SSH keys

Configuring ssh keys¶

This configuration allows to define ssh keys for different users. Add or remove ssh keys. Define a user name (user needs to exist) and then add or remove ssh keys accordingly. On the left side of the ssh key tab the different users are displayed. Selecting a user shows the keys defined for that user. As always, the main selector defines the scope. The "Preview" button allows to see the detailed configuration.

Please keep in mind that assigning a new ssh key to a user will overwrite any previously assigned keys, so ensure that all necessary ssh keys are set for each user.

How to create an ssh key?¶

A tool called ssh-keygen can be used for ssh key generation.

On Linux and Mac just open a terminal, on Windows you use the "cmd" option to get to the Windows shell.

Then run ssh-keygen but do not enter a passphrase. We recommend using an ecdsa key with maximum keylength for best security and compatibility:

    user@my-machine~ % ssh-keygen -t ecdsa -b 521
    Generating public/private ecdsa key pair.
    Enter file in which to save the key (/Users/user/.ssh/id_ecdsa):
    Enter passphrase (empty for no passphrase): 
    Enter same passphrase again: 
    Your identification has been saved in /Users/user/.ssh/id_ecdsa.
    Your public key has been saved in /Users/user/.ssh/id_ecdsa.pub.
    The key fingerprint is:
    XXXXXXXX-XXXXXXXX-YYYYYYYYYYYY-YYYYYYYYYYYY

Newer versions of macOS mandate a manual addition of the key to the keychain

For current macOS versions please add the key and follow this instruction to make it active also after a reboot.

Then copy the public key from your /Users/user/.ssh/id_ecdsa.pub. This key needs to be distributed to all edge devices that should be accessed with public/private key authentication.