===== Using SSH with a Key-Pair =====
Secure shell (i.e., ''%%ssh%%'') normally prompts you for an ID and password when you login, however, it's possible to "sidestep" this process using a public/private key pair for authentication. This is particularly convenient when using some other protocol (e.g., SVN, Git) on top of SSH. To take advantage of this feature you must first create such a pair and then provide the server with your public key.
=== Checking for an Existing Key-Pair ===
You may already have a key-pair (that was created for some other purpose). If so, you should use it.
To check, open a command shell and navigate to your home directory (e.g., ''%%\users\username%%'' in MS-Windows, ''%%~%%'' in Unix/Linux and OS X) and see if you have a directory/folder named ''%%.ssh%%'' (note the period). If you do, it will contain the files ''%%id_rsa%%'' (your private key) and ''%%id_rsa.pub%%'' (your public key).
If you have these files then you do not need to create a key-pair.
=== Creating a Key-Pair ===
You can create a key-pair using the ''%%ssh-keygen%%'' utility from the command shell. (In versions of MS-Windows prior to 10 you will need to use the PuTTY Key Generator or the MSYS/MINGW shell, both of which are available for free.)
To do so, enter the command:
ssh-keygen -C "Generated YYMMDD"
where YYMMDD is the date. (Note: The -C flag simply inserts a comment that is useful when trying to identify key pairs.) By default, ''%%ssh-keygen%%'' will generate a key with 2048 bits. This can be changed using the ''%%-b%%'' flag.
Then press Enter in response to the prompts (unless you want to change the directory/folder where the keys will be stored and/or want to further protect your private key with a passphrase).
This will create two files, one named ''%%id_rsa%%'' (your private key) and one named ''%%id_rsa.pub%%'' (your public key). As the name implies, you should not give your private key to anyone, but you can give your public key to anyone without risk.
=== Copying your Public Key to a Linux Server ===
On Linux servers, a user's public keys are stored in the file ''%%~/.ssh/authorized_keys%%''. If you have ''%%ssh-copy-id%%'' on your computer, you can use it to upload your public key to a Linux server (e.g., ''%%stu.cs.jmu.edu%%'' and append it to this file. If not, you will need to upload the file manually (e.g., using SCP) and then append it to this file as follows:
cat id_rsa.pub >> ~/.ssh/authorized_keys
If the ~/.ssh directory does not exist you can create it. SSH has strict permission requirements on these files:
mkdir ~/.ssh
chmod 700 ~/.ssh
touch ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
=== Logging-In using the Key-Pair ===
At this point, you should be able to use SSH (either directly or indirectly) to login to the Linux server without providing an ID and/or password.
=== SSH Config File Example ===
Below is an example ssh config file that on linux and mac would be located at ''%%~/.ssh/config%%''
Host *
ServerAliveInterval 30
ServerAliveCountMax 120
AddKeysToAgent yes # https://man.openbsd.org/ssh_config#AddKeysToAgent
IdentitiesOnly yes
Host github.com
IdentityFile /Users/tgm/.ssh/githubta
Host stu
HostName stu.cs.jmu.edu
# next setting only necessary if you aren't using a default-named key like id_rsa or id_ed25519
# IdentityFile ~/.ssh/fac.cs.jmu.edu
User stewarmc # if you specify a user, you don't have to put the user@ when connecting via ssh
Host aplaceicantreachdirectly
HostName internalonly.cs.jmu.edu
ProxyJump stu
## some ssh servers may be listenign on a non-standard port. (the standard is 22)
# Port 23 # is typically for telnet, but people can do what they want with their servers
Test the github one:
ssh -T git@github.com