Set Up SSH Public Key (Mac/Linux/WSL)

3. Set Up SSH Public Key (Mac/Linux/WSL)#

Setting up SSH public key authentication lets you log in to Compute1 without entering your password every time. This guide walks you through generating a key pair, copying it to Compute1, and optionally creating an SSH alias so you can connect with a short command.

By the end of this section, you will be able to log in with:

$ ssh compute1

3.1. Check for Existing Keys#

Before generating a new SSH key, check if one already exists on your system:

$ ls -al ~/.ssh

If you see files named id_rsa (private key) and id_rsa.pub (public key), you can skip ahead to Copy the Public Key to Compute1.

3.2. Generate a New SSH Key Pair#

To create a new SSH key pair, run:

$ ssh-keygen -t rsa -b 4096 -C "your_wustl_username@wustl.edu"

When prompted, press Enter to accept the default file location (~/.ssh/id_rsa). You will also be prompted to set a passphrase; this adds an extra layer of security, but you can press Enter to leave it empty.

3.3. Copy the Public Key to Compute1#

Copy your public key to Compute1:

$ ssh-copy-id -i ~/.ssh/id_rsa.pub username@compute1-client-1.ris.wustl.edu

Replace username with your actual WUSTL key. If you used a different filename or path for your key, update ~/.ssh/id_rsa.pub accordingly.

3.4. Log In Using Your SSH Key#

Once your public key is in the server’s authorized keys, you can log in without a password (unless you set a passphrase):

$ ssh your_username@compute1-client-1.ris.wustl.edu

3.5. Create an SSH Alias (Optional)#

To connect with just ssh compute1, add an alias to your SSH config.

Open (or create) ~/.ssh/config:

$ nano ~/.ssh/config

Add the following entry:

Host compute1
    HostName compute1-client-1.ris.wustl.edu
    User yourusername
    IdentityFile ~/.ssh/id_rsa

Fields:

  • Host: the alias name (e.g., compute1)

  • HostName: the full server address (compute1-client-1.ris.wustl.edu)

  • User: your WUSTL key

  • IdentityFile: the path to your SSH private key (~/.ssh/id_rsa)

Save and exit (in nano, press CTRL + X, then Y, then Enter).

You can now connect using the alias:

$ ssh compute1

3.6. Troubleshooting#

Permissions. Your ~/.ssh directory and its contents need strict permissions. The private key should be 600 and the public key 644:

$ chmod 600 ~/.ssh/id_rsa
$ chmod 644 ~/.ssh/id_rsa.pub

SSH agent. If you get a “Permission denied” error, make sure your SSH key is added to the agent:

$ eval "$(ssh-agent -s)"
$ ssh-add ~/.ssh/id_rsa

Server SSH config. Public key authentication must be enabled on the remote server. This is usually controlled by PubkeyAuthentication yes in /etc/ssh/sshd_config.

Network. Verify that no firewall or network issues are blocking your access.

Contents