Generating and Configuring SSH Key Pairs
Follow the steps below to configure a new SSH key pair in anticipation of accessing a cluster with SSH. Once you have generated and configured your SSH key pair for the cluster, you do not have to do this step each time.
Note: These instructions are written generally for OpenSSH and some programs, such as VS Code, are not compatible with this configuration using alternative SSH solutions like PuTTY.
Step 1 - Generate SSH Key Pair
First, you'll need to create and configure an SSH pair for each node you'll be connecting to, a great secure solution to connection.
Open a Terminal
Open a terminal based on your operating system.
- Windows - Command Prompt (CMD) or Git Bash
- MacOS or Linux - Terminal/Shell
Generate the SSH Key Pair
In the terminal, generate your SSH key pair with the following command. Be sure to give the key pair a comment that allows you to identify it. This could be your email address, netid, cluster name, etc.
Code Block | ||||
---|---|---|---|---|
| ||||
# Example Key Generation CMD ssh-keygen -o -a 100 -t ed25519 -f %USERPROFILE%\.ssh\id_ed25519 -C "<comment; ex.netid or email cluster-name>" # Shell ssh-keygen -o -a 100 -t ed25519 -f ~/.ssh/id_ed25519 -C "<comment; ex.netid or email cluster-name>" |
YouNext, you'll be prompted to choose a location to save the key pair. This will default to '~/.ssh/id_ed25519'. Be sure to notate if you choose another location.
You also Finally, you will be prompted to set a passphrase. While this is not 'required', utilize a passphrase is highly encourage in the effort encouraged to help keep your private key secure. If you prefer to not, simple hit 'Enter' to skip.
Warning | ||
---|---|---|
| ||
Users should take all possible steps to secure their private keys, including utilization of a passphrase. Additionally, users should also avoid sharing their private key or passphrase with others, only keep their keys in secure storage locations, and consider rotating their SSH keys and update while updating authorized keys on your connections to limit the impact in the event of compromise. |
Step 2 - Add the SSH Public Key to the Cluster
Next, you'll need to add the public key to each node you intend to connect to using this key method noting that you can certainly generate a new key for each node. Being by displaying and copying your
Copy the Public Key
UseBegin by displaying and copying your key.
To do so, use a corresponding terminal to display the public key so that you can copy it.
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
# CMD type %USERPROFILE%\.ssh\id_ed25519.pub # Shell cat ~/.ssh/id_ed25519.pub |
Add the Public Key to the Login Node
Next, connect to the cluster and add the public key. Repeat this step for other nodes as needed.
Code Block | ||||
---|---|---|---|---|
| ||||
# Make the .ssh directory in your home directory (if necessary)
mkdir -p ~/.ssh
# Put the copied public key into your authorized_keys file
echo "your_copied_public_key" >> ~/.ssh/authorized_keys
# Ensure the .ssh locations have the correct permissions
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys |
Step 3 - Configure SSH Connection in Applications (if necessary)
Lastly, you'll need to ensure your application is configured to make the SSH connection utilizing your new or existing SSH key pair.
Either during connection prompt or when configuring, you'll need to know where your SSH configuration is saved. This is likely '~/.ssh/config' or 'C:\Users\<netid>\.ssh\config'.
Next, be sure the information for your host has been given the appropriate notations including specifying the SSH key location to be used.
Code Block | ||||
---|---|---|---|---|
| ||||
# Example Global Settings for All Hosts Host Connection Configuration * User <your-netid> IdentityFile <your key location, ex. ~/.ssh/id_ed25519> AddKeysToAgent yes ForwardAgent yes ServerAliveInterval 180 ServerAliveCountMax 3 Protocol 2 # Example Specific Settings for an OrangeGrid and Zest Host Host its-og-login1.syr.edu HostName its-ogzest-login1.syr.edu HostName $h User <your-netid> IdentifyFileIdentityFile <SSH<your key location, ex. "~/.ssh/id_ed25519"> ed25519> AddKeysToAgent yes ForwardAgent yes ServerAliveInterval 180 ServerAliveCountMax 3 Protocol 2 # Example Adding Bastion Proxy Jump (Bastion access required) Host its-condor-t1 HostName its-condor-t1.syr.edu User <your-netid> Host its-og-login1.syr.edu HostName its-og-login1.syr.edu User <your-netid> ProxyJump its-condor-t1 |
Be sure to save any configuration files if you've made any changes.
Step 4 - Connect to the SSH Host
Finally, connect to your host. To do so, press 'F1' to open the Command Palette.
In the Command Palette, this time type 'Remote-SSH: Connect to Host...' and select it.
You should now see the intended host. Select it and you should be connect.
SSH Key Pair Compatibility
Below is a list of known compatible SSH solutions with this configuration type.
Getting Help
Question about Research Computing? Any questions about using or acquiring research computing resources or access can be directed at This should be done either in your application as configured above or via CMD/CLI as in the examples below.
Note that the passphrase will be needed at least once per session and you may be prompted in additional intervals depending on your ssh-agent.
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
# Example Basic Connection
ssh <your-netid>@its-og-login1.syr.edu
# Example Bastion Proxy Direct Connection (Bastion access required)
ssh -J <your-netid>@its-condor-t1.syr.edu <your-netid>@its-og-login1.syr.edu |
Getting Help
Need Help? Any questions about using the instructions on this page or to acquiring research computing resources can be directed at researchcomputing@syr.edu.