Passwordless SSH

RSA keys allow users to SSH into a system without having to enter a password. Instead, a locally stored key file is authenticated using the RSA cryptosystem (read more here). This practically allows users to write automated scripts utilizing SSH login without having to compromise password security.

Audience: Faculty, Researchers and Staff

This KB Article References: High Performance Computing
This Information is Intended for: Faculty, Researchers, Staff
Last Updated: November 03, 2017

For MacOS and Linux

If you want to set up passwordless SSH from a Mac/Linux machine into either Seawulf or Li-red, you must first generate a public/private key pair from the terminal. For SeaWulf this would be:

ssh-keygen -t rsa -b 4096 -C "<your_netid>@login.seawulf.stonybrook.edu"

The keygen program will prompt you to name the file. Give it whatever name you'd like:

Enter file in which to save the key (/home/<your_netid>/.ssh/id_rsa): <filename>

The absolute path in the parentheses is the default location where the file will be saved if no filename is provided. If you provide a plain filename without an absolute path, it will save the key pair in the directory where you are running the keygen program, or whatever relative path you provide. We recommend putting your key in the .ssh folder in your home directory.

You will be prompted to create a passphrase for the key:

Enter passphrase (empty for no passphrase): <passphrase>
Enter same passphrase again: <same passphrase>

You will only need to enter this passphrase once, but it is still advisable to remember it or write it down somewhere.

Finally, add your key to your machine's list of keys:

ssh-add <private key>

You will then enter the passphrase that you created earlier. Your private key is the file without the .pub extension added to the end.

Your public key is the one with the .pub extension at the end. The next step is to upload this key to the login node:

scp <public key> <your_netid>@login.seawulf.stonybrook.edu:.

This will place the public key in your home directory on Seawulf. This will not enable passwordless SSH yet, though – you must copy its contents to the authorized_keys file in your .ssh directory:

 nano ~/.ssh/authorized_keys

This opens the file in a text editor. Paste the contents of your public key on a new line at the end of the file. Press Ctrl+O, and then Enter to save the file, then Ctrl+X to exit nano.

You should now be able to ssh into Seawulf without entering a password.


For Windows Users

(Using PUTTYgen and PUTTY):

  1. Download PUTTYgen.
  2. Open the PUTTYgen application.
    • Select SSH-2 RSA and 2048 bits and clik the "Generate" button.
    • Move your mouse randomly in the blank area until the key generator has finished.
    • If you would like to use an additional passphrase enter and confirm this on the following window.
    • Save the public key and private key to a known location on your local machine.
    • Copy the text from the public key to your clipboard.
  3. SSH into your account using PUTTY as normal (see loggin in).
  4. From your home directory change to the .ssh directory and use your favorite editor to open the authorized_keys file and paste the key you copied into a new line
  5. Logout and close all active shells
  6. Open a new PUTTY session
    • enter in the information required to login as normal
    • In Connection/SSH/Auth click the "Browse" button and select the path to the private key that you saved earlier.
    • Save this configuration in the Session tab and click the "Open" button
  7. Your session should have automatically authenticated using RSA keys leaving you in your SeaWulf home directory.

Additional Information


There are no additional resources available for this article.

Getting Help


The Division of Information Technology provides support on all of our services. If you require assistance please submit a support ticket through the IT Service Management system.

Submit A Ticket

Supported By