# SSH keys :key: 1. Create an SSH key pair with the following command: ```bash ssh-keygen -o -a 100 -t ed25519 -f ~/.ssh/id_ed25519_key -C "MyNewKey" ``` 2. Add your newly generated Ed25519 key to an **SSH agent**: ```bash ssh-add ~/.ssh/id_ed25519_key ``` 3. Copy the public key to Pelle or other server. ```bash ssh-copy-id -i .ssh/id_ed25519_key.pub pelle.uppmax.uu.se ``` 4. Connect ```bash ssh username@pelle.uppmax.uu.se ``` ## On Bianca - Add the content of your public key `id_ed25519_key.pub` to `$HOME/.ssh/authorized_keys`. **You cannot** use the same command `ssh-copy` as in the case for Pelle i.e. you have to manually bring the key on Bianca. If you paste it, **make sure it is in one line**, not wrapped/split over multiple lines. - **Make sure the permissions look something like this**. ```bash $ chmod 0700 ~/.ssh $ ls -ld ~/.ssh drwx--S--- 2 user user 4096 May 7 2019 .ssh $ chmod 600 ~/.ssh/authorized_keys $ ls -l ~/.ssh total 1 -rw------- 1 user user 743 May 7 2019 authorized_keys ``` - Connect to Bianca (*it is critical to use **SSH agent** in this case, see above*) ```bash ssh -A user@bianca.uppmax.uu.se ``` - To debug, run with `-vv` ```bash **************************************************************************** * Login node up and running. Redirecting now! * **************************************************************************** debug1: client_input_channel_open: ctype auth-agent@openssh.com rchan 3 win 65536 max 16384 debug1: client_request_agent: bound agent to hostkey debug2: fd 7 setting O_NONBLOCK debug1: channel 1: new agent-connection [authentication agent connection] (inactive timeout: 0) debug1: confirm auth-agent@openssh.com debug2: channel 1: rcvd eof debug2: channel 1: output open -> drain debug2: channel 1: obuf empty debug2: chan_shutdown_write: channel 1: (i0 o1 sock 7 wfd 7 efd -1 [closed]) debug2: channel 1: output drain -> closed debug1: channel 1: FORCE input drain debug2: channel 1: ibuf empty debug2: channel 1: send eof debug2: channel 1: input drain -> closed debug2: channel 1: send close debug2: channel 1: rcvd close debug2: channel 1: is dead debug2: channel 1: garbage collecting debug1: channel 1: free: authentication agent connection, nchannels 2 Last login: Wed Apr 8 09:22:13 2026 from 172.18.144.254 _ _ ____ ____ __ __ _ __ __ | | | | _ \| _ \| \/ | / \ \ \/ / | System: sens2017625-bianca | | | | |_) | |_) | |\/| | / _ \ \ / | User: user | |_| | __/| __/| | | |/ ___ \ / \ | \___/|_| |_| |_| |_/_/ \_\/_/\_\ | ############################################################################### ``` :::info Note, this will just avoid typing password for the second login. Look at the end for tips how to avoid consequent password and TOTP when logging to already established session using ControlMaster connection mechanism. ::: ## WSL2 under Windows{10,11} Here as a neat way to get persistent key-manger in WSL2 - credits: original [source](https://esc.sh/blog/ssh-agent-windows10-wsl2/). ```bash sudo apt-get install keychain ``` Replace `XXXX` with the output of `hostname` command on the command line. ```bash /usr/bin/keychain -q --nogui $HOME/.ssh/id_ed25519_key source $HOME/.keychain/XXXX-sh ``` Remove `-q` to get some information if you want ```bash * keychain 2.8.5 ~ http://www.funtoo.org * Found existing ssh-agent: 4487 * Known ssh key: /home/user/.ssh/id_ed25519_key ``` First time you login, you will be asked for the password and the key wil be handled by the key-manager. Check with ```bash $ ssh-add -L ssh-ed25519 AAAAC3Nz... ...cTTtiU MyNewKey ``` ## MobaXterm In `MobaXterm` you can use the internal `MobAgent` or/and the `Peagent` from the `PuTTy` tools. ![](https://hackmd.io/_uploads/HyDznkLkp.png) ## OPTIONAL: SSH config Example `$HOME/.ssh/config` file to make your work easier. ```bash Host pelle User username HostName pelle.uppmax.uu.se ServerAliveInterval 240 ServerAliveCountMax 2 # Default settings #======================================= Host * ForwardAgent no ForwardX11 yes ForwardX11Trusted yes ServerAliveInterval 120 #======================================= ``` Now ```bash # without config ssh -Y username@pelle.uppmax.uu.se # with config ssh rackham ``` ```bash # without config scp local_file username@pelle.uppmax.uu.se:remote_folder/ # with config scp local_file pelle:remote_folder/ rsync ... sftp ... ``` ## `ControlMaster` connection to avoid authentication on consequent sessions. This will provides you with an example setup on how to start master session to Bianca that will be used for consequent direct connection to the Bianca login node which will fully utilize the ssh-key convenience i.e not typing password and TOTP. Add following lines and change _username_to your usernameID at UPPMAX ```bash Host mbianca User _username_ HostName bianca.uppmax.uu.se ControlMaster auto ControlPath ~/.ssh/master-%r@%h:%p ``` The first time `ssh -A mbianca` will ask you for password and TOTP, then will use the ssh-key for the last step to the login node. Keep the first shell running and from another do the same `ssh -A mbianca`. This time you will login to your Bianca login node via the previously established master connection, without password and TOTP. Any subsequent connection to `mbianca` will use the established channel. If you have multiple projects you will be still asked to select project... ## Contacts: - [Pavlin Mitev](https://katalog.uu.se/profile/?id=N3-1425) - [UPPMAX](https://www.uppmax.uu.se/) - [AE@UPPMAX - related documentation](/8sqXISVRRquPDSw9o1DizQ) ###### tags: `UPPMAX`, `ssh-key`, `Bianca`