Handout.

To verify that the ssh login works with the new key pair, confirm that you can access your instance via ssh from a client:

ssh -i ~/.ssh/key user@ipaddress

Info

Access to ScienceCloud virtual machines is, by default, restricted to users on the UZH campus networks or using the UZH VPN. If you need to grant access to an instance to an external collaborator who does not have access to the UZH VPN, please request a guest UZH account for them from your IT Coordinator.


Last update: March 21, 2022