How do I use public key authentication?

Linux & Mac

  1. Open a Terminal and generate a key pair:
    ssh-keygen -t rsa -b 4096
  2. Use a passphrase for appropriate security.
  3. The keys are created in ~/.ssh/ (inside your home directory).
  4. Upload the public key file ~/.ssh/id_rsa.pub to the RCE using an SFTP client like Filezilla, or run:
    scp ~/.ssh/id_rsa.pub your-username@rce.hmdc.harvard.edu:~/
  5. Complete the "On the RCE" steps below to authorize the new key.

Windows

  1. Download PuTTYgen and run it.
  2. Select SSH-2 RSA under Type of key to generate and specify 4096 as the Number of bits in a generated key. Then click on Generate.
  3. Generate entropy/randomness by moving the mouse around as instructed.
  4. Under Key comment, enter your email address.
  5. Specify a Key passphrase and repeat it under Confirm passphrase.
  6. Click on Save public key and save it as id_rsa.pub.
  7. Click on Save private key and save it as id_rsa. You can save it in the same location as the public key.
  8. Upload your public key to the RCE using SFTP (e.g. FileZilla, WinSCP).
  9. Complete the "On the RCE" steps below to authorize the new key.

On the RCE

  1. SSH into the RCE (ssh your-username@rce.hmdc.harvard.edu) or open a Terminal via an NX session.
  2. Make your public key an authorized key:
    cat ~/id_rsa.pub >> ~/.ssh/authorized_keys
  3. Exit the RCE and log in via SSH or PuTTY, and you no longer need to type your password.
.

Storing your SSH key passphrase

You need to enter your passphrase once to unlock your key, but after unlocking your key it will authorize multiple SSH connections when you use an SSH agent to temporarily retain your credentials. You can think of this as being similar to a "password manager" as you would use for a web browser. Examples of SSH agents include Pageant (puTTY/Windows), Keychain (Mac), and ssh-agent (Linux & Mac).

On Mac, add the following to the file ~/.ssh/config (you may need to create this file).

Host *
    AddKeysToAgent yes
    UseKeychain yes

Also make sure to properly set the permissions for this file: chmod 600 ~/.ssh/config
Now the process of adding your passphrase to the Keychain and retrieving it is automated whenever you use ssh or your ssh key is used for authentication.