Skip to content

SSH keys

Overview

SSH keys are a secure way of logging into JADE without a password. An SSH key has two components:

  • a public key, that you can freely distribute to remote systems such as JADE
  • a private key, that you must keep private and only provide to the SSH client when authenticating

Generating your SSH key

You should create your SSH key on your local PC or laptop.

  • MacOS or Linux: open a terminal
  • Windows: open Powershell

Run this command:

ssh-keygen -t ed25519

You will be asked where to save key, with a default filepath provided:

Enter file in which to save the key (/home/a/aowenson/.ssh/id_ed25519): .ssh/example-key

Enter nothing to accept the default location, or alternatively type a different path. Next you are asked to secure the key with a passphrase.

Enter passphrase (empty for no passphrase):
Enter same passphrase again:

You should secure the key with a strong passphrase, which may be your CCB account password. Note that if you forget your SSH key passphrase, you cannot reset it like you can your CCB account password, your only option is recreating key. The final result will be two files:

$ ls ~/.ssh
example-key  example-key.pub

Here, example-key is my private key that should not be shared, and example-key.pub is my public key that I can distribute freely.

Using your key

To distribute your public key to a server, run this command:

ssh-copy-id -i ~/.ssh/example-key.pub user@login1.molbiol.ox.ac.uk

Number of key(s) added:        1

This appends your public key to the list of authorised keys for your user account: 

$ ssh aowenson@login1.molbiol.ox.ac.uk
$ tail -n1 ~/.ssh/authorized_keys
ssh-ed25519 <your key identifier> <your username that create key>

To use key to login: 

ssh -i ~/.ssh/example-key user@login1.molbiol.ox.ac.uk

SSH agent

To avoid retyping your key passphrase for each login, use an SSH Agent to securely store your private key:

ssh-add path/to/private-key

If you see error that no agent is running, then you need to manually start it:

  • MacOS / Linux: in a terminal run: eval "$(ssh-agent -s)"

  • Windows: in PowerShell run: Start-Service ssh-agent

To avoid retyping user@login1.molbiol.ox.ac.uk, you can create a host configuration in your SSH config file. Your SSH config file is stored at:

  • MacOS / Linux: ~/.ssh/config

  • Windows: %USERPROFILE%\.ssh\config

In this file put:

Host ccb
    HostName login1.molbiol.ox.ac.uk
    User user
    IdentityFile ~/.ssh/example-key

Then you only have to type ssh ccb.