SSH Public-Private Key Pairs

You can authenticate to PSC systems using a public-private key pair to encrypt and decrypt an authentication message. The private key is available only to the user, while the public key is, well, publicly accessible. Data encoded by one key can only be decoded by the other. Knowledge of the public key does not allow one to deduce the private key.

If a set of public/private keys exist, the remote machine encodes a message using the public key when SSH makes a connection to it. It sends the encoded message back to the client machine. SSH decrypts the message using the private key. The private key is not disclosed during this transaction. SSH then sends the decoded message back to the remote machine; if it matches, the user is authenticated, and can log in without using a password.

You must create your own set of public/private keys with your SSH client. One common way to generate keys is the ssh-keygen command. Once the keys are generated, the public key needs to be propagated to the PSC systems you wish to access.

PSC has created a web interface so you can manage your key pairs, including propagating them to PSC machines. See how to use this interface to install and use SSH key pairs at PSC.

Or, you can go directly to the PSC SSH key management system.