=== SSH Keys ====

SSH keys are a convenient way to perform passwordless authentication with the cluster's ssh interface.  These are generated using ``ssh-keygen`` on your **linux-like workstation** (linux, Mac, or Windows WSL).  You can generate either with or without a local passphrase, which provides more security, although it slows some single-command functions like ``scp``.  SSH keys are older technology that have unlimited lifetime, and are distinct from time-limited [[X509_keys]],though either can be used for passwordless authentication.

After you generate the key with ``ssh-keygen`` **on your workstation**, copy the new public key ``~/.ssh/id_ecdsa.pub`` to your home directory on the cluster (not the corresponding ``~/.ssh`` directory on the cluster, where it might overwrite the cluster's keys).  You will still need a password and working login for this file copy, or you can use the file manager on the OOD or Globus portals, as the key is not active yet.

Then ``ssh`` to the cluster (using a password, or a saved session, or the terminal on the OOD portal), and append the transferred public key to ``~/.ssh/authorized_keys`` on the cluster using the editor or the concatenate operator >>.  Don't use the replace operator >, which will overwrite any existing authorized keys, some of which are needed by the cluster. Your succeeding ``ssh/scp/sftp`` logins should be passwordless.

<code>
[rfeynman@workstation ~]$ ssh-keygen -t ecdsa
Generating public/private ecdsa key pair.
Enter file in which to save the key (/home/rfeynman/.ssh/id_ecdsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/rfeynman/.ssh/id_ecdsa
Your public key has been saved in /home/rfeynman/.ssh/id_ecdsa.pub
The key fingerprint is:
SHA256:G0nsMz3AVVX22LkwT6JJM723pMWfpCD/Gu/mluZmUA0 rfeynman@workstation
The key's randomart image is:
+---[ECDSA 256]---+
|          ooooo. |
|     . oE+ ..    |
|    + = Oo       |
|   . = @.=.      |
|    + o.S +      |
|     o.* X o     |
|      +.+.o      |
|       +B        |
|      .@*        |
+----[SHA256]-----+
[rfeynman@workstation ~]$ ls -al .ssh/id_ecdsa*
-rw-------   1 rfeynman rfeynman   505 Feb 11 14:53 id_ecdsa
-rw-r--r--   1 rfeynman rfeynman   177 Feb 11 14:53 id_ecdsa.pub
[rfeynman@workstation ~]$ scp .ssh/id_ecdsa.pub rfeynman@hpc-portal2.hpc.uark.edu:/home/rfeynman/
rfeynman@hpc-portal2's password: 
hpc-portal2:rfeynman:$ exit
[rfeynman@workstation ~]$ ssh rfeynman@hpc-portal2.hpc.uark.edu
rfeynman@hpc-portal2's password: 
Last login: Sun Feb 11 14:55:05 2024 from 165.224.131.232
hpc-portal2:rfeynman:$ cat id_ecdsa.pub >> .ssh/authorized_keys
hpc-portal2:rfeynman:$ exit
[rfeynman@workstation ~]$ ssh rfeynman@hpc-portal2.hpc.uark.edu
Last login: Sun Feb 11 14:56:11 2024 from 165.224.131.232
hpc-portal2:rfeynman:$ 
</code>