Skip to content

Merge SSH keygen changes (Step 2) and troubleshooting to Main Branch #538

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
MSherren wants to merge 9 commits into
base: main
Choose a base branch
from
Open

Merge SSH keygen changes (Step 2) and troubleshooting to Main Branch #538

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
5d09582
Added new ssh screenshots for ssh documentation
MSherren May 15, 2026
9352190
Added new mac ssh keygen image
MSherren May 15, 2026
0de0ff4
Delete old mac ssh keygen file
MSherren May 15, 2026
e7c886b
Update amc_ssh_auth.md step 2 with new ssh key pair
MSherren May 15, 2026
334cb1f
Update amc_ssh_auth.md to include troubleshooting section for Macs
MSherren May 15, 2026
960b753
Update amc_ssh_auth.md
MSherren May 15, 2026
4fc80bd
Update registrycilogon-instructions.md to match
MSherren May 15, 2026
60e42af
Update amc_ssh_auth.md header hemogony
MSherren May 15, 2026
8825a88
Header Hegemony
MSherren May 15, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
32 changes: 27 additions & 5 deletions docs/additional-resources/amc_ssh_auth.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,15 +46,31 @@ You can move on to [Step 2](#step-2-generate-an-ssh-key), but please make sure 1
```
## *Step 2: Generate an ssh key*

You are strongly encouraged to set a passphrase for your key pair. You will be prompted to enter the passphrase each time you log in.
You are strongly encouraged to set a passphrase for your key pair. You will be prompted to enter the passphrase each time you log in. You are also strongly encouraged to create an ed25519 key type.
Copy link
Copy Markdown
Contributor

@b-reyes b-reyes May 15, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
You are strongly encouraged to set a passphrase for your key pair. You will be prompted to enter the passphrase each time you log in. You are also strongly encouraged to create an ed25519 key type.
You are strongly encouraged to set a passphrase for your key pair and generate a ed25519 key. You will be prompted to enter the passphrase each time you log in.


SSH Key Generation for Windows Users:
- Using the command prompt, PowerShell, or Windows Terminal: <https://www.howtogeek.com/762863/how-to-generate-ssh-keys-in-windows-10-and-windows-11/>
### SSH Key Generation for Windows Users:
Copy link
Copy Markdown
Contributor

@b-reyes b-reyes May 15, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Instead of using headings for the Windows/Mac/Linux portions, please use tabs.

For documentation on how to create tabs, please see the bullet/dropdown in CURC documentation guidelines.

An example of this type of tab usage can be seen in Terminal access for different operating systems

- It is recommended you use Powershell, but command prompt or a basic windows terminal will also work:
Once inside Powershell (or similar), execute the following command:
```
ssh-keygen -t ed25519
```
- After, create a passphrase and note the file path of the generated key. This will be important for step 3. Example output:

![](./amc_ssh_images/windows_ssh_keygen_ex.png)
Copy link
Copy Markdown
Contributor

@b-reyes b-reyes May 15, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When possible, we try to avoid pictures for terminal output. Instead, we place the content in a bash code block. This makes it easier to manipulate and gives us the freedom to change the things like the username very easily and modify it, if needed. Please replace these terminal output pictures with a bash code block.

<br>
-
Comment on lines +60 to +61
Copy link
Copy Markdown
Contributor

@b-reyes b-reyes May 15, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think these can be removed.

- Using PuTTY: <https://devops.ionos.com/tutorials/use-ssh-keys-with-putty-on-windows/>

SSH Key Generation for Mac Users:
<https://docs.tritondatacenter.com/public-cloud/getting-started/ssh-keys/generating-an-ssh-key-manually/manually-generating-your-ssh-key-in-mac-os-x>
### SSH Key Generation for Mac and Linux Users:
- From a terminal window, execute the following command:
```
ssh-keygen -t ed25519
```
- After, create a passphrase and note the file path of the generated key. This will be important for step 3. Example output:

![](./amc_ssh_images/mac_sshkeygen_real.png)
Copy link
Copy Markdown
Contributor

@b-reyes b-reyes May 15, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please see my note above. Please replace this terminal output picture with a bash code block.

<br>
- NOTE for Mac users: There is a chance you need to create or alter your ssh config file (~/.ssh/config). See more in the [Troubleshooting](#troubleshooting) section below.
Copy link
Copy Markdown
Contributor

@b-reyes b-reyes May 15, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please highlight all code or files with "code" highlighting i.e. the single back ticks.


## *Step 3: Upload your ssh key to [registry.cilogon.org](https://registry.cilogon.org/registry/)*

Expand Down Expand Up @@ -121,6 +137,12 @@ Log in at [registry.cilogon.org](https://registry.cilogon.org/registry/) and nav
## Troubleshooting

* If you are able to get through [Step 3](#step-3-upload-your-ssh-key-to-registrycilogonorg) but unable to ssh in from your terminal, check that the ssh key in your command is the same key you uploaded to the registry.
* For Mac users: If you have set up the key and followed all the steps above but are prompted for a **__password__** instead of a **__passphrase__**, you may need to edit or create a config file (~/.ssh/config). If you don't have an ssh config file, you can create it from the terminal window with the command `touch ~/.ssh/config`. After, edit the file and add the following 3 lines before trying again:
```
Host *
HostKeyAlgorithms ssh-ed25519
PubkeyAcceptedAlgorithms ssh-ed25519
```
Comment on lines +141 to +145
Copy link
Copy Markdown
Contributor

@b-reyes b-reyes May 15, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please indent this code block. It might also be better to specify the particular host, just incase they are connecting to other systems that do not require this.

You will have to test it out, but I think doing something like the following will make it so that it will only apply this if they login to our system:

Host login.rc.colorado.edu
HostKeyAlgorithms ssh-ed25519
PubkeyAcceptedAlgorithms ssh-ed25519

* If you are prompted for a **__passphrase__** (not a password) when signing in from your terminal, this refers to the passphrase you set when you generated your ssh key. If you don't remember it then you will have to generate and upload a new ssh key to the registry. If you are prompted for a **__password__**, please submit a [support request form](https://colorado.service-now.com/req_portal?id=ucb_sc_rc_form), as this indicates an issue with your CILogon enrollment. Please include a screenshot of the error message and the date/time of your last login attempt.
* If you receive an error message indicating that you are not in the COmanage registry (see screenshot below), please submit a [support request form](https://colorado.service-now.com/req_portal?id=ucb_sc_rc_form).

Expand Down
Binary file added docs/additional-resources/amc_ssh_images/mac_sshkeygen_real.png
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added docs/additional-resources/amc_ssh_images/windows_ssh_keygen_ex.png
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
34 changes: 28 additions & 6 deletions docs/additional-resources/registrycilogon-instructions.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,14 +27,31 @@ You can move on to Step 2, but please make sure 10 minutes have elapsed between

## *Step 2: Generate an ssh key*

You are strongly encouraged to set a passphrase for your key pair. You will be prompted to enter the passphrase each time you log in.
You are strongly encouraged to set a passphrase for your key pair. You will be prompted to enter the passphrase each time you log in. You are also strongly encouraged to create an ed25519 key type.

SSH Key Generation instructions for Windows Users:
- Using command prompt, PowerShell, or Windows Terminal: visit [How to Generate SSH Keys in Windows 10 and Windows 11](https://www.howtogeek.com/762863/how-to-generate-ssh-keys-in-windows-10-and-windows-11/)
- Using PuTTY: visit [Use SSH Keys with PuTTY on Windows](https://devops.ionos.com/tutorials/use-ssh-keys-with-putty-on-windows/)
### SSH Key Generation for Windows Users:
- It is recommended you use Powershell, but command prompt or a basic windows terminal will also work:
Once inside Powershell (or similar), execute the following command:
```
ssh-keygen -t ed25519
```
- After, create a passphrase and note the file path of the generated key. This will be important for step 3. Example output:

SSH Key Generation instructions for Mac Users: visit [Manually generating your SSH key in macOS](https://docs.tritondatacenter.com/public-cloud/getting-started/ssh-keys/generating-an-ssh-key-manually/manually-generating-your-ssh-key-in-mac-os-x)
![](./amc_ssh_images/windows_ssh_keygen_ex.png)
<br>
-
- Using PuTTY: <https://devops.ionos.com/tutorials/use-ssh-keys-with-putty-on-windows/>

### SSH Key Generation for Mac and Linux Users:
- From a terminal window, execute the following command:
```
ssh-keygen -t ed25519
```
- After, create a passphrase and note the file path of the generated key. This will be important for step 3. Example output:

![](./amc_ssh_images/mac_sshkeygen_real.png)
<br>
- NOTE for Mac users: There is a chance you need to create or alter your ssh config file (~/.ssh/config). See more in the [Troubleshooting](#troubleshooting) section below.

## *Step 3: Upload your ssh key to registry.cilogon.org*

Expand Down Expand Up @@ -73,7 +90,12 @@ A green message box will notify you that your SSH key was successfully added to
Log in at [registry.cilogon.org](https://registry.cilogon.org/registry/) and navigate to the "Authenticators" section of your profile (see [Step 3](#step-3-upload-your-ssh-key-to-registrycilogonorg), above). Click "Delete", then repeat the process for adding a new key. It will take a few minutes before you can log in with your new key.

## Troubleshooting

* For Mac users: If you have set up the key and followed all the steps above but are prompted for a **__password__** instead of a **__passphrase__**, you may need to edit or create a config file (~/.ssh/config). If you don't have an ssh config file, you can create it from the terminal window with the command `touch ~/.ssh/config`. After, edit the file and add the following 3 lines before trying again:
```
Host *
HostKeyAlgorithms ssh-ed25519
PubkeyAcceptedAlgorithms ssh-ed25519
```
* If you receive an error message indicating that you are not in the COmanage registry (see screenshot below), please submit a [support request form](https://colorado.service-now.com/req_portal?id=ucb_sc_rc_form).

![](./registry-images/notregistered_error.png)
Expand Down