Configure Key-based SSH Authentication
- Ambrish Raghoonundun, Mr
You do not need to generate a separate ssh private key for your laptop and desktop. Once generated, you can easily copy it between your computers.
It is a good idea to have separate keys for McGill and Calcul Quebec networks, though.
The usage of ssh private keys for authentication has the following advantages:
Eliminates the accidental blacklisting of legitimate IP addresses. Today an IP is blacklisted after 3 failed login attempts. This is an inconvenient, yet common, occurrence caused by username/password typos;
No need to share your password with external collaborators — just manage the public ssh keys in ~/.ssh/authorized_keys. This helps us to comply McGill sensitive data usage policies;
Greatly decreased likelihood that your sensitive research data will be compromised even if your password is leaked or cracked;
With SSH agent (available in Windows, MacOS and Linux) you do not even need to type the passphrase of your ssh-key, it will be unlocked upon system login;
Increased protection from denial-of-service attacks;
Easy control of allowed commands for the special cases (rsync with external host as an example);
But there are also the disadvantages:
You should have your ssh private key everywhere with you;
If you will forget the passphrase of the key — there is no way to recover it;
Depending on your usage, you will get help to set this up by following one of the following. Set up keys when using: