Beehive Documentation

Last updated: 08/19/2025, 08:47:37 AM

Docs Nodes Jobs History
Overview Getting Started SSH Keys Software Hardware Jobs For Faculty

SSH Keys for Beehive Access

IMPORTANT: SSH keys will soon be the ONLY method to access Beehive. Password authentication will be disabled in the near future. Set up your SSH key now to ensure uninterrupted access.

Why Use SSH Keys with Passphrases?

Your SSH private key is like a password that never expires. If someone steals an unprotected private key, they have permanent access to any system that trusts that key.

A passphrase-protected key is useless to an attacker without the passphrase.

"But typing a passphrase every time is annoying!"

That's where SSH agent comes in - you type your passphrase once per session, and it remembers it for you.

Generate Your SSH Key

Run this command on your local computer (not on Beehive):

ssh-keygen -t ed25519 -C "your_email@example.com" -f ~/.ssh/beehive

When prompted: - Enter a strong passphrase (use 4+ words) - Confirm your passphrase

Windows users: Use Windows Terminal, not Command Prompt.

Add Your Key to Beehive

While Passwords Still Work

Step 1: Display your public key on your local computer:

cat ~/.ssh/beehive.pub

Step 2: Copy the entire line that starts with ssh-ed25519

Step 3: Login to Beehive with your password:

ssh YOUR_USERNAME@beehive.ttic.edu

Step 4: On Beehive, add your key:

mkdir -p ~/.ssh
chmod 700 ~/.ssh
echo "PASTE_YOUR_PUBLIC_KEY_HERE" >> ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys

Step 5: Exit and test with your key:

exit
ssh -i ~/.ssh/beehive YOUR_USERNAME@beehive.ttic.edu

After Passwords Are Disabled

Contact admin@ttic.edu to add or update SSH keys.

Using SSH Agent

SSH agent stores your passphrase so you don't have to type it repeatedly.

Start SSH Agent

Linux/macOS:

eval "$(ssh-agent -s)"
ssh-add ~/.ssh/beehive

Windows:

# Run as Administrator
Start-Service ssh-agent

# Optional: Enable permanently (also as Administrator)
Get-Service -Name ssh-agent | Set-Service -StartupType Automatic

# Run as normal user
ssh-add ~/.ssh/beehive

Make SSH Agent Persistent

macOS:

ssh-add --apple-use-keychain ~/.ssh/beehive

Linux - Add to ~/.bashrc or ~/.zshrc:

if [ -z "$SSH_AUTH_SOCK" ]; then
    eval "$(ssh-agent -s)"
    ssh-add ~/.ssh/beehive
fi

Windows - Already configured above with Set-Service -StartupType Automatic

Troubleshooting

Permission Denied

Check your connection:

ssh -v -i ~/.ssh/beehive YOUR_USERNAME@beehive.ttic.edu

Fix local key permissions (Linux/macOS):

chmod 700 ~/.ssh
chmod 600 ~/.ssh/beehive
chmod 644 ~/.ssh/beehive.pub

Check server-side setup:

ssh YOUR_USERNAME@beehive.ttic.edu  # Login with password
cat ~/.ssh/authorized_keys          # Should show your key
ls -la ~/.ssh                       # Should show drwx------
ls -la ~/.ssh/authorized_keys       # Should show -rw-------

If permissions are wrong on the server:

chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

SSH Agent Not Working

Check if running:

ssh-add -l

If you see "Could not open a connection to your authentication agent":

Linux/macOS:

eval "$(ssh-agent -s)"
ssh-add ~/.ssh/beehive

Windows:

# Run as Administrator
Start-Service ssh-agent

# Run as normal user
ssh-add ~/.ssh/beehive

Need More Help?

Run SSH in verbose mode:

ssh -vvv -i ~/.ssh/beehive YOUR_USERNAME@beehive.ttic.edu

Save the output and contact admin@ttic.edu for assistance.

Security Best Practices

  • Always use a strong passphrase
  • Never share your private key (only the .pub file)
  • Use ssh-agent for convenience without compromising security
  • Use different keys for different systems
  • Rotate keys annually
  • Keep your private key on your personal machine only