SSH keys:Linux, MacOS X, Cygwin, and other UNIX variants
The "ssh-keygen" command is used to create keys. There are many options for it. We recommend that you run it this way:
ssh-keygen -t rsa -b 2048
This will create and store keys in your ~/.ssh directory. It will overwrite any existing keys as well. The default keytype in MCS is RSA for SSH 2. To generate this key (id_rsa), simply type "ssh-keygen -t rsa -b 2048" and follow the prompts. Example:
$ ssh-keygen -t rsa -b 2048 Generating public/private rsa key pair. Enter file in which to save the key (/some/path/.ssh/id_rsa):
Just accept the default here unless you have a good reason not to. This will put your key in ~/.ssh/id_rsa and your public key in ~/.ssh/id_rsa.pub. The rest of these instructions assume that's what you've done.
Enter passphrase (empty for no passphrase):
We require the use of a passphrase. There are a very limited number of circumstances where a key without a passphrase is acceptable. If you are in doubt, ask us.
Enter same passphrase again:
We require SSH2.
Some machines may put these files in a different spot. If this is the case, make a note of where it puts them and what it names them. The id_rsa (and, if they exist, id_dsa or identity) file is your private key. Keep it secret, keep it safe.
Add your key to MCS account profile
Login to https://accounts.mcs.anl.gov and click the "Add New SSH Public Key" button for each key you want to add.
If you used the defaults, you can see your key from a command line which you can copy and paste into the accounts page:
Using your ssh-key
- if ssh-key files are in your ~/.ssh folder then type:
- if ssh-key files are not in your ~/.ssh folder then type:
ssh -i path/to/private/ssh-key firstname.lastname@example.org
If you run an ssh-agent, it will remember the passphrase for your key while it's running.
If you login to an MCS linux workstation locally through X-Windows, an agent is launched automatically. If not, you can launch one by running:
To add your keys to the agent:
If your keys have a non-standard name or path, you'll need to specify the full path after the ssh-add command.
You will be asked for the passphrase for your .ssh/id_rsa (and .ssh/id_dsa, if applicable).
Now you can ssh to other machines that have your public key and never have a password.
Mac OS X Leopard (10.5) and newer has built-in SSH-agent and key management through the Keychain.
Earlier Mac OS users can use GUI tools such as the following to manage keys and agents: