SSH (Secure SHell) is a command line program used to interact with remote machines and issue commands to them. SSH is used to connect to the Strelka Computer Cluster, GitHub Enterprise, and other servers. Most Swarthmore systems using SSH require a cryptographic key instead of a password to log in. A cryptographic key consists of a public key, which can be shared with others, and a private key, which must be kept secret. To set up your account on a remote server, provide the systems administrator with your public key. 

Always keep your private key a secret. Sharing your private key is like sharing a password and allows other users to log in to your user account.  

Windows users: follow the instructions on the Connect to Strelka from Windows page. Alternatively, Windows users can set up Git Bash or Windows Subsystem for Linux and follow the instructions below.

Thanks to Andy Danner in Computer Science for providing the basis for these instructions. 

Checking for existing SSH Keys

If you already have an SSH key, you can skip the next step. If you're not sure, you probably do not already have a key. You can check by issuing the command:

ls -l -a ~/.ssh

If you see files named id_rsa and, you already have a key. If those files aren't there, or you're told that you have no such directory named .ssh, you'll need to generate a key.

Creating an SSH Key

GitHub has a good comprehensive guide on the subject, but the abbreviated version is below.

Run the command ssh-keygen -b 4096 -t rsa.  This will give you the output:

$ ssh-keygen -b 4096 -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/[username]/.ssh/id_rsa):

Press enter to confirm the default location of /home/[username]/.ssh/id_rsa. Next, it'll ask you for a passphrase:

Enter passphrase (empty for no passphrase):
Enter same passphrase again:

Set a passphrase that you'll remember and then confirm it a second time. After confirming your passphrase, it'll print a key fingerprint and some strange abstract ASCII artwork that you can safely ignore.

Make sure to remember your passphrase or store it securely in a password manager.  If you forget your passphrase, it is not recoverable and you will need to generate a new SSH key.

There will be two files created in the  /home/[username]/.ssh directory: id_rsa (private key) and (public key).  

Getting the Public Key

The file contains your public key. Print the contents of the file by executing:

cat ~/.ssh/

To share the public key, copy the entire output of that file.

Multiple Computers

It is possible to copy your key from one computer to another to avoid the need to generate multiple keys.

On the original computer, go to the .ssh directory and copy the id_rsa and files to the same location on a new computer. The .ssh directory is located at /Users/<username>/.ssh (macOS) or /home/<username>/.ssh (Linux). Replace "<username>" with your computer username.

If  the .ssh directory doesn't exist, create it and set the appropriate permissions as follows:

Create .ssh directory on macOS

mkdir /Users/<username>/.ssh
chmod 700 /Users/<username>/.ssh

Create .ssh directory on Linux

mkdir /home/<username>/.ssh
chmod 700 /home/<username>/.ssh

Then copy the key files into the .ssh directory and set the permissions on the key files as follows:

cd /Users/<username>/.ssh (macOS) or cd /Users/<username>/.ssh (Linux)
chmod 644
chmod 600 id_rsa

Multiple keys

If there is already id_rsa file on the second computer, it is possible to rename the key to something else and then specify the key name when making an SSH connection. For example, if you have a desktop computer with a key and want to copy the key to a laptop that already has an id_rsa file, you can rename the desktop keys to id_rsa_desktop and, put them in the /Users/[username]/.ssh (macOS) or /home/[username]/.ssh (Linux) directory on the laptop, and ssh with a specific key using the -i flag.

SSH with a specific key
ssh -i id_rsa_desktop
  • No labels