Skip to content

Generating RSA SSH Key Using ssh-keygen

In order to facilitate logging in without having to type your ONID password every time, you can generate a ssh key that validates your identity without a password. Using this method also eliminates the need for using DUO authentication.

Here is a step-by-step guide on how to generate an RSA SSH key using the ssh-keygen command in Linux, MacOS, and the Windows Subsystem for Linux (WSL).

  1. Open Terminal: Launch your terminal application. This can typically be found in your system's applications menu.

  2. Generate RSA SSH Key: Enter the following command to begin the key generation process:

    ssh-keygen -t rsa -b 4096

    This command tells ssh-keygen to generate a new key using the RSA algorithm.

  3. Specify File Location: After running the command, you'll be prompted to specify the file in which to save the key. Press Enter to accept the default location (~/.ssh/id_rsa).

  4. Enter Passphrase (Recommended): Next, you'll be asked to enter a passphrase. This adds an extra layer of security to your key. If you don't want to use a passphrase, simply press Enter.

  5. Confirm Passphrase: If you entered a passphrase, you'll be asked to confirm it. Enter the same passphrase again and press Enter.

    Your RSA SSH key has now been generated and saved in the specified file.

  6. Copy Public Key to Infrastructure: Run this command to copy the public key to the infrastructure:

    ssh-copy-id -i ~/.ssh/id_rsa.pub USER@hpc.cqls.oregonstate.edu

    When prompted, enter your ONID password, and enter 1 to send a push to your Duo mobile app. Confirm the log-in using your phone.

Reminder

Remember to connect to the VPN first if you are connecting from an off-campus location, or using wi-fi on campus.

Alternative to ssh-copy-id

If you can't seem to get the ssh-copy-id command to work, you can simply log in as usual to the shell-hpc machine and copy-paste your public key on a new line in the ~/.ssh/authorized_keys file.

  1. Test for Success: Run this command to test your ssh keys:

    ssh USER@hpc.cqls.oregonstate.edu

Potential Issues

  • Permission Denied: If you see a "Permission denied" error when trying to generate your key, it may be due to incorrect permissions on your .ssh directory or your home directory. You can fix this by running chmod 700 ~/.ssh to set the correct permissions. You may also need to do the same in your home directory on the infrastructure, along with chmod 600 ~/.ssh/authorized_keys.

  • Overwriting Existing Key: If you already have an RSA SSH key, ssh-keygen will ask if you want to overwrite it. Be careful not to overwrite a key that you're currently using, as you could lose access to systems that are configured with the old key.

  • Lost Passphrase: If you forget your passphrase, you'll need to generate a new key. There's no way to recover a lost passphrase.

Reminder

Remember, keep your private key secure and never share it with anyone. Your public key, on the other hand, can be shared freely and is used by others to encrypt messages that only you can decrypt with your private key.