SSH Key Authentication - ARC-Lab-UF/docs GitHub Wiki

This page is a guide on setting up key-based authentication for connecting to the servers via SSH. You don't really need to know how exactly key-based authentication works to follow this guide, but if you are curious, see this page.

Generating SSH Key Pair

For successful key-based authentication, you need a private key stored on your local computer and a public key stored on the servers you wish to login to. The first step is to generate the key pair.

On your local computer, generate the key pair by running the following command:

# The `ed25519` algorithm is more modern and secure than the default `rsa` algorithm.
ssh-keygen -t ed25519

This will prompt you for a passphrase. Note that you can choose to leave the passphrase blank. If you enter a passphrase, then you would need to type it in when logging into the servers (instead of your GatorLink password). If you choose to leave the passphrase blank, then you don't have to enter a password; however, if someone has access to your private key, they could potentially access your account on the servers.

If you want to use a passphrase AND not have to type in your password every time you login with SSH, see this article. Basically, you have to add your key to an SSH "agent" running on your local computer. You'd need to do this every time you login or reboot your computer.

Personally, I choose to use a key without a passphrase for convenience. I only feel safe doing so, because I only have my private key stored on a single computer/laptop, and the computer itself is secured. Choose your own fate based on your situation.

The previous command should have created the key pair in the ~/.ssh directory by default. Note that the ~ acts as an alias for you user's home directory.

~/.ssh/id_ed25519 is your private key and ~/.ssh/id_ed25519.pub is your public key.

IMPORTANT: NEVER share the contents of your private key. Don't post it or store it online.

Copying Public Key to Server

Next, you must copy the public key that was generated in the previous step to the server(s) you wish to connect to. Note that your user directory on the servers is stored on a NAS, and is shared across all of the available servers. So copying the public key to your user directory will affectively give you the ability to login to all of these servers using the key pair.

The key can be manually copied using traditional methods, but there is a handy command that does it automatically: ssh-copy-id

To copy your public key to the servers, run the following command:

ssh-copy-id username@server

Enter "yes" if prompted, and press enter. Then, you will probably be asked to type in your password. Once you enter your password, the key should be copied to the server.

Finally, try connecting by running the following command on your local computer:

ssh username@server

If everything worked, you should be logged in without having to type your password (unless you chose to secure your private key with a passphrase and the key is not added to your local SSH agent).