SSH keys:Linux, MacOS X, Cygwin, and other UNIX variants
From MCS IT Wiki
Generate keys.
The "ssh-keygen" command is used to create keys. There are many options for it. We recommend that you run it this way:
ssh-keygen -t rsa -b 2048
This will create and store keys in your ~/.ssh directory. It will overwrite any existing keys as well. The default keytype in MCS is RSA for SSH 2. To generate this key (id_rsa), simply type "ssh-keygen -t rsa -b 2048" and follow the prompts. We require the use of a passphrase. There are a very limited number of circumstances where a key without a passphrase is acceptable. If you are in doubt, ask us.
We require SSH2.
Some machines may put these files in a different spot. If this is the case, make a note of where it puts them and what it names them. The id_rsa (and, if they exist, id_dsa or identity) file is your private key. Keep it secret, keep it safe.
Put public keys in authorized_keys file.
Each of the commands above will generate an associated .pub file. That's your public key. In order for you to tell a host that you want to authorize that private key to identify you, you need to give that host your public key. This is done via ~/.ssh/authorized_keys. Your authorized_keys file on MCS hosts is generated out of your accounts page, so you need to construct the authorized_keys file and get it in there.
If you don't know how to generate an authorized_keys file, please read "How to make an authorized_keys file".
You can get the authorized_keys file into your accounts page in one of two ways. Either:
- Visit https://accounts.mcs.anl.gov/account.php and upload your authorized_keys file into the SSH Public key section, then e-mail systems@mcs.anl.gov to have it activated.
- E-mail the authorized_keys file to systems@mcs.anl.gov, along with a number and time at which you can be reached, and we will call to verify and validate the info before installing it.
(Optional): Agents
If you run an ssh-agent, it will remember the passphrase for your key while it's running.
If you login to an MCS linux workstation locally through X-Windows, an agent is launched automatically. If not, you can launch one by running:
eval `ssh-agent`
To add your keys to the agent:
ssh-add
If your keys have a non-standard name or path, you'll need to specify the full path after the ssh-add command.
You will be asked for the passphrase for your .ssh/id_rsa (and .ssh/id_dsa, if applicable).
Now you can ssh to other machines that have your public key and never have a password.
Mac OS X Leopard (10.5) and newer has built-in SSH-agent and key management through the Keychain.
Earlier Mac OS users can use GUI tools such as the following to manage keys and agents:
