Taggi2 is in beta. Content is being migrated from the legacy Taggi site and may be incomplete or incorrect.
UNSW Sydney
IT: The Basics

SSH Key Files

Or, how do I log into an account without a password?

Work in progress

This page was automatically migrated from the legacy Taggi site ( https://taggi.cse.unsw.edu.au/FAQ/SSH_Key_Files/) and is pending review. Content, links and screenshots may be incomplete or incorrect.

  • ~/.ssh/id\_dsa (protocol 2 DSA),
  • ~/.ssh/id\_ecdsa (protocol 2 ECDSA), or
  • ~/.ssh/id\_rsa (protocol 2 RSA)

and stores the public key in …

  • ~/.ssh/id\_dsa.pub (protocol 2 DSA),
  • ~/.ssh/id\_ecdsa.pub (protocol 2 ECDSA), or
  • ~/.ssh/id\_rsa.pub (protocol 2 RSA)

in the user's home directory. The user should then copy the public key to ~/.ssh/authorized\_keys in his/her home directory on the remote machine. The authorized\_keys file … has one key per line, though the lines can be very long. After this, the user can log in without giving the password.

— From the SSH(1) manual page.

About Passphrases

Creating SSH Keys

If you need a key to access CSE class accounts or other CSE resources, you should log in to a CSE server or lab machine to generate the key

Using SSH Keys

Give a public key to log into an account

Changing or adding a passphrase to a private key

ssh-keygen -p will prompt you for the key to use, the existing passphrase (if it has one) and for the new passphrase.

Common Problems

The public key is in the target account but logins still do not work

If group write permission is enabled on the account directory this can stop users from sshing as the account even though the user's public-key has been appended to the authorized\_keys file of the account. A description of this problem is given in the section about ~/.ssh/authorized\_keys in the sshd manual page. The CSE SSH server is set with StrictModes=yes.

You forgot the passphrase to your private key

There is no way to recover a lost passphrase. If the passphrase is lost or forgotten, a new key pair must be generated and the public key copied to the corresponding target accounts.

Your DSA (ssh-dss) key is not accepted by the ssh client

This issue may occur on computers that are running MacOS Sierra

  1. create an user configuration file in ~/.ssh/config
  2. set permission of this file to 600
  3. add the following lines to enable DSA(ssh-dss) key for the nominated host (which in this example is login.cse.unsw.edu.au) Host login.cse.unsw.edu.au pubkeyacceptedkeytypes +ssh-dss

SSH authorized keys for course class accounts

The script copies the keys from the CSE home directories of each person who is authorised to be given access.

SSH Keys

SSH keys are like passwords, but better.

On this page

About PassphrasesCreating SSH KeysUsing SSH KeysGive a public key to log into an accountChanging or adding a passphrase to a private keyCommon ProblemsThe public key is in the target account but logins still do not workYou forgot the passphrase to your private keyYour DSA (ssh-dss) key is not accepted by the ssh client