Wolfgang Tichy

ssh is a way to establish remote connections to access other computers or the data on them. E.g. git can clone or pull via ssh, or you can log into other computers via ssh. For authentication one can use a password, but ssh keys are more secure and also more convenient.

ssh keys

Create a public/private key pair with

cd ~/.ssh
ssh-keygen

Be sure to set a good passphrase when asked in the step above!!!
This makes the files id_ed25519.pub and id_ed25519
id_ed25519.pub is the public key, id_ed25519 is the private key
You can share the public key with anyone, but never share the private key
The public key can now be stored on the machine where we want to log in without password
Copy it to e.g. athene-login.hpc.fau.edu by using

ssh-copy-id username@athene-login.hpc.fau.edu

Never email the private key id_ed25519, keep it safe!

Using an agent for your keys

Note that whenever you make a connection, computers such as quark.physics.fau.edu or bast.hpc.fau.edu will need your key. To access the key, your key-passphrase is needed. If you want to type this passphrase less often, you can set up ssh-agent or a similar program. On Linux ssh-agent should be already installed. But there is also GNOME Keyring and KDE Wallet, which can be used for the same purpose. On most modern Linux desktops, ssh-agent gets launched on login (usually by systemd).

Check if ssh-agent is running and has keys:

ssh-add -l

In case it says "Could not open a connection to your authentication agent", you can start the agent with:

eval `ssh-agent`

To add a key to the agent type:

ssh-add path_to_private_key_on_local_client

This will ask for your passphrase to decrypt your key. The agent then remembers the decrypted key for later use. This way you don't have to enter your passphrase all the time.
The add-key.py script in https://github.com/wofti/WTscripts can be used to simplify this process.

Using add-key.py for your keys

Note that add-key.py still uses ssh-agent. It merely simplifies its use.
Installing add-key.py:

cd ~
git clone https://github.com/wofti/WTscripts.git
mkdir bin
ln -s ~/WTscripts/add-key.py ~/bin/add-key.py

Display help:

add-key.py -h

Usage:

eval `add-key.py path_to_private_key_on_local_client`

This will check if ssh-agent is running. If yes it will add the key, it not it will start ssh-agent and then add the key.

Agent forwarding

You can run an ssh-agent on every computer that you log in, and with add-key.py this is even quite easy.
However, there is an even better way!
Just use ssh-agent or add-key.py on your local computer (e.g. your laptop), and then forward this ssh-agent to any remote machine you log in. E.g.:
```
ssh -A username@athene-login.hpc.fau.edu
```
will allow you to use all your local keys on the remote athene-login.hpc.fau.edu .
If you do not want to type the -A each time, you can add
```
Host athene-login.hpc.fau.edu
  ForwardAgent yes
```
or
```
Host *.fau.edu
  ForwardAgent yes
```
to the .ssh/config file on your local computer (for more options see ssh_config).