SSH (Secure SHell) is a command line program used to interact with remote machines and issue commands to them. SSH is used to connect to the Strelka Computer Cluster, GitHub Enterprise, and other servers. Most Swarthmore systems using SSH require a cryptographic key instead of a password to log in. A cryptographic key consists of a public key, which can be shared with others, and a private key, which must be kept secret. To set up your account on a remote server, provide the systems administrator with your public key.
Always keep your private key a secret. Sharing your private key is like sharing a password and allows other users to log in to your user account.
Windows users: follow the instructions on the Connect to Strelka from Windows page. Alternatively, Windows users can set up Git Bash or Windows Subsystem for Linux and follow the instructions below.
Thanks to Andy Danner in Computer Science for providing the basis for these instructions.
Checking for existing SSH Keys
If you already have an SSH key, you can skip the next step. If you're not sure, you probably do not already have a key. You can check by issuing the command:
ls -l -a ~/.ssh
If you see files named
id_rsa.pub, you already have a key. If those files aren't there, or you're told that you have no such directory named
.ssh, you'll need to generate a key.
Creating an SSH Key
GitHub has a good comprehensive guide on the subject, but the abbreviated version is below.
Run the command
ssh-keygen -t ed25519 -C "email@example.com"
This will give you the output:
$ ssh-keygen -t ed25519 -C "firstname.lastname@example.org" Generating public/private rsa key pair. Enter file in which to save the key (/home/[username]/.ssh/id_rsa):
Press enter to confirm the default location of
/home/[username]/.ssh/id_rsa. Next, it'll ask you for a passphrase:
Enter passphrase (empty for no passphrase): Enter same passphrase again:
Set a passphrase that you'll remember and then confirm it a second time. After confirming your passphrase, it'll print a key fingerprint and some strange abstract ASCII artwork that you can safely ignore.
Make sure to remember your passphrase or store it securely in a password manager. If you forget your passphrase, it is not recoverable and you will need to generate a new SSH key.
There will be two files created in the
id_rsa (private key) and
id_rsa.pub (public key).
Getting the Public Key
id_rsa.pub contains your public key. Print the contents of the file by executing:
To share the public key, copy the entire output of that file.
It is possible to copy your key from one computer to another to avoid the need to generate multiple keys.
On the original computer, go to the
.ssh directory and copy the
id_rsa.pub files to the same location on a new computer. The .ssh directory is located at
/Users/<username>/.ssh (macOS) or
/home/<username>/.ssh (Linux). Replace "<username>" with your computer username.
.ssh directory doesn't exist, create it and set the appropriate permissions as follows:
Create .ssh directory on macOS
chmod 700 /Users/<username>/.ssh
Create .ssh directory on Linux
chmod 700 /home/<username>/.ssh
Then copy the key files into the .ssh directory and set the permissions on the key files as follows:
cd /Users/<username>/.ssh (macOS) or
cd /Users/<username>/.ssh (Linux)
chmod 644 id_rsa.pub
chmod 600 id_rsa
If there is already id_rsa file on the second computer, it is possible to rename the key to something else and then specify the key name when making an SSH connection. For example, if you have a desktop computer with a key and want to copy the key to a laptop that already has an id_rsa file, you can rename the desktop keys to id_rsa_desktop and id_rsa_desktop.pub, put them in the /Users/[username]/.ssh (macOS) or /home/[username]/.ssh (Linux) directory on the laptop, and ssh with a specific key using the -i flag.
ssh -i id_rsa_desktop email@example.com