SSH Key Setup

We now require SSH authentication to access BL4-2 at the Stanford Synchrotron Radiation Lightsource. Generating an SSH key for each computer you plan to use during beamtime will eliminate the need to frequently update your password.

Requirements

☑ You must have an active BL4-2 Unix account. Request a BL4-2 Unix account here.

☑ Make sure every team member who will log in has an SSH key for each device.

☑ Complete SSH key setup before your beamtime.

If you already have created your SSH keys, you can upload your public key here.

WARNING: Keep your private key safe! Never share your private key (id_rsa or id_ed25519 without .pub) with anyone.

For a Windows PC:
Step 1: Generate a public and private key pair
Use windows own tool:
Run “cmd” from the app search bar at the left of the bottom bar on the windows machine to start the command prompt app;
From command line:

ssh-keygen –t rsa

Hit return to accept the default key file:
C:\Users\YourUserName\.ssh\id_rsa

Hit return twice to Not using a passphrase for the key
Now the keys are generated and saved in the C:\Users\YourUserName\.ssh\ folder with names of id_rsa for private key and id_rsa.pub for the public key

Step 2: Upload your public key here.

Step 3: Connect to bl42nxs1 using NX Enterprise Client
Add a new connection by clicking on the top left Add button and select Add connection
For Name: give a custom name for the connection, such as myConnToNXS1
For Host: bl42nxs1.slac.stanford.edu, select SSH Protocol (This is important), Port will be
changed to 22 automatically
Click on Configuration on the left panel
Select Use key-based authentication with a key you provide
Click on the “Modify” button next to the above selection
Click on the “…” button to select the private key (id_rsa in the .ssh folder)
Use the top left “<” button to go back
Then click on the top right “Add” button to add this connection to the connection list
Double click on the newly set up connection, type in username, then click on the “OK”
button, you should be then taken to the your list of active desktops on bl42nxs1

Please note: no need to type anything in the Passphrase field: this is not your password, but the passphrase you set for your private key, If you followed the above procedure, no passphrase was set for the private key. If you prefer, you can set up a passphrase when you are generating the private key, then you will need to remember it and give it here.

To Genrate the keys for a Mac PC:

Open Terminal:
Locate and open the Terminal application on your Mac. It can be found in Applications/Utilities.

Generate the Key Pair:
In the Terminal, execute the ssh-keygen command:

ssh-keygen -t rsa 

Specify File Location (Optional):
The utility will prompt you to enter a file in which to save the key. Press Enter to accept the default location, which is usually ~/.ssh/id_rsa. If you need to store it elsewhere or use a different name, provide the full path and desired filename at this prompt.

Create a Passphrase (Optional):
You will be prompted to enter a passphrase. This adds an extra layer of security to your private key. If you prefer a passphrase, enter it and press Enter. You will then be asked to re-enter it for confirmation. If you prefer not to use a passphrase, press Enter twice without typing anything.

Key Generation Confirmation:
After confirming the passphrase (or skipping it), the system will generate the key pair and display information about the key's location and fingerprint. The private key will be saved as id_rsa (or your chosen filename) and the public key as id_rsa.pub in the specified directory, typically ~/.ssh/. Your SSH key pair has now been successfully generated.The public key (id_rsa.pub) can be uploaded or appended to your authorized_keys and authorized.crt files as described above.