How to use your SSH key pair to log into another remote machine.

To use your SSH key to log in to another remote machine, you must copy the public key file to the remote machine. For use at the SDCC, you can use the SSH key file upload form to upload your public key file (the one with the .pub extension) to the facility. Your public key will be stored in LDAP and will be available on all of the gateway machines. When you log into one of the gateway machines after uploading your key, you will be prompted to enter the passphrase for your private key (the passphrase and private key remain on your local machine and never be transmitted over the network). After successfully entering your passphrase, you will be logged into the gateway. To avoid typing your passphrase each time you log in, see the section on the SSH agent.

If your browser dialog does not display your .ssh directory or files because they are hidden, see these instructions.

SSH Keys on Multiple Machines

If you own multiple machines (e.g., a desktop and a laptop), then you can generate a public/private key pair on one machine, upload the public key to the LDAP server, and copy the private key to your other machines.

If your public key ends with a [username]@[host] string that does not directly follow an equals character ('='), the [username]@[host] string serves as a host restriction and must be removed from the public key before the key can be used from another machine. A [username]@[host] string that immediately follows '=' at the end of the public key is merely a comment and can be ignored or removed.

Note: If you want to move keys between a Windows machine running PuTTY and a Linux machine, then you will have to convert the format of the key since PuTTY uses a different format from OpenSSH. To do so, see Using An Existing Key Pair on the Windows SSH Key Generation page. If you use Cygwin, the key files should be fully compatible, since OpenSSH is the version of SSH implemented in Cygwin.

Using Multiple SSH Keys

If you need to use multiple, different SSH keys in order to access multiple remote locations, multiple options are available:

  • Add the `-i` flag to your SSH client command and specify the path to your desired private key (e.g., `ssh -i ~/.ssh/id_rsa_2`).
  • Load all necessary keys into your SSH agent.
  • Configure your SSH client to load the required key when connecting to each host, via the `IdentityFile` configuration directive in your `.ssh/config` file, along with the host name, your user name, and an alias, if desired, e.g.:
    Host your_alias yourhost.sdcc.bnl.gov
        HostName yourhost.sdcc.bnl.gov
        IdentityFile ~/.ssh/your-private_key
        User your_user_name