Skip to main content

SSH Keys

SSH keys simplify logins by permitting cryptographicaly-secure authentication through the possession of a keyfile, in place of a password.

Because of this advantage, it is also permissible to use SSH keys for immediate login into Sol without Duo authentication.

Using SSH Keys

Generate an SSH key

This first step generates the public and private key--the two components for login--on your personal workstation.

$ ssh-keygen -t ed25519
Generating public/private ed25519 key pair.
Enter file in which to save the key (/home/user/.ssh/id_ed25519): 
Enter passphrase for "/home/user/.ssh/id_ed25519" (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/user/.ssh/id_ed25519
Your public key has been saved in /home/user/.ssh/id_ed25519.pub
The key fingerprint is:
SHA256:UAY2zyhIZXRFRfGshnxvR1tIUVO43HoL1eAsg3HQDXg user@BIOD2222
The key's randomart image is:
+--[ED25519 256]--+
|  .o+ =+=o...o.++|
| . o o A  ooE +..|
|  . . o .  -.+.+.|
|     . . o..o.=oo|
|        S +  o+..|
|         o . o.o.|
|            o +..|
|           . . . |
|                 |
+----[SHA256]-----+

You may choose to use or not use a passphrase; that is, a password lock on the use of this key.

info

This passphrase does not and should not correspond to your ASURITE password. Use of this key will obviate the need to use your ASURITE password for login, so this passphrase is an alternative you might choose, based on your security needs.

Copy the Public SSH Key

You use ssh-copy-id to copy the public key (.pub) to the host you wish to connect TO.

You maintain your private key on your private workstation, and safeguard it--the private key is the only sensitive key of the pair!

In this step, connect with asurite@sol.asu.edu.

$ ssh-copy-id rcsparky@sol.asu.edu                       
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/user/.ssh/id_ed25519.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
************************************************************************
*                                                                      *
*       ASU Research Computing  |  Duo two factor authentication       *
*                                                                      *
*   Duo approval is required and is sent automatically to your phone   *
*                                                                      *
*        If you do not see the request, open the Duo Mobile app        *
*                                                                      *
************************************************************************
(rcsparky@sol.asu.edu) Autopushing login request to phone...
Success. Logging you in...
Password: 

Number of key(s) added:        1

Now try logging into the machine, with: "ssh 'rcsparky@sol.asu.edu'"
and check to make sure that only the key(s) you wanted were added.

Multiple keys on your system

If you generate multiple SSH keys, to use different keys for different systems, you can specify exactly which ssh key you wish to copy, instead:

ssh-copy-id -i ~/.ssh/id_ed25519.pub asurite@sol.asu.edu

Login with the SSH Key

As the prompt instructs, connect to test it works; it should log you into sol without requesting your ASURITE Password or requiring DUO authentication.

ssh asurite@sol.asu.edu

or

ssh -i ~/.ssh/id_ed25519 asurite@sol.asu.edu