Set Up an SSH Key¶
SSH keys allow you to conveniently authenticate to remote computers by allowing you to connect to them without entering your passsword each time.
This procedure is meant to be done on your local machine.
Note
This procedure should work for Windows, MacOS and Linux users. If you are on Windows and the command below does not work in PowerShell, you must install Git Bash.
1) Generate the Key¶
Open the git bash command line and enter:
$ ssh-keygen
Follow the prompts. It is highly recommended that you use a secure password for your key. It is recommended that you use the default location suggested to stopre the key. You should see something like this:
Generating public/private rsa key pair.
Enter file in which to save the key (/c/Users/user/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /c/Users/user/.ssh/id_rsa.
Your public key has been saved in /c/Users/user/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:2mrihQwvnsIx8gDp8pO01EmCT4PgnTSVgv8Xj1vKNOg user@May2015b
The key's randomart image is:
+---[RSA 2048]----+
| . ... |
|.. + . |
|o++ + |
|=.++. . |
|oo.=... S |
|++++o+ B o |
|+*+o= * * |
|.o*o.E.= |
| .oo.o. |
+----[SHA256]-----+
We can check the contents of the .ssh directory with
$ ls ~/.ssh
id_rsa id_rsa.pub
id_rsa is the private key and id_rsa.pub is the public key
2) Add key to ssh-agent¶
Start the agent by running
$ eval "ssh-agent"
Add the key
# Windows and Linux
$ ssh-add ~/.ssh/id_rsa # or wherever your private key is stored
# MacOS
$ ssh-add -K ~/.ssh/id_rsa # or wherever your private key is stored
For MacOS to remember your private key password, create a file called ~/.ssh/config
and input the following:
Host *
UseKeychain yes
3) SSH agent forwarding¶
If a ~/.ssh/config does not already exist, create it. Add to the file the following:
Host cedar
Hostname cedar.computecanada.ca
User username
ForwardAgent yes
Host graham
Hostname graham.computecanada.ca
User username
ForwardAgent yes
Host beluga
Hostname beluga.computecanada.ca
User username
ForwardAgent yes
Where username is your username on the remote computer. You can add other blocks like these
for other remote computers if you wish.
Now, you should be able to log in to a remote machine using only ssh <host> instead of ssh <username@host.address.com> e.g.
$ ssh cedar
Instead of
$ ssh user@cedar.arc.ubc.ca
4) Install your ssh public key on the remote machines¶
Copy your public key to each of the remote machines in your ~/.ssh/config file, for instance:
$ ssh-copy-id -i $HOME/.ssh/id_rsa cedar
You will be prompted for your password on the remote machine and the key will be installed.
Once your key is installed, you should be able to run commands like ssh, scp, sftp and rsync
without having to enter your password.
Note
You may be prompted for the password to your key when you first log into the remote server via SSH