{"id":6928,"date":"2024-11-12T14:24:52","date_gmt":"2024-11-12T19:24:52","guid":{"rendered":"https:\/\/carleton.ca\/scs\/?p=6928"},"modified":"2026-06-30T14:47:59","modified_gmt":"2026-06-30T18:47:59","slug":"passwordless-ssh-with-key-pairs","status":"publish","type":"post","link":"https:\/\/carleton.ca\/scs\/2024\/passwordless-ssh-with-key-pairs\/","title":{"rendered":"Passwordless SSH With Key Pairs"},"content":{"rendered":"\n<section class=\"w-screen px-6 cu-section cu-section--white ml-offset-center md:px-8 lg:px-14\">\n    <div class=\"space-y-6 cu-max-w-child-5xl  md:space-y-10 cu-prose-first-last\">\n\n            <div class=\"cu-textmedia flex flex-col lg:flex-row mx-auto gap-6 md:gap-10 my-6 md:my-12 first:mt-0 max-w-5xl\">\n        <div class=\"justify-start cu-textmedia-content cu-prose-first-last\" style=\"flex: 0 0 100%;\">\n            <header class=\"font-light prose-xl cu-pageheader md:prose-2xl cu-component-updated cu-prose-first-last\">\n                                    <h1 class=\"cu-prose-first-last font-semibold !mt-2 mb-4 md:mb-6 relative after:absolute after:h-px after:bottom-0 after:bg-cu-red after:left-px text-3xl md:text-4xl lg:text-5xl lg:leading-[3.5rem] pb-5 after:w-10 text-cu-black-700 not-prose\">\n                        Passwordless SSH With Key Pairs\n                    <\/h1>\n                \n                                \n                            <\/header>\n\n                    <\/div>\n\n            <\/div>\n\n    <\/div>\n<\/section>\n\n\n\n\n<div class=\"w-full max-w-xl mx-auto overflow-hidden bg-white rounded-lg shadow-lg cu-stackedlist cu-component not-contained not-prose\">\n    <h2 class=\"px-6 py-4 text-base font-semibold border-b rounded-t-lg md:text-xl bg-gray-50 text-cu-black-800\">\n        Table of Contents\n    <\/h2>\n    <div class=\"grid cu-scrollto cu-stackedlist--toc cu-stackedlist--1 md:grid-cols-1\">\n            <div class=\"space-y-1\">\n                    \n            <div class=\"pl-4 text-cu-red-700\">\n                <div class=\"flex gap-2 pb-3 text-base md:text-lg\">\n                    <span class=\"font-light text-cu-black-700\">\n                        1.\n                    <\/span>\n\n                    <a href=\"#what\" class=\"font-medium hover:underline\">\n                        What is an SSH Key Pair?\n                    <\/a>\n                <\/div>\n\n                            <\/div>\n                    \n            <div class=\"pl-4 text-cu-red-700\">\n                <div class=\"flex gap-2 pb-3 text-base md:text-lg\">\n                    <span class=\"font-light text-cu-black-700\">\n                        2.\n                    <\/span>\n\n                    <a href=\"#why\" class=\"font-medium hover:underline\">\n                        Why use Key Pairs?\n                    <\/a>\n                <\/div>\n\n                            <\/div>\n                    \n            <div class=\"pl-4 text-cu-red-700\">\n                <div class=\"flex gap-2 pb-3 text-base md:text-lg\">\n                    <span class=\"font-light text-cu-black-700\">\n                        3.\n                    <\/span>\n\n                    <a href=\"#compare\" class=\"font-medium hover:underline\">\n                        Comparing Password vs Key Pair Authentication\n                    <\/a>\n                <\/div>\n\n                            <\/div>\n                    \n            <div class=\"pl-4 text-cu-red-700\">\n                <div class=\"flex gap-2 pb-3 text-base md:text-lg\">\n                    <span class=\"font-light text-cu-black-700\">\n                        4.\n                    <\/span>\n\n                    <a href=\"#creating\" class=\"font-medium hover:underline\">\n                        Creating Key Pairs\n                    <\/a>\n                <\/div>\n\n                            <\/div>\n                    \n            <div class=\"pl-4 text-cu-red-700\">\n                <div class=\"flex gap-2 pb-3 text-base md:text-lg\">\n                    <span class=\"font-light text-cu-black-700\">\n                        5.\n                    <\/span>\n\n                    <a href=\"#connecting\" class=\"font-medium hover:underline\">\n                        Authenticating and Connecting with Key Pairs\n                    <\/a>\n                <\/div>\n\n                            <\/div>\n                    \n            <div class=\"pl-4 text-cu-red-700\">\n                <div class=\"flex gap-2 pb-3 text-base md:text-lg\">\n                    <span class=\"font-light text-cu-black-700\">\n                        6.\n                    <\/span>\n\n                    <a href=\"#config\" class=\"font-medium hover:underline\">\n                        Advanced Topic: Configuring SSH\n                    <\/a>\n                <\/div>\n\n                            <\/div>\n            <\/div>\n\n    <\/div>\n<\/div>\n\n\n\n<p>SSH allows you to securely connect to remote computers and virtual machines. With SSH, you can use a computer remotely through the terminal, transfer files between the server and client, and even run graphical programs using X11 forwarding. By default, you will connect to SSH servers using the username and password associated with your account on the server; however, you can <em>also<\/em> set up something called an <strong>SSH Key Pair<\/strong>, which allows you to connect easily and securely.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"what\">What is an SSH Key Pair?<\/h2>\n\n\n\n<p>As the name suggests, a key pair consists of two keys: the <strong>public key<\/strong> and the <strong>private key<\/strong>. While you can connect to SSH servers using your account username and password, you can also connect using a username and an authorized key pair associated with that username.<\/p>\n\n\n\n<p>Your <strong>public key<\/strong> acts like a personalized padlock that resides on <strong>servers<\/strong>. It is an encrypted file that you can publicly distribute to different servers. When you associate a public key to your account, you are saying that anyone who can unlock the public key can <em>also<\/em> unlock my account without the need for my account password.<\/p>\n\n\n\n<p>Your <strong>private key<\/strong> is the key that unlocks your public key and is kept on the <strong>client<\/strong>. As the name suggests, this is a file that should be private to you and only you. While many private keys do not have file extensions, you may see private keys with the <strong>.pem<\/strong> file extension when using cloud services.<\/p>\n\n\n\n<p>To protect your private key, you always add a <strong>passphrase<\/strong> &#8211; a password to protect your private key. <em>If you are using a key for automated purposes on a secured network, then you may need to create a key that does NOT have a passphrase.  But this is only in specific circumstances.  Any key used for remote access from public networks should always have a passphrase.<\/em><\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"why\">Why use Key Pairs?<\/h2>\n\n\n\n<p>Key pairs offer a number of conveniences when you use remote services:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Provides a way of authenticating that is less vulnerable to password guessing and brute force attacks<\/li>\n\n\n\n<li>Distribute your public key to get system access without ever setting up passwords<\/li>\n\n\n\n<li>Have a different key pair for each device and simply delete the public key from the server to revoke the old devices&#8217; access<\/li>\n\n\n\n<li>Create a key pair (without a passphrase) for <strong>scripts<\/strong> or tools like <strong>MPI<\/strong>, <strong>Hadoop<\/strong>, etc. so that they can authenticate with other devices without a password prompt<br><br>You can find a detailed example of setting up ssh key login for scripts in this article:<br><br><a href=\"https:\/\/carleton.ca\/scs\/2021\/using-ssh-keys-to-support-multi-node-compute-tools\/\">Using SSH Keys to Support Multi-node Compute Tools &amp; Scripts<\/a><\/li>\n<\/ul>\n\n\n\n<p>Remember that your public key is truly <strong>public<\/strong>; as long as you protect your private key file, you may distribute your public key however you would like. Nobody can do anything malicious with your public key file, so you can use them to create a shared identity across multiple services. The same public key will work across the different services as long as you use the same private key.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"compare\">Comparing Password vs Key Pair Authentication<\/h2>\n\n\n\n<p>Below we show comparisons between the password and key pair authentication mechanisms.<br>\n<em><span style=\"color: #ff0000;\"><strong>NOTE:<\/strong><\/span> These are grossly over-simplified diagrams of how the various technologies work. It is meant to just provide an general idea of the steps involved and what is happening.<\/em><\/p>\n\n\n\n<section class=\"w-screen px-6 cu-section cu-section--white ml-offset-center md:px-8 lg:px-14\">\n    <div class=\"space-y-6 cu-max-w-child-5xl  md:space-y-10 cu-prose-first-last\">\n\n        \n    \n    <dl class=\"cu-description cu-component-updated\">\n        \n    <div class=\"grid pt-4 pb-3 border-b accordion border-cu-black-100 md:pt-6 md:pb-5 first:border-t\">\n        <dt class=\"font-semibold not-prose\">\n            <button class=\"flex items-center justify-between w-full text-left accordion__button\" aria-expanded=\"false\" aria-controls=\"accordion-password-authentication\">\n                <span class=\"flex-1 ml-auto text-left break-words whitespace-normal cu-icon\">\n                    Password Authentication\n                <\/span>\n                <svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" fill=\"none\" viewbox=\"0 0 24 24\" stroke-width=\"1.5\" stroke=\"currentColor\" aria-hidden=\"true\" data-slot=\"icon\" class=\"w-5 h-5 ml-auto transition-transform rotate-0 accordion__icon text-cu-black-500\">\n                    <path stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M8.25 4.5l7.5 7.5-7.5 7.5\"><\/path>\n                <\/svg>\n            <\/button>\n        <\/dt>\n        <dd class=\"p-0 mt-0 cu-prose cu-prose-first-last accordion__content md:p-0 md:mt-0\" hidden=\"\" id=\"accordion-password-authentication\">\n            \n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1652\" height=\"752\" src=\"https:\/\/carleton.ca\/scs\/wp-content\/uploads\/sites\/260\/password-authentication.png\" alt=\"\" class=\"wp-image-11330\" srcset=\"https:\/\/carleton.ca\/scs\/wp-content\/uploads\/sites\/260\/password-authentication.png 1652w, https:\/\/carleton.ca\/scs\/wp-content\/uploads\/sites\/260\/password-authentication-160x73.png 160w, https:\/\/carleton.ca\/scs\/wp-content\/uploads\/sites\/260\/password-authentication-240x109.png 240w, https:\/\/carleton.ca\/scs\/wp-content\/uploads\/sites\/260\/password-authentication-768x350.png 768w, https:\/\/carleton.ca\/scs\/wp-content\/uploads\/sites\/260\/password-authentication-400x182.png 400w, https:\/\/carleton.ca\/scs\/wp-content\/uploads\/sites\/260\/password-authentication-1536x699.png 1536w, https:\/\/carleton.ca\/scs\/wp-content\/uploads\/sites\/260\/password-authentication-360x164.png 360w\" sizes=\"auto, (max-width: 1652px) 100vw, 1652px\" \/><\/figure>\n\n\n\n<p><strong class=\"myprefix-text-bold\">Advantages of Password Authentication<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Simple and intuitive to understand<\/li>\n<\/ul>\n\n\n\n<p><strong>Disadvantages of Password Authentication<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Sharing of the initial account password has to be done via some other medium, such as email, which can be vulnerable<\/li>\n\n\n\n<li>Passwords are often short, making them vulnerable to brute force attacks<\/li>\n\n\n\n<li>Even longer passwords can be vulnerable to password guessing<\/li>\n\n\n\n<li>Running tools or scripts that require remote authentication may require the password to be stored somewhere in <em>plain text<\/em><\/li>\n\n\n\n<li>If a server with your account and password on it is compromised, then any other server using that password could also be at risk. You would have to change the password on all the affected systems<\/li>\n<\/ul>\n\n\n        <\/dd>\n    <\/div>\n\n\n    <div class=\"grid pt-4 pb-3 border-b accordion border-cu-black-100 md:pt-6 md:pb-5 first:border-t\">\n        <dt class=\"font-semibold not-prose\">\n            <button class=\"flex items-center justify-between w-full text-left accordion__button\" aria-expanded=\"false\" aria-controls=\"accordion-basic-public-private-key-authentication\">\n                <span class=\"flex-1 ml-auto text-left break-words whitespace-normal cu-icon\">\n                    Basic Public-Private Key Authentication\n                <\/span>\n                <svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" fill=\"none\" viewbox=\"0 0 24 24\" stroke-width=\"1.5\" stroke=\"currentColor\" aria-hidden=\"true\" data-slot=\"icon\" class=\"w-5 h-5 ml-auto transition-transform rotate-0 accordion__icon text-cu-black-500\">\n                    <path stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M8.25 4.5l7.5 7.5-7.5 7.5\"><\/path>\n                <\/svg>\n            <\/button>\n        <\/dt>\n        <dd class=\"p-0 mt-0 cu-prose cu-prose-first-last accordion__content md:p-0 md:mt-0\" hidden=\"\" id=\"accordion-basic-public-private-key-authentication\">\n            \n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1652\" height=\"1279\" src=\"https:\/\/carleton.ca\/scs\/wp-content\/uploads\/sites\/260\/public-private-keys-basic.png\" alt=\"\" class=\"wp-image-11331\" srcset=\"https:\/\/carleton.ca\/scs\/wp-content\/uploads\/sites\/260\/public-private-keys-basic.png 1652w, https:\/\/carleton.ca\/scs\/wp-content\/uploads\/sites\/260\/public-private-keys-basic-160x124.png 160w, https:\/\/carleton.ca\/scs\/wp-content\/uploads\/sites\/260\/public-private-keys-basic-240x186.png 240w, https:\/\/carleton.ca\/scs\/wp-content\/uploads\/sites\/260\/public-private-keys-basic-768x595.png 768w, https:\/\/carleton.ca\/scs\/wp-content\/uploads\/sites\/260\/public-private-keys-basic-400x310.png 400w, https:\/\/carleton.ca\/scs\/wp-content\/uploads\/sites\/260\/public-private-keys-basic-1536x1189.png 1536w, https:\/\/carleton.ca\/scs\/wp-content\/uploads\/sites\/260\/public-private-keys-basic-360x279.png 360w\" sizes=\"auto, (max-width: 1652px) 100vw, 1652px\" \/><\/figure>\n\n\n\n<p><strong class=\"myprefix-text-bold\">Advantages of Basic Public-Private Key Authentication<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Sharing of an initial account password is not needed, just send your <strong>public key<\/strong><\/li>\n\n\n\n<li>Strong public-private keys are virtually impossible to crack<\/li>\n\n\n\n<li>Can be used to run tools or scripts that require remote authentication<\/li>\n\n\n\n<li>If a server with your <strong>public key<\/strong> on it is compromised, there is no risk of someone using that to <em>guess<\/em> your <strong>private key<\/strong><\/li>\n<\/ul>\n\n\n\n<p><strong>Disadvantages of Basic Public-Private Key Authentication<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>If someone gets your <strong>private key<\/strong>, they can use it to access ANY system that uses your <strong>public key<\/strong>. You would need to remove your <strong>public key<\/strong> from all of those affected systems<\/li>\n<\/ul>\n\n\n        <\/dd>\n    <\/div>\n\n\n    <div class=\"grid pt-4 pb-3 border-b accordion border-cu-black-100 md:pt-6 md:pb-5 first:border-t\">\n        <dt class=\"font-semibold not-prose\">\n            <button class=\"flex items-center justify-between w-full text-left accordion__button\" aria-expanded=\"false\" aria-controls=\"accordion-passphrase-protected-public-private-key-authentication\">\n                <span class=\"flex-1 ml-auto text-left break-words whitespace-normal cu-icon\">\n                    Passphrase Protected Public-Private Key Authentication\n                <\/span>\n                <svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" fill=\"none\" viewbox=\"0 0 24 24\" stroke-width=\"1.5\" stroke=\"currentColor\" aria-hidden=\"true\" data-slot=\"icon\" class=\"w-5 h-5 ml-auto transition-transform rotate-0 accordion__icon text-cu-black-500\">\n                    <path stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M8.25 4.5l7.5 7.5-7.5 7.5\"><\/path>\n                <\/svg>\n            <\/button>\n        <\/dt>\n        <dd class=\"p-0 mt-0 cu-prose cu-prose-first-last accordion__content md:p-0 md:mt-0\" hidden=\"\" id=\"accordion-passphrase-protected-public-private-key-authentication\">\n            \n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1652\" height=\"1766\" src=\"https:\/\/carleton.ca\/scs\/wp-content\/uploads\/sites\/260\/public-private-keys-with-passphrase.png\" alt=\"\" class=\"wp-image-11333\" srcset=\"https:\/\/carleton.ca\/scs\/wp-content\/uploads\/sites\/260\/public-private-keys-with-passphrase.png 1652w, https:\/\/carleton.ca\/scs\/wp-content\/uploads\/sites\/260\/public-private-keys-with-passphrase-160x171.png 160w, https:\/\/carleton.ca\/scs\/wp-content\/uploads\/sites\/260\/public-private-keys-with-passphrase-240x257.png 240w, https:\/\/carleton.ca\/scs\/wp-content\/uploads\/sites\/260\/public-private-keys-with-passphrase-768x821.png 768w, https:\/\/carleton.ca\/scs\/wp-content\/uploads\/sites\/260\/public-private-keys-with-passphrase-400x428.png 400w, https:\/\/carleton.ca\/scs\/wp-content\/uploads\/sites\/260\/public-private-keys-with-passphrase-1437x1536.png 1437w, https:\/\/carleton.ca\/scs\/wp-content\/uploads\/sites\/260\/public-private-keys-with-passphrase-360x385.png 360w\" sizes=\"auto, (max-width: 1652px) 100vw, 1652px\" \/><\/figure>\n\n\n\n<p><strong class=\"myprefix-text-bold\">Advantages of Passphrase Protected Public-Private Key Authentication<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>All the advantages of Basic Public-Private Key Authentication (see above)<\/li>\n\n\n\n<li>If someone steals your Private Key, they can only use it if they can guess the passphrase<\/li>\n<\/ul>\n\n\n\n<p><strong class=\"myprefix-text-bold\">Disadvantages of Passphrase Protected Public-Private Key Authentication<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>If you forget the Passphrase for your key, then you will not be able to use it and you will be locked out of any systems that use that Public-Private key<\/li>\n<\/ul>\n\n\n        <\/dd>\n    <\/div>\n\n\n    <\/dl>\n\n\n    <\/div>\n<\/section>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"creating\">Creating Key Pairs<\/h2>\n\n\n\n<p>Most operating systems support a tool called <strong>ssh-keygen<\/strong> that allows you to create a public\/private key pair.<\/p>\n\n\n\n<p><strong class=\"myprefix-text-bold\">Linux \/ Apple OSX \/ Windows 10<\/strong><\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Open a <strong>Terminal<\/strong> window \/ prompt<br><br><em>On Windows, you can open a <strong>Command Prompt<\/strong> or <strong>PowerShell<\/strong><\/em><br><br><em>See <a title=\"Enable OpenSSH on Windows 10\" href=\"https:\/\/carleton.ca\/scs\/2021\/enable-openssh-on-windows-10\/\">Enable OpenSSH on Windows 10<\/a> if <code>ssh-keygen<\/code> is not enabled on Windows 10 (older versions do not have it enabled by default)<\/em><\/li>\n\n\n\n<li>Enter the <code>ssh-keygen -t ed25519<\/code> command to open up an interactive prompt that takes you through the steps of creating an SSH key<\/li>\n\n\n\n<li>Type a filename for the key, or use the default\n<ul class=\"wp-block-list\">\n<li>If you are only using one SSH key pair, you can keep the default <em>(usually <code>~\/.ssh\/id_ed25519<\/code>)<\/em><\/li>\n\n\n\n<li>If you are creating multiple key pairs for different purposes, you should name it something meaningful (e.g. <code>~\/.ssh\/home_github_key<\/code>)<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Finally, type your passphrase. <strong><em>You should ALWAYS use a passphrase<\/em><\/strong><br><em>If your key has a passphrase, then if someone somehow gets your private key file, they will still not be able to use it unless they are able to guess your passphrase. In some cases, such as setting up server\/application automation (hadoop, MPI, etc), you may want to create a key without a passphrase.  But this should <strong>NEVER<\/strong> be done for a key used to remote access a system, repository, etc from public networks<\/em>\n<ul class=\"wp-block-list\">\n<li><strong>NOTE:<\/strong> When typing passwords in the terminal, no text will appear while you type &#8212; press Enter to continue<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Your <strong>public and private key pair <\/strong>should now be available in <code>~\/.ssh\/<\/code> or wherever you specified.<\/li>\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"connecting\">Authenticating and Connecting with Key Pairs<\/h2>\n\n\n\n<p><strong class=\"myprefix-text-bold\">Linux \/ Apple OSX \/ Windows 10<\/strong><\/p>\n\n\n\n<p><strong class=\"myprefix-text-bold\">Authorize your key pair on a remote server<\/strong><\/p>\n\n\n\n<p>Once you have created your key pair, you need to authorize the key pair to unlock your account.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Copy your identity (<strong>public<\/strong> key) over to the remote server using the <code>ssh-copy-id<\/code> command:<br><br><code>ssh-copy-id username@remoteservername.ca<\/code> <em> &#8211; substituting your particular username and remote server name (or IP address)<\/em><\/li>\n\n\n\n<li><strong>NOTE: <\/strong>If you created a specific ssh key file (rather than using the default), you can specify it with the <code>-i<\/code> option:<br><br><code>ssh-copy-id -i <em>&lt;PUBLIC KEY FILE&gt;<\/em> username@remoteservername.ca<\/code> <em>&#8211; giving your <strong>public<\/strong> key file<\/em><\/li>\n<\/ul>\n\n\n\n<p><strong class=\"myprefix-text-bold\">Connect to the remote server using the key pair<\/strong><\/p>\n\n\n\n<p>Once you have authorized the key pair you can connect with it.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Connect using your default ssh key using the <code>ssh<\/code> command:<br><br><code>ssh username@remoteservername.ca<\/code><em> &#8211; substituting your particular username and remote server name (or IP address)<\/em><\/li>\n\n\n\n<li><strong>NOTE: <\/strong>If you created a specific ssh key file (rather than using the default), you can specify it with the <code>-i<\/code> option:<br><br><code>ssh -i <em>&lt;PRIVATE KEY FILE&gt;<\/em> username@remoteservername.ca<\/code> <em>&#8211; This time specifying your <strong>private<\/strong> key file<\/em><\/li>\n<\/ul>\n\n\n\n<p><strong>For information about connecting with PuTTY,<\/strong> visit the <a href=\"https:\/\/carleton.ca\/scs\/2019\/connecting-to-openstack-instances-ssh-with-putty\/\">Connecting to OpenStack with SSH and PuTTY<\/a> quick-start guide.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"config\">Advanced Topic: Configuring SSH<\/h2>\n\n\n\n<p>Once you start using SSH for many different services and making use of multiple key pair identities, it may be useful to start using an SSH configuration file.<\/p>\n\n\n\n<p>SSH configs help simplify tasks:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Giving servers simpler aliases, e.g. typing ssh openstack rather than ssh 134.117.x.x<\/li>\n\n\n\n<li>Using different identities with different servers without needing to specify each time<\/li>\n\n\n\n<li>Forward ports with SSH to access remote services, such as forwarding a Jupyter Notebook server from a remote port to a local port<\/li>\n<\/ul>\n\n\n\n<p>There is a lot of information available online about setting up ssh configurations for different purposes. Your ssh configuration is typically in your home ssh folder, such as&nbsp;<em>~\/.ssh<\/em> on Linux or <em>%USERPROFILE%\/.ssh\/<\/em> on Windows, with OpenSSH installed. If there isn&#8217;t a file called <em>config<\/em> you can make one. Below is a sample SSH configuration to have one passwordless private key for Github and another passworded key for OpenStack, with parts that need to be switched for individual use.<\/p>\n\n\n\n<section class=\"w-screen px-6 cu-section cu-section--white ml-offset-center md:px-8 lg:px-14\">\n    <div class=\"space-y-6 cu-max-w-child-5xl  md:space-y-10 cu-prose-first-last\">\n\n        \n    \n    <dl class=\"cu-description cu-component-updated\">\n        \n    <div class=\"grid pt-4 pb-3 border-b accordion border-cu-black-100 md:pt-6 md:pb-5 first:border-t\">\n        <dt class=\"font-semibold not-prose\">\n            <button class=\"flex items-center justify-between w-full text-left accordion__button\" aria-expanded=\"false\" aria-controls=\"accordion-example-ssh-configuration\">\n                <span class=\"flex-1 ml-auto text-left break-words whitespace-normal cu-icon\">\n                    Example SSH Configuration\n                <\/span>\n                <svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" fill=\"none\" viewbox=\"0 0 24 24\" stroke-width=\"1.5\" stroke=\"currentColor\" aria-hidden=\"true\" data-slot=\"icon\" class=\"w-5 h-5 ml-auto transition-transform rotate-0 accordion__icon text-cu-black-500\">\n                    <path stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M8.25 4.5l7.5 7.5-7.5 7.5\"><\/path>\n                <\/svg>\n            <\/button>\n        <\/dt>\n        <dd class=\"p-0 mt-0 cu-prose cu-prose-first-last accordion__content md:p-0 md:mt-0\" hidden=\"\" id=\"accordion-example-ssh-configuration\">\n            \n\n<pre>Host openstack\n\u00a0\u00a0User username\n\u00a0\u00a0HostName 134.117.x.x\n\u00a0\u00a0IdentityFile ~\/.ssh\/openstack.pem\nHost github.com\n\u00a0\u00a0IdentityFile ~\/.ssh\/passwordless.git.pem<\/pre>\n\n\n        <\/dd>\n    <\/div>\n\n\n    <\/dl>\n\n\n    <\/div>\n<\/section>\n\n\n\n<p>Using the above file, you could then connect to your OpenStack instance using <code>ssh openstack<\/code> rather than <code>ssh -i ~\/.ssh\/openstack.pem username@134.117.x.x<\/code> and <code>git<\/code> will also use the correct identity file when using SSH and working with GitHub.com.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>SSH allows you to securely connect to remote computers and virtual machines. With SSH, you can use a computer remotely through the terminal, transfer files between the server and client, and even run graphical programs using X11 forwarding. By default, you will connect to SSH servers using the username and password associated with your account [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":"","_links_to":"","_links_to_target":""},"categories":[61,58,99],"tags":[],"class_list":["post-6928","post","type-post","status-publish","format-standard","hentry","category-linux-tech-support","category-openstack-support","category-ssh"],"acf":{"cu_post_thumbnail":"person-to-person"},"_links":{"self":[{"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/posts\/6928","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/comments?post=6928"}],"version-history":[{"count":5,"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/posts\/6928\/revisions"}],"predecessor-version":[{"id":25303,"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/posts\/6928\/revisions\/25303"}],"wp:attachment":[{"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/media?parent=6928"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/categories?post=6928"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/tags?post=6928"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}