This is for Linux. I’ve configured ssh key based connection with OpenSSH on Windows 11, but I forgot how to do it, and I don’t like windows so I will not relearn it unless I have to.
Basic SSH configuration
rudimentary theory
You will generate two keys: private and public. Public key is meant for the server and you can show it to anyone. It’s used to create a challange that only someone with appropriate private key can solve. Private key is for your eyes only. It’s used to authenticate your connection.
key generation
Don’t rely on passwords for anything more than the initial login. Keys are safer and save you time in the long run.
To generate the key with ED25519 algorithm:
$ ssh-keygen -t ed25519Pick a location in your ~/.ssh directory and give it a descriptive name. For eg. I used git.ed25519 for my github key, and labbit1_ed25519 for one of the workstation at my MSc lab. Enter a passphrase (or don’t, I usually don’t do it).
Generating public/private ed25519 key pair.
Enter file in which to save the key (/home/maciej/.ssh/id_ed25519): /home/maciej/.ssh/test_key
Enter passphrase for "/home/maciej/.ssh/test_key" (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/maciej/.ssh/test_key
Your public key has been saved in /home/maciej/.ssh/test_key.pub
The key fingerprint is:
SHA256:+SDfg67+RbxuczSF2o2+HClLd5/f+wKmos+q0M6R/m4 maciej@192.168.1.4
The key's randomart image is:
+--[ED25519 256]--+
| |
| |
| . |
| o . . |
| . S oo + |
| . . o *..B.. |
| . + o O=+o. |
| = .Eo.++*oo..o|
| =*B*=oooo. +O|
+----[SHA256]-----+Fingerprint and randomart are used for verification, but they’re not relevant for now.
Now in ~/.ssh you should see test_key and test_key.pub. This is how those files look:
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
QyNTUxOQAAACB0in0lDjk+IKXnpbI0i2HAvENXo9bHU6oyBgdxddByrwAAAJhkYGkbZGBp
GwAAAAtzc2gtZWQyNTUxOQAAACB0in0lDjk+IKXnpbI0i2HAvENXo9bHU6oyBgdxddByrw
AAAEDS6fP1+y5CWH76trNAfndrTlWao9FKRQvME0n6OxyftnSKfSUOOT4gpeelsjSLYcC8
Q1ej1sdTqjIGB3F10HKvAAAAEm1hY2llakAxOTIuMTY4LjEuNAECAw==
-----END OPENSSH PRIVATE KEY-----ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHSKfSUOOT4gpeelsjSLYcC8Q1ej1sdTqjIGB3F10HKv maciej@127.0.0.1NEVER SHOW ANYONE YOUR PRIVATE KEY (one without .pub suffix). Just like you wouldn’t share your bank account password with anyone. I’m showing you this one just as an example, and will never use it.
~/.ssh/config
Let’s say you want to configure a connection to user account bioinformatician on harvard.bioinformatics.com, and you want to authenticate the connection with test_key key pair. You’d add this to ~/.ssh/config on your machine:
Host harvard
User bioinformatician
Hostname harvard.bioinformatics.com
IdentitiesOnly Yes
IdentityFile ~/.ssh/test_keyHost can be anything, it’s what you’ll actually type in the terminal to connect. It’s useful to use a short and descriptive name.
IdentitiesOnly yes makes ssh only use the configured authentication identity.
connecting (finaly)
Because we configured our connection with Host set to harvard, we can simply run:
$ ssh harvardAdditional configuration
prevent freezing
To prevent connections from freezing due to inactivity, add this to your ~/.ssh/config:
Host *
ServerAliveInterval 60
ServerAliveCountMax 180This means for all connections you (client) will “remind” the server that you’re still connected to it every 60 seconds, at most 180 times in total. Which means you can leave your ssh connection unattended for 3h total.