On Linux you can generate an SSH key file with ssh-keygen, e.g.

  ssh-keygen -f ~/.ssh/id_fuberlin -t ed25519 -C "yourusername-$HOSTNAME-$(date +%Y%m%d)"

would generate key files ~/.ssh/id_fuberlin and ~/.ssh/id_fuberlin.pub of type ed25519, preferable for it's strong yet short and therefore easy to handle keys, with a comment of yourusername-yourhostname-20230414, which makes it easier to tell different keys apart. You can also name the files differently, but the prefix id_ and the location in ~/.ssh are customary.

The content of the public key file (with extension .pub, e.g. id_fuberlin.pub in our example) needs to be added to ~/.ssh/authorized_keys.

When doing this from outside the department (with a previous key id_fuberlin already installed), this can be done easily with the ssh-copy-id tool:

  ssh-copy-id -i ~/.ssh/id_fuberlin yourusername@login.physik.fu-berlin.de

To use an SSH key you can either pass it to ssh with the -i option, configure it in your ~/.ssh/config or, most easily, load it into your running SSH agent

  ssh-add ~/.ssh/id_fuberlin

You might need to start the agent first, if it has not been started by your Desktop environment already, e.g. via

  systemctl --user enable --now ssh-agent.socket

on Debian and Ubuntu, which will also ensure, that it is started on subsequent logins or by running

  eval $(ssh-agent)

in a shell.

If you use alternative SSH clients or clients that use SSH under the hood, like X2Go, you will have to configure them to use your key file.

Please use different keys for different purposes, e.g. for general SSH usage at the department, generate a different key than you use for our GitLab.

On Windows you can use PuTTYgen to generate key files. You can use these with WinSCP to connect to storage systems like grouphome and storage.

On Mac OSX you can follow the Linux description on the usage of ssh-keygen. An SSH agent is provided by your system.