Client configuration
To initialize the client on your Linux system, you should run the following command in your local shell:
$ step ca bootstrap --ca-url=https://sshproxy.hpc.cineca.it --fingerprint 2ae1543202304d3f434bdc1a2c92eff2cd2b02110206ef06317e70c1c1735ecd
ATTENTION: if you have a previous version of smallstep installed and configured on your system, the client will ask if you want to overwrite the existing configuration. To save a copy of a previous version of smallstep installed and configured on your system, make a copy of the directory .step.
If the command run correctly, the prompt will report you the following messages:
The root certificate has been saved in <path-to>/.step/certs/root_ca.crt.
The authority configuration has been saved in <path-to>/.step/config/defaults.json.
Certificate
To use the certificate, the user should activate the ssh-agent running:
$ eval $(ssh-agent)
At this point, to obtain the certificate run:
$ step ssh login '<user-email>' --provisioner cineca-hpc
the command will report on the shell an output like the following one:
Once you have obtained the certificate, the following page on keycloack will open automatically on the browser.
The user has to put his/her cluster credentials (username and password) and push the button "Sign in". Then, the keycloak will ask for the OTP code generated by the Authenticator ( see Configure the OTP ).
It is possible to check the own certificate running on the shell the following command:
$ ssh-add -L