Phyletica bio photo

Phyletica

Exploring biodiversification.

Email Twitter Github Youtube Interweb Auburn AU Biology AU Museum

Creating SSH keys for remote authentication

Contents

Secure-shell (SSH) keys are a pair of cryptographic keys that can be used to authenticate who you are when you communicate with a remote computer (i.e., a server). The two parts of an SSH key pair are a public key, which you can freely share, and a private key, which you should never share.

Once a key-pair is in place, a remote computer can verify who you are by sending a riddle (an encrypted message) that only your computer can solve. The riddle is created using your public key and can only be solved (decrypted) with the corresponding private key that only you possess. Your computer returns the solution to the riddle (the decrypted message) to the remote computer, proving that you have the corresponding private key. This entire authentication riddle game takes place automatically, and you are freed from the burden of entering a username and password.

Below is a short video and instructions on how to create and use SSH keys.

Check if you have SSH keys

The fist thing we need to do is check to see if you already have SSH keys on your computer. To do this, open your terminal and enter:

ls ~/.ssh

If you see id_rsa and id_rsa.pub listed, you already have a pair of SSH keys.

Create a pair of SSH keys

If you don’t see these listed (or the .ssh directory does not exist), you need to create a pair of SSH keys. To do this, we will use ssh-keygen. When you enter this on the command line, it will prompt you with some options; simply hit enter for each prompt to accept the default (note, if you already have a pair of SSH keys, skip this step):

ssh-keygen

Now, when you:

ls ~/.ssh

You should see the files id_rsa and id_rsa.pub listed.

`id_rsa`
This is the private component of your SSH key pair; do not share it with anyone.
`id_rsa.pub`
This is the public component of your SSH key pair and can be safely shared.

Register your public key with GitHub

Log in to your GitHub account, and go to the “Settings” for your account (there should be a drop down near the top right corner of the GitHub page, with a “Settings” option). Along the left side of your settings page, there should be an “SSH and GPG keys” link; click on this.

Open a shell (terminal) session on your computer and enter:

cat ~/.ssh/id_rsa.pub

The output of this command will show your public SSH key, which should look something like:

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCaZow6ifUAg3g7Qj7N5zJ5fMnQoP
mpAhUqwsvHu/BoXH17TcqP4HdcNoDcprVRwAJL/6ECabdzDyUlGThMKB8w3APqQjqa
7yc98ymdK0LXDpU0IuWCktW9pyn72XizE1bSIOhDkrFKGmtpLW/0jxGhcRN6OtCUI4
V98c2AuU3RKZeTSgfEAWnPJcCQaJkvzktVXO55rsNRe6UxqV4B6O/29YhBeCqyLDL6
VUa7hT+4cqVX8gjLjgDq8jWwxkgeifEt9G1j41 jamie@jamie-XPS-13-9350

Copy the content of this output. Now, go back to GitHub and click “New SSH key.” Paste your copied SSH key into the “Key” field on GitHub. Enter a “Title” that will help you remember what computer the key is from (e.g., dell-laptop). Then hit “Add SSH Key.”

Setting up passwordless SSH login with any server

Do you access a remote computer, such as a computer cluster, using ssh by entering a command like:

ssh YOUR-USERNAME@REMOTE.COMPUTER.ADDRESS

For example, I often log in to AU’s Hopper computer cluster by using ssh jro0014@hopper.auburn.edu. If you answered “No,” then you can skip this section. But, if your answer was “Yes,” you can use your SSH keys to make logging in with ssh easier and more secure.

To do this, you need to put the contents of your id_rsa.pub file into the ~/.ssh/authorized_keys file in your home directory on the remote computer you use. You can do this with one command entered on your computer:

cat ~/.ssh/id_rsa.pub | ssh YOUR-USERNAME@REMOTE.COMPUTER.ADDRESS "cat >> ~/.ssh/authorized_keys"

For example, I added my public SSH key to the authorized_keys file for my account on AU’s Hopper computer cluster using this command

cat ~/.ssh/id_rsa.pub | ssh jro0014@hopper.auburn.edu "cat >> ~/.ssh/authorized_keys"

After you do this and start a fresh shell session, you should be able to log in to your account on the remote computer without entering your password. Rather, your identity is confirmed automatically using your SSH keys.