Connection & SSH keys
We make use of SSH keys to securely connect to the Elja login node. Every SSH key comes in a pair: a private key, which is hosted on your local machine, and a public key, which is hosted on the login node.
Never share your private key file or its contents with anyone. System administrators will NEVER legitimately request your private key - not even for troubleshooting purposes. Do not email it to yourself, upload it anywhere, or provide it to anyone under any circumstances.
An SSH key should be unique to the machine it is made on (i.e. do not copy/send them between machines). If you wish to use more than one machine to connect to Elja, you need to generate a key for each machine and contact the admins.
Key Security and Renewal
SSH Key Renewal Policy
For security reasons, SSH keys on Elja expire after one year and must be renewed annually. You will receive an automated email reminder one month before your key expires, giving you time to add a new key following the instructions below. This policy helps maintain system security by ensuring old or potentially compromised keys cannot be used indefinitely.
Adding New Keys to authorized_keys
There are times when you might need to add a new SSH key to your account - perhaps you got a new computer, want to access Elja from an additional device, or need to renew an expiring key.
The authorized_keys file is like a guest list for your account - it contains all the public keys that are allowed to connect to your account on Elja. When you connect via SSH, the system checks if your private key matches any of the public keys in this file.
Step 1: Generate a New SSH Key Pair
First, you'll need to create a new key pair on your local machine and copy the public key (.pub file). Refer to this page if you are using a UNIX-based system or this page for more information.
Step 2: Add the Key to Your authorized_keys File
Now you need to add this public key to your authorized_keys file on Elja. There are a few ways to do this:
Method 1: If you can still connect to Elja with an existing key
If you're renewing keys and can still access Elja with your current key:
- Connect to Elja using your existing key
- Open the authorized_keys file in a text editor:
nano ~/.ssh/authorized_keys - Add your new public key on a new line at the end of the file
- Save and exit (in nano: Ctrl+X, then Y, then Enter)
Method 2: If you cannot connect to Elja
If this is your first time setting up access, your old key has expired, or it no longer works for other reasons, you'll need to contact the system administrators by sending an email to irei@hi.is. Send us:
- Your new public key (the long line starting with
ssh-ed25519orssh-rsa) - Your username on Elja
- A brief explanation of why you need the key added
Only send your public key (the .pub file contents) - never your private key.
Step 3: Test Your New Key
Try connecting to Elja with your new key:
ssh your-username@elja.hi.is
If you created multiple keys and this doesn't work, you might need to specify which key to use:
ssh -i ~/.ssh/your_new_key your-username@elja.hi.is
Step 4: Clean Up Old Keys
Once you've confirmed your new key works, please remove old keys from your authorized_keys file. Each line in the file represents one authorized key, so you can simply delete the lines containing old keys.
This prevents old, potentially compromised keys from being used to access your account.
Remember, maintaining good SSH key hygiene by regularly updating your keys and removing old ones is an important part of keeping the system secure for everyone.