Add your local SSH Key to a Metworx Workflow


20.x workflows

For legacy performance/envision workflows, please see the next section below.

These actions must be performed once per disk and will persist across workflows:

  1. Upload your private key (generally called: ~/.ssh/id_rsa) from your local computer (laptop, desktop) up to your Metworx workflow and into ~/.ssh/id_rsa using the Rstudio file browsing interface.
  2. Upload your public key (generally called: ~/.ssh/id_rsa.pub) from your local computer (laptop, desktop) up to your Metworx workflow and into ~/.ssh/id_rsa.pub using the Rstudio file browsing interface.

NOTE: It is important to upload both the public and private keys for certain software, such as github/github enterprise, as a match of the id_rsa + id_rsa.pub files is performed during the ssh handshake. If you just upload your private key, cloning repositories or other interactions may fail.

  1. Optional: if your administrator has not added your public key to AWS and you need to manually add it to your workflow to log in from your laptop, also add the contents from your public key (id_rsa.pub) to the file ~/.ssh/authorized_keys.
    You can accomplish this by running the command cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
  2. Adjust the file permissions (this is important as ssh tooling also compares these permissions and may fail otherwise)
export USER=<YOUR_USERNAME>
chmod 700 /data/home/$USER/.ssh
chmod 644 /data/home/$USER/.ssh/authorized_keys
chmod 600 /data/home/$USER/.ssh/id_rsa
chmod 644 /data/home/$USER/.ssh/id_rsa.pub

for example:

export USER=devinp
chmod 700 /data/home/$USER/.ssh
chmod 644 /data/home/$USER/.ssh/authorized_keys
chmod 600 /data/home/$USER/.ssh/id_rsa
chmod 644 /data/home/$USER/.ssh/id_rsa.pub

Metworx V3 (performance/envision) workflows

You may want to use an SSH key on your instance to communicate with another server (e.g., GitHub, a private file server, or a subversion repository).

Metworx V3 workflows are pre-configured to always look for a private key in /data/ssh/metworx.pem. So, whenever you create a new disk (you only need to do this once per disk):

  1. Create a directory, /data/ssh on your workflow
  2. Upload your private key (examples: ~/.ssh/<your name>_key or ~/.ssh/id_rsa) from your local computer (laptop, desktop) up to your Metworx workflow and into /data using the Rstudio file browsing interface.
  3. Rename the key /data/ssh/metworx.pem
  4. Set the permissions of the key. Open the Rstudio shell (Tools -> Shell) and enter the following: chmod 0600 /data/ssh/metworx.pem

Now any call to SSH will offer /data/ssh/metworx.pem as a private key.

Steps

For this doc we will use the following:

  1. workflow name: i-0c9204c1a6b71beb9.metworx.com
  2. username: johnd

Open a terminal tab and ssh to your workflow master node:

ssh johnd@i-0c9204c1a6b71beb9.metworx.com

Create the following directory:

mkdir /data/ssh

Open a new terminal tab on your local machine (do not ssh into the workflow):

First, confirm your key is where it should be and get it's name.

You should see a file with a name like johnd-key or id_rsa. You do not want the one with .pub as the file extension.

$ ls -l .ssh
-r--------  1 johnd  staff   1679 Jul 31 09:09 johnd-key
-rw-r--r--  1 johnd  staff    414 Jan 11  2017 johnd-key.pub

Provided the key is there, do:

scp ~/.ssh/{name-of-your-key} {username}@{worklow_url}:/data/ssh/metworx.pem

For example:

scp ~/.ssh/johnd-key johnd@i-0c9204c1a6b71beb9.metworx.com:/data/ssh/metworx.pem

Go back to your workflow master node:

Confirm the key is there and has the correct permissions:

ls -l /data/ssh/metworx.pem

It should look similar to this (the -r-------- is the most important thing, which means the key is read only.)

-r--------  1 johnd  users   1679 Oct  6 09:09 johnd-key

From here, you should be able to do your checkout without issue.

If you need to change permissions to make your private key read only, run this command:

chmod 400 johnd-key