COMS 3157 Advanced Programming

SSH Keys

This is not required material

SSH keys allow you to log on to a remote server (like CLAC!) using a public-key cryptosystem for authentication. This allows you to log on without typing your password!

In a public-key cryptosystem your local machine has an encrypted private key (which should be kept secret) while the server has a corresponding encrypted public key. This keypair lets you log in securely without a password. These keys are traditionally encrypted using RSA encryption, but in recent years a newer encryption algorithm, Ed25519, has gained in popularity.

Generating ssh keys

We recommend Github’s SSH key guide. You should follow the steps up to (but not including) the section titled “Generating a new SSH key for a hardware security key”.

Please note the following:

Copying your public key to CLAC

Once you have created your keypair, you’ll need to copy your public key over to CLAC, using the following command. Make sure you replace your uni in the commands below and note that it will prompt you for your password.

Replace the public key path with your own path (most likely something like ~/.ssh) and make sure you are copying over

ssh-copy-id -i ~/.ssh/

If you do not have the ssh-copy-id command on your system you can run the following command to copy the public key over:

cat ~/.ssh/ | ssh “mkdir -p ~/.ssh; cat >> ~/.ssh/authorized_keys”

Again, if you created an RSA keypair instead of an Ed25519 keypair, replace all instances of ‘ed25519’ with ‘rsa’.

Now you should be able to type ssh and it will log in without requiring a password! You can copy over one public key to many computers if you are logging into many different computers/accounts from one main computer.

Setting up an ssh config file

It is also recommended to set up a config file for ssh on your local machine. This config file will allow you to use ssh clac as a shorthand to ssh into your CLAC account. In addition, this will allow commands built on top of the SSH protocol (such as SFTP and rsync) to authenticate using your SSH keys instead of a password.

Please add the following lines to a file called config in your ~/.ssh directory (on your local machine):

Host clac
  User <your-UNI-here> 
  AddKeysToAgent yes

The AddKeysToAgent option tells your local computer to add any keys you have to its ssh-agent which is a program used to determine which keys can be used as authentication when ssh-ing.

As always, feel free to stop by during office hours or start a thread on the listserv if you want help setting any of this up.