Beehive Documentation

Last updated: 02/09/2026, 09:44:08 AM

Docs Nodes Jobs History
Overview Getting Started SSH Keys Software Hardware Jobs Apptainer For Faculty

SSH Keys for Cluster Access

IMPORTANT: SSH keys are the ONLY method to access Beehive. Password authentication is disabled. Set up your SSH key to get access.

Why Use SSH Keys with Passphrases?

Your SSH private key is like a password that never expires. If someone steals an unprotected private key, they have permanent access to any system that trusts that key.

A passphrase-protected key is useless to an attacker without the passphrase.

"But typing a passphrase every time is annoying!"

That's where SSH agent comes in - you type your passphrase once per session, and it remembers it for you.

Generate Your SSH Key

Run this command on your local computer (not on the cluster):

ssh-keygen -t ed25519 -C "your_email@example.com" -f /path/to/private_key

When prompted: - Enter a strong passphrase (use 4+ words) - Confirm your passphrase

Windows users: Use Windows Terminal, not Command Prompt.

Add your key to the cluster

Contact admin@ttic.edu to add or update SSH keys.

Add a key yourself (if you already have access)

If you can already SSH into the cluster, you can add a new key without contacting an admin.

From your local machine:

ssh-copy-id -i /path/to/public_key YOUR_USERNAME@cluster.ttic.edu

Verify it works before relying on it:

ssh -i /path/to/private_key YOUR_USERNAME@cluster.ttic.edu

Using SSH Agent

SSH agent stores your passphrase so you don't have to type it repeatedly.

Start SSH Agent

Linux/macOS:

eval "$(ssh-agent -s)"
ssh-add /path/to/private_key

Windows:

# Run as Administrator
Start-Service ssh-agent

# Optional: Enable permanently (also as Administrator)
Get-Service -Name ssh-agent | Set-Service -StartupType Automatic

# Run as normal user
ssh-add /path/to/private_key

Make SSH Agent Persistent

macOS:

ssh-add --apple-use-keychain /path/to/private_key

Linux - Add to ~/.bashrc or ~/.zshrc:

if [ -z "$SSH_AUTH_SOCK" ]; then
    eval "$(ssh-agent -s)"
    ssh-add /path/to/private_key
fi

Windows - Already configured above with Set-Service -StartupType Automatic

Troubleshooting

Permission Denied

Check your connection:

ssh -v -i /path/to/private_key YOUR_USERNAME@cluster.ttic.edu

Fix local key permissions (Linux/macOS):

chmod 700 ~/.ssh
chmod 600 /path/to/private_key
chmod 644 /path/to/public_key

Check server-side setup:

ssh YOUR_USERNAME@cluster.ttic.edu  # Login with existing key
cat ~/.ssh/authorized_keys          # Should show your key
ls -la ~/.ssh                       # Should show drwx------
ls -la ~/.ssh/authorized_keys       # Should show -rw-------

If permissions are wrong on the server:

chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

SSH Agent Not Working

Check if running:

ssh-add -l

If you see "Could not open a connection to your authentication agent":

Linux/macOS:

eval "$(ssh-agent -s)"
ssh-add /path/to/private_key

Windows:

# Run as Administrator
Start-Service ssh-agent

# Run as normal user
ssh-add /path/to/private_key

Need More Help?

Run SSH in verbose mode:

ssh -vvv -i /path/to/private_key YOUR_USERNAME@cluster.ttic.edu

Save the output and contact admin@ttic.edu for assistance.

Security Best Practices

  • Always use a strong passphrase
  • Never share your private key (only the .pub file)
  • Use ssh-agent for convenience without compromising security
  • Use different keys for different systems
  • Rotate keys annually
  • Keep your private key on your personal machine only