COMS 3157 Advanced Programming

SSH Keys

Note: This is not required material.

SSH keys allow you to log on to a remote server (like CLAC) without typing your password, using public-key cryptography.

Under a public-key cryptosystem, you will generate two keys: a private key (which should be kept secret) that is kept on your local machine, and a public key (that may be publicly shared) that is stored on CLAC. When you log in, the server will use your public key to issue a challenge that only your private key can solve. This system is secure enough to supersede the need for typing in your password.

Under a public-key cryptographic system, your local machine has a private key (which should be kept secret) while the server has a corresponding public key. This keypair lets you log in securely without a password. These keys are traditionally encrypted using RSA encryption, but in recent years a newer encryption algorithm, Ed25519, has gained in popularity.

Generating ssh keys

We recommend Github’s SSH key guide. You should follow the steps up to (but not including) the section titled “Generating a new SSH key for a hardware security key”.

Please note the following:

Copying your public key to CLAC

Once you have created your key pair, you’ll need to copy your public key over to CLAC, using the following command:

ssh-copy-id -i ~/.ssh/

If the ssh-copy-id command is not available on your local machine, you can instead run the following command to copy your key to CLAC:

cat ~/.ssh/ | ssh "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"

Make sure you replace your UNI in the shown commands, and adjust the key path (~/.ssh/ if you didn’t use the default suggestion.

Also note that you should still be prompted for your CLAC password when you run either of these commands. You should type that in just as if you were logging into CLAC normally.

Now you should be able to run ssh and login without a password! Using the same command, you can also copy the same public key to other UNIX-based servers.

Setting up an SSH config file

We also recommend setting up an SSH config file on your local machine. It will allow you to use ssh clac as shorthand, instead of having to type out CLAC’s full URL each time. Other commands built on top of SSH such as SFTP and rsync will also pick up your configuration and no longer require passwords.

To set up your SSH config, add the following lines to ~/.ssh/config on your local machine:

Host clac
  User UNI
  AddKeysToAgent yes

The AddKeysToAgent option tells your local computer to add any keys you have to its ssh-agent, a program used to determine which keys can be used for SSH authentication.

Feel free to stop by during office hours or start a thread on the listserv if you want help setting any of this up.


This guide was originally written by Maÿlis Whetsel and Tal Zussman.

Maÿlis Whetsel and John Hui adapted it for the web in Spring 2022.

Last updated: 2022-08-31