OpenSSH is a free SSH protocol suite providing encryption for network services like remote login or remote file transfers. It supports strong cryptography algorithms like RSA, ECDSA, Ed5519, AES, chahcha20, so on. It also provides port forwarding, strong authentication, agent forwarding, interoperability, SFTP client, server support, and optional data compression.

SSH keys offer an alternative and secure way of login authentication to password-based authentication on the discovery cluster. To set up SSH keys, a public and private SSH key pair has to be generated. The private key is stored in the local machine. The public key has to be stored and transferred to the remote discovery cluster to set up the SSH based authentication. The SSH keys are significantly more complex than the passwords, making them more resistant to brute-force attacks.

Getting openSSH

OpenSSH client is installed by default in current versions of Windows 10. You can verify that your Windows 10 version has it enabled by opening Windows Settings and navigating to Apps > Optional features and verifying that Open SSH Client is displayed.

For Linux and Mac users, OpenSSH is installed by default as well. To verify, run the below command:

ssh -V


OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n  7 Dec 2017

Login to Discovery

  1. Open the PowerShell in your local workstation/machine if you are using Windows. Else, open the terminal if you are using Linux or Mac.

  2. Run the following command to connect to the Discovery via openSSH.

Syntax: ssh <username>

  1. You will be asked to enter the Discovery’s password next.


For security reasons, the password you enter won’t be shown on the screen and also the cursor doesn’t move. Keep typing your password until you finish and then, hit enter. On successful authentication, you will be able to log in to Discovery successfully.

If you aren’t on the NMSU network, then you have to run the VPN before you proceed to connect/login to the Discovery.

Authentication-SSH keys

Using openSSH, you can create SSH private-public key pair to setup a key-based authentication with the Discovery. Please follow the below steps to setup the key-based authentication.

Step 1 - Key Generation

  • Open the PowerShell if you are on Windows OS. If you are using Linux or Mac, simply open the terminal.

  • Then, type the following:

Syntax: ssh-keygen -t <algorithm-name> -b <bits>

ssh-keygen -t RSA -b 4096


Generating public/private rsa key pair.
Enter file in which to save the key (<your-home-directory>/.ssh/id_rsa):

It’s recommended to use the RSA algorithm with 4096 bits. For more information about the parameters associated with the ssh-keygen command, refer the following page →

  • The above prompt asks you to enter the file path where you want to store the key pair. The SSH keys are usually stored in the user’s ./ssh under home directory. Hence, it’s recommended to store under (<your-home-directory>/.ssh/id_rsa) and just hit Enter.

  • Then, it prompts you to enter the passphrase like below:

Enter passphrase (empty for no passphrase):
Enter same passphrase again:

Hit Enter twice if you don’t want to set any passphrase.


Your identification has been saved in <your-home-directory>/.ssh/id_rsa.
Your public key has been saved in <your-home-directory>/.ssh/
The key fingerprint is:
SHA256:FQt/D30S4xqfvjPEGU6LgBePkhLXW50/74eo1jP/W1Y 91866@LAPTOP-IUG191LS
The key's randomart image is:
+---[RSA 4096]----+
|        ...  .o. |
|      . |
|       o o+*+ +..|
|      . +.=..*o=.|
|       .So ..=++E|
|            ..* o|
|           . o.oo|
|          . = +o+|
|         ... +o=+|

The output shows confirmation that the public and private keys have been generated and saved in the ./ssh directory.

If you want to protect the private key file with password, then you can set it and enter the passphrase twice. The advantage of setting the password is that the private key file can’t be used even if someone obtains it.

Step 2 - Transfer Public Key

  • The generated public key has to be transferred to the discovery cluster. First, go to the directory in your local machine which contains the public key file. To do so, run the below command:

    Switch Directory:

  • Linux or Mac Terminal

  • Windows PowerShell

cd $HOME/.ssh
cd $env:USERPROFILE\.ssh
  • Next, run the scp command to transfer the public key to the Discovery.

Syntaxscp <local-file-path-public-key> <username><username>/.ssh/authorized_keys


Output:                                                                            100%  748     8.1KB/s   00:00

From the above output, you see that the public key in has been transferred to the /home/<user-name>/.ssh/authorized_keys in Discovery successfully.

After running the scp command, you will be prompted to enter the Discovery’s password. On successful authentication, the public key will be transferred to the Discovery.

Step 3 - Set Permissions

  • Now, set the read, write, and execute permissions to the ~/.ssh directory and `~/.ssh/* ` files. To do that, login to the discovery and then run the below commands from the home directory in Discovery.

chmod 700 ~/.ssh
chmod 600 ~/.ssh/*

Step 4 - Create SSH Configuration File

  • The SSH config file has to be set up in your local machine and please follow the below steps for your appropriate OS.

  • Linux or Mac Terminal

  • Windows PowerShell

  • If the .ssh directory isn’t created yet under your $HOME directory, then create one like below:

mkdir $HOME/.ssh
  • Switch to the SSH directory. To do that, run the below command:

cd $HOME/.ssh
  • Create a new file called config.

vi config
  • Now, paste the following lines of code in the SSH config file. Then, save and close the file.

Host discovery
 User <your-username>
 Port 22
 IdentityFile ~/.ssh/id_rsa
  • If the .ssh folder isn’t created yet under your USERPROFILE in windows, then create one like below:

New-Item -Path $env:USERPROFILE\.ssh -Type Directory


Directory: <your env:USERPROFILE>

Mode                LastWriteTime         Length Name
----                -------------         ------ ----
d-----       10/30/2020   4:30 AM                .ssh
  • Now, switch to the created .ssh folder.

cd $env:USERPROFILE\.ssh
  • Create a new file called config using the below command.

New-Item -Path $env:USERPROFILE\.ssh\config -Type File


Directory: C:\Users\91866\.ssh

Mode                LastWriteTime         Length Name
----                -------------         ------ ----
-a----       10/30/2020   4:42 AM              0 config
  • After the config file is created, open the file using the notepad:

notepad config
  • Now, paste the below lines of code in the config file. Save and close the file.

Host discovery
   User <your-discovery-username>
   Port 22
   IdentityFile ~/.ssh/id_rsa

Parameters explained

Name Description


Identifier(This name will be used when you SSH into discovery later)


Remote server’s Hostname


Discovery username




Private key file.

Now, login to the Discovery now using the below command.

Syntax: ssh <Host-parameter-in-Config-file> -l <Discovery-username>

ssh discovery -l crushev


Last login: Thu Oct 22 18:53:35 2020 from
    ____  _
   / __ \(_)_____________ _   _____  _______  __
  / / / / / ___/ ___/ __ \ | / / _ \/ ___/ / / /
 / /_/ / (__  ) /__/ /_/ / |/ /  __/ /  / /_/ /
/_____/_/____/\___/\____/|___/\___/_/   \__, /

## Welcome to Discovery! ##
- For more inforamtion on how to use the system, please visit ''.
- Visit '' to generate sbatch job submission scripts.
- Please review our policies at ''.
- To contact us email ''.

It logs into the Discovery successfully without even asking for the password. This shows that the private and public keys are set correctly for key-based authentication.

X11 Forwarding

To enable X11 Forwarding using OpenSSH, please refer to the official documentation of X11 forwarding page → X11 Forwarding


Please refer to the official documentation of openSSH for more information →