What are SSH Keys?
SSH keys provide a secure way to authenticate yourself to an SSH server using public-key cryptography and challenge-response authentication. Unlike passwords, SSH keys help prevent brute-force attacks and do not expose valid credentials if the server is compromised. They are the preferred method for accessing the cluster because they enhance security and streamline actions that require authentication, such as logging in or transferring files.
SSH keys always come in a pair
a “private key” that exists on your local computer
a “public key” that can be transferred on to the cluster or any other system that uses keys
To learn more visit: https://wiki.archlinux.org/title/SSH_keys
Set up SSH Keys for Linux, MacOS and Windows Subsystem for Linux (WSL)
To generate a key, on your local command line enter the following
ssh-keygen -t rsa -b 4096
ssh-keygen will then prompt you to protect your private key with a passphrase. You may create one or leave it blank.
Add the public key to the cluster (adjust path to id_rsa.pub if needed and enter your netid)
ssh-copy-id -i ~/.ssh/id_rsa.pub yournetidhere@hpc2.storrs.hpc.uconn.edu
If the ssh-copy-id
command fails. We have to manually copy the key onto the cluster:
On a local terminal, open the id_rsa.pub file with a text editor (nano, vim, cat).
Copy the content
On the cluster, locate your .ssh directory in your home and create a new file called “authorized_keys”
Paste the contents of id_rsa.pub into the “authorized_keys”
✅ You should now be able to access the cluster without password or duo prompts!
Adding SSH Key to Filezilla
“Edit” > “Settings” > “SFTP” > “Add key file…” and locate your id_rsa.pub public key.
For more details on file transfer and Filezilla: File Transfer - Storrs HPC - UConn Knowledge Base
Using Private Key for Passwordless Access on MobaXterm
Edit a saved User Session by right clicking and selecting “edit session” or create a new session.
In “Session Settings” > Advanced SSH settings”, select “Use private key”. Then locate the private key on your local machine. For MobaXterm, it will be under your AppData\Roaming\MobaXterm\home\.ssh
labeled “Private Key File”.
Click “OK” to save and you should be able to log on the cluster with that session without password or DUO prompt!
SSH Keys in WinSCP
WinSCP requires the private key to be in the format PuTTY (.ppk file). Fortunately, WinSCP includes a program called PuTTYgen and allows you to generate a key pair where the private key is in the .ppk format.
Next, generate a key pair and save the private key.
Edit or create a new session. Under Advanced>SSH>Authentication, check “Allow agent forwarding” and locate the private key file that you previously generated.
You should now be able to connect without the DUO prompt!
Common Errors
If you encounter the following error, fear not!
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that a host key has just been changed. The fingerprint for the RSA key sent by the remote host is Please contact your system administrator. Add correct host key in /home/hostname /.ssh/known_hosts to get rid of this message. Offending RSA key in RSA host key for pong has changed and you have requested strict checking. Host key verification failed.
Simply remove hpc2 from your known hosts with the following command:
ssh-keygen -R hpc2.storrs.hpc.uconn.edu
You should now be able to log in again