Secure Shell (ssh) fundamentals
ssh supports a number of authentication (log-in) mechanisms. Two of the most popular ones are password and passphrase. Normally the password-based login is used by default. Here we will focus on a “passwordless” passphrase mechanism using a key pair.
What is a key pair
A key pair is a set of two text files. One is called the private key. The other one is called the public key. The key pair is generated together. They are the only key files that can “match” with each other.
The private key is the file that you will keep securely on your local computer, normally under the ~/.ssh directory under your HOME directory. The public key is the file that you upload to the remote server, such as Hoffman2 Cluster, GitHub, GitLab or other similar services. For a remote Linux server (such as Hoffman2 Cluster), the public key file is usually appended to the file ~/.ssh/authorized_keys. For remote web service such as GitHub, there should be a web interface to let you upload the public key.
Generating the ssh key pair (on your local computer)
The command to generate a key pair is ssh-keygen. This command should be available on Mac and Linux, and Windows Power Shell. Simply type:
ssh-keygen
and press enter repeatedly for all questions (e.g. using the default setting without a passphrase). At the end, you should have a set of two files: id_rsa and id_rsa.pub under the ~/.ssh directory.
If you want to have more than one key pair, you will have to enter the file name of the new key pair in one of the questions of ssh-keygen.
Managing multiple private keys
Once can create a text file called config under ~/.ssh to instruct ssh how to deal with different servers. As an example, the ~/.ssh/config file looks like the following. The IdentityFile option specifies the file name of the ssh private key.
ServerAliveInterval 60
Host github.com
IdentityFile ~/.ssh/id_rsa-github
User git
Host gitlab.com
Preferredauthentications publickey
IdentityFile ~/.ssh/id_rsa-github
User git
Host hoffman2.idre.ucla.edu
User your_user_name
IdentityFile ~/.ssh/id_rsa-hoffman2
Upload the public key
As long as you keep the private key securely, it is safe to give “others” your public key, e.g. uploading it to a web site or web service. For example, to enable passwordless login to the Hoffman2 cluster, you will copy the public key Hoffman2 Cluster, and append it to the file ~/.ssh/authorized_keys.