{{indexmenu_n>51}}

====== Advanced: Using SSH keys ======

If you do not want to type in a password every time you log in into a machine an ssh key can be used as an alternative identification method. Such a key must still be protected by a password to prevent other people from using it, but a key manager can be used to prevent you from typing in this password multiple times.

===== Creating the key =====

In order to create an ssh key the following command must be run:

<code bash>
 ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519
</code>
This command can be run from a Linux terminal, an OS X terminal, or within MobaXterm, and it has to be run **on your local machine** (i.e. not on Hábrók!).

After you have executed the command you will be presented with the following dialog:

<code>
Generating public/private ed25519 key pair.
</code>
The default location (~/.ssh/id_ed25519) should normally be fine. You will be asked for the passprhase. You have to give it twice to prevent typing mistakes.

<code>
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
</code>
Now the key will be generated.

<code>
Your identification has been saved in ~/.ssh/id_ed25519
Your public key has been saved in ~/.ssh/id_25519.pub
The key fingerprint is:
SHA256:w2HD3c+ax12jfOfr518emhTT42216RURnEbJbbIDxnQ yourname@yoursystem
The key's randomart image is:
+--[ED25519 256]--+
|           o. Eo+|
|       . . .+..*+|
|        = .....= |
|       o o   o+ .|
|        S    oo*o|
|         .  .+=.X|
|            o+o*B|
|            ..=+*|
|             o.=O|
+----[SHA256]-----+
</code>

===== Using the key =====

In order to use the key for logging in into Hábrók the public part of the key has to be copied to the list of authorized keys in your Hábrók account. This can be achieved in the following way.

Copy the public key to Hábrók using scp:

<code bash>
scp .ssh/id_ed25519.pub p12345@login1.hb.hpc.rug.nl:desktop_key.pub
</code>

Note that you have to adjust your username. You will be asked for your password, after which the file will be copied.

<code>
p12345@habrok.hpc.rug.nl's password:
Restoring modules to user's default
id_ed25519.pub                                    100%  396     0.4KB/s   00:00
</code>

The contents of this file has to be added to a file called ''authorized_keys'' in a directory named ''.ssh'' in your home directory. You have to create the directory ''.ssh'' if it is not there yet. **On Hábrók** the following actions have to be taken.

  - Create the directory if it is not there:
<code bash>
mkdir .ssh
</code>
  - Set the correct permissions on the directory
<code bash>
chmod go-rwx .ssh
</code>
  - Copy the contents of the public ssh key (copied to ''desktop_key.pub'') to the file authorized_keys
<code bash>
cat desktop_key.pub >> .ssh/authorized_keys
</code>
  - Set correct permissions on the file ''authorized_keys''
<code bash>
chmod go-w .ssh/authorized_keys
</code>

After setting this up in the way described you should be able to log in without having to enter a password multiple times. The key manager should ask for your key password only once.

For this to work correctly in MobaXterm the ''%%use private key%%'' option must be enabled. By default it will use the correct location of the id_ed25519 file.\\
You can find this option by left clicking on your session, choose ''%%Edit session%%'', then select ''%%SSH%%'' and finally ''%%Advanced SSH settings%%'':

{{..:getting_started:logging_in:windows:mobaxterm6.png|}}