User Tools

Site Tools


SSH Access

To access KeckCAVES computers via SSH, you must use public-key authentication. Password-based access is not allowed due to security concerns with guessable or compromised passwords.

To get your public key registered, please send it to Braden (

This only applies to you if you use an ssh-based program to log in remotely to KeckCAVES computers, e.g. using ssh, sftp, or scp. This doesn't affect logging into the computer when physically sitting at it; for that, you still use your password.

What is public key authentication?

Basically, you create a key pair, which consists of a public key and a private key. As the names suggest, you keep the private key to yourself, but can distribute the public key to anyone with whom you wish to authenticate yourself. Using the magic of public-key cryptography, anyone with the public key can confirm if you have its corresponding private key, without ever needing to see that private key.

Where is my public key?

You perhaps already have a public key generated. If you are on a UNIXy system, you can check the .ssh directory in your home directory for an file:

cat ~/.ssh/

Send this file (or just its contents) to Braden (

I have no public key! How do I get one?

Don't worry, it is easy to generate a key pair.

From the command line, you can enter:

ssh-keygen -b 2048 -t rsa

This will go through the steps to generate a key pair.

By default it will want to place it in your .ssh directory, which is also what you want.

It will then prompt for a passphrase to lock your private key. Choose a good one. 1)

You will now have a key pair! You can find your public key as in your .ssh directory.

Your desktop OS will probably have some kind of keychain application that will save you from needing to continually re-enter your passphrase, if you are concerned by such things. You can change the passphrase later if you wish. However there is no way to recover a lost passphrase; you'd need to regenerate a key pair and register the new public key.
keckcaves/ssh_access.txt · Last modified: 2011/07/06 00:01 by braden