SSH Keys for Cluster Access
IMPORTANT: SSH keys are the ONLY method to access Beehive. Password authentication is disabled. Set up your SSH key to get access.
Why Use SSH Keys with Passphrases?
Your SSH private key is like a password that never expires. If someone steals an unprotected private key, they have permanent access to any system that trusts that key.
A passphrase-protected key is useless to an attacker without the passphrase.
"But typing a passphrase every time is annoying!"
That's where SSH agent comes in - you type your passphrase once per session, and it remembers it for you.
Generate Your SSH Key
Run this command on your local computer (not on the cluster):
ssh-keygen -t ed25519 -C "your_email@example.com" -f /path/to/private_key
When prompted: - Enter a strong passphrase (use 4+ words) - Confirm your passphrase
Windows users: Use Windows Terminal, not Command Prompt.
Add your key to the cluster
Contact admin@ttic.edu to add or update SSH keys.
Add a key yourself (if you already have access)
If you can already SSH into the cluster, you can add a new key without contacting an admin.
From your local machine:
ssh-copy-id -i /path/to/public_key YOUR_USERNAME@cluster.ttic.edu
Verify it works before relying on it:
ssh -i /path/to/private_key YOUR_USERNAME@cluster.ttic.edu
Using SSH Agent
SSH agent stores your passphrase so you don't have to type it repeatedly.
Start SSH Agent
Linux/macOS:
eval "$(ssh-agent -s)"
ssh-add /path/to/private_key
Windows:
# Run as Administrator
Start-Service ssh-agent
# Optional: Enable permanently (also as Administrator)
Get-Service -Name ssh-agent | Set-Service -StartupType Automatic
# Run as normal user
ssh-add /path/to/private_key
Make SSH Agent Persistent
macOS:
ssh-add --apple-use-keychain /path/to/private_key
Linux - Add to ~/.bashrc or ~/.zshrc:
if [ -z "$SSH_AUTH_SOCK" ]; then
eval "$(ssh-agent -s)"
ssh-add /path/to/private_key
fi
Windows - Already configured above with Set-Service -StartupType Automatic
Troubleshooting
Permission Denied
Check your connection:
ssh -v -i /path/to/private_key YOUR_USERNAME@cluster.ttic.edu
Fix local key permissions (Linux/macOS):
chmod 700 ~/.ssh
chmod 600 /path/to/private_key
chmod 644 /path/to/public_key
Check server-side setup:
ssh YOUR_USERNAME@cluster.ttic.edu # Login with existing key
cat ~/.ssh/authorized_keys # Should show your key
ls -la ~/.ssh # Should show drwx------
ls -la ~/.ssh/authorized_keys # Should show -rw-------
If permissions are wrong on the server:
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
SSH Agent Not Working
Check if running:
ssh-add -l
If you see "Could not open a connection to your authentication agent":
Linux/macOS:
eval "$(ssh-agent -s)"
ssh-add /path/to/private_key
Windows:
# Run as Administrator
Start-Service ssh-agent
# Run as normal user
ssh-add /path/to/private_key
Need More Help?
Run SSH in verbose mode:
ssh -vvv -i /path/to/private_key YOUR_USERNAME@cluster.ttic.edu
Save the output and contact admin@ttic.edu for assistance.
Security Best Practices
- Always use a strong passphrase
- Never share your private key (only the .pub file)
- Use ssh-agent for convenience without compromising security
- Use different keys for different systems
- Rotate keys annually
- Keep your private key on your personal machine only