Add your local SSH Key to a Metworx Workflow
20.x workflows
For legacy performance/envision workflows, please see the next section below.
These actions must be performed once per disk and will persist across workflows:
- Upload your private key (generally called:
~/.ssh/id_rsa) from your local computer (laptop, desktop) up to your Metworx workflow and into~/.ssh/id_rsausing the Rstudio file browsing interface. - Upload your public key (generally called:
~/.ssh/id_rsa.pub) from your local computer (laptop, desktop) up to your Metworx workflow and into~/.ssh/id_rsa.pubusing the Rstudio file browsing interface.
NOTE: It is important to upload both the public and private keys for certain software, such as github/github enterprise, as a match of the id_rsa + id_rsa.pub files is performed
during the ssh handshake. If you just upload your private key, cloning repositories or other interactions may fail.
- Optional: if your administrator has not added your public key to AWS and you need to manually add it to your workflow to log in from your laptop, also add the contents from your public key (
id_rsa.pub) to the file~/.ssh/authorized_keys.
You can accomplish this by running the commandcat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys - Adjust the file permissions (this is important as ssh tooling also compares these permissions and may fail otherwise)
export USER=<YOUR_USERNAME>
chmod 700 /data/home/$USER/.ssh
chmod 644 /data/home/$USER/.ssh/authorized_keys
chmod 600 /data/home/$USER/.ssh/id_rsa
chmod 644 /data/home/$USER/.ssh/id_rsa.pubfor example:
export USER=devinp
chmod 700 /data/home/$USER/.ssh
chmod 644 /data/home/$USER/.ssh/authorized_keys
chmod 600 /data/home/$USER/.ssh/id_rsa
chmod 644 /data/home/$USER/.ssh/id_rsa.pubMetworx V3 (performance/envision) workflows
You may want to use an SSH key on your instance to communicate with another server (e.g., GitHub, a private file server, or a subversion repository).
Metworx V3 workflows are pre-configured to always look for a private key in /data/ssh/metworx.pem. So, whenever you create a new disk (you only need to do this once per disk):
- Create a directory,
/data/sshon your workflow - Upload your private key (examples:
~/.ssh/<your name>_keyor~/.ssh/id_rsa) from your local computer (laptop, desktop) up to your Metworx workflow and into/datausing the Rstudio file browsing interface. - Rename the key
/data/ssh/metworx.pem - Set the permissions of the key. Open the Rstudio shell (Tools -> Shell) and enter the following:
chmod 0600 /data/ssh/metworx.pem
Now any call to SSH will offer /data/ssh/metworx.pem as a private key.
Steps
For this doc we will use the following:
- workflow name: i-0c9204c1a6b71beb9.metworx.com
- username: johnd
Open a terminal tab and ssh to your workflow master node:
ssh johnd@i-0c9204c1a6b71beb9.metworx.comCreate the following directory:
mkdir /data/sshOpen a new terminal tab on your local machine (do not ssh into the workflow):
First, confirm your key is where it should be and get it's name.
You should see a file with a name like johnd-key or id_rsa. You do not want the one with .pub as the file extension.
$ ls -l .ssh
-r-------- 1 johnd staff 1679 Jul 31 09:09 johnd-key
-rw-r--r-- 1 johnd staff 414 Jan 11 2017 johnd-key.pubProvided the key is there, do:
scp ~/.ssh/{name-of-your-key} {username}@{worklow_url}:/data/ssh/metworx.pemFor example:
scp ~/.ssh/johnd-key johnd@i-0c9204c1a6b71beb9.metworx.com:/data/ssh/metworx.pemGo back to your workflow master node:
Confirm the key is there and has the correct permissions:
ls -l /data/ssh/metworx.pemIt should look similar to this (the -r-------- is the most important thing, which means the key is read only.)
-r-------- 1 johnd users 1679 Oct 6 09:09 johnd-keyFrom here, you should be able to do your checkout without issue.
If you need to change permissions to make your private key read only, run this command:
chmod 400 johnd-key