With the implemenation of two-factor authentication on the ssh protocol at the Observatory, you need to setup two ssh keys to make life easy. These two key are:

1. To login from your laptop to an Observatory machine
2. To login between computers at the Observatory

Below we deal with these two cases. Please note that when you setup a private/public key pair, you need to be extremely carefull with the private key. It's name already indicates it is a private key. It is like a password, extremely important and you shield this file with your life! It is best if you add, during the creation of the key pair, a complex passphrase.

Login from the internet is usually done from your own personal computer. Of course that is a MacBook, but for all those 'other system' users we describe belog how to setup a private/public key pair to allow seemless logon to the Observatory computers.

For Windows, you can use putty, MobaXterm or Bitvise Tunnelier to open a terminal session to a Linux desktop or server computer. Below we describe the setup for each program separately:

• Setup Putty
• Setup WinSCP
• Setup Bitvise Tunnelier

• Setup key based login from MacOS

• Setup Linux

To setup an ssh key pair to allow you to login password/2fa less between Observatory computers tthat all share the /home directory structure, you can simply create a keypair in your .ssh directory:

$ ssh-keygen -t ecdsa
Generating public/private ecdsa key pair.
Enter file in which to save the key (/home/testuser1/.ssh/id_ecdsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/testuser1/.ssh/id_ecdsa
Your public key has been saved in /home/testuser1/.ssh/id_ecdsa.pub
The key fingerprint is:
SHA256:xb4Rs37UbXt3Wn5cHkdKWy2ZDBbor9F83IYNLhjsfIU testuser1@<machine>.strw.leidenuniv.nl
The key's randomart image is:
+---[ECDSA 256]---+
|           ...   |
|         .. o    |
|         o=. + o.|
|         o++E.O.+|
|        So+*.=.@o|
|         .=+* BoB|
|          o+.o =O|
|          ..   +B|
|              . o|
+----[SHA256]-----+

and then add the public key to your authorized_keys file:

 cat ~/.ssh/id_ecdsa.pub >> ~/.ssh/authorized_keys

From this point on login into Observatory Lunix computers from Observatory Linux computers is easy.