Skip to content

Generating SSH keys for the LIGO Data Grid

In order to generate and use SSH keys for, you must have installed an ssh client package for your operating system. One of the executables in this package will be ssh-keygen, which generates ssh keys for you.

You are really generating a PAIR of keys

SSH keys come in pairs, a public key (which you can share with anyone) and a private key (which, as the name implies, must be kept private and shared with noone). When you use ssh-keygen, you will create both. You'll usually be able to tell which is the public key because it will have a .pub file extension at the end of the filename.

Although you can specify many options for ssh-keygen, when used without options it will generate a 2048 bit RSA key pair. This is sufficient for use on the LIGO Data Grid, and we recommend that you do not use options unless you know what you are doing.

Not all keys are acceptable

When you register your public key with the LDG app at https://ldg.ligo.org, the app will check to see if the encryption is strong enough to be used on the LIGO Data Grid. If it is not, your key will be rejected and you will need to generate a stronger one.

After you execute the ssh-keygen command, you will be asked for a series of inputs:

  1. "Enter file in which to save the key". You will be offered a default value (e.g. ${HOME}/.ssh/id_rsa). We recommend you accept that value, since this is where ssh expects to find your keys when you are logging in.
  2. "Enter passphrase (empty for no passphrase)". You MUST NOT use an empty passphrase - it is a violation of the LIGO Data Grid security policies. Alway select a unique (not used for other credentials) and secure (preferably at least four randomly generated words) passphrase.
  3. "Enter same passphrase again". This is to prevent typos in entering the passphrase.

Use a password keeper

You are allowed (and in fact, encouraged) to use a secure password keeper like OnePassword or BitWarden. They are generally more secure than other ways of recording your passwords and passphrases and encourage you to use genuinely random passwords and passphrases because you don't need to remember them all yourself. But please make sure your password keeper has a secure password too!

If you are intending to register your key with the LIGO Data Grid at https://ldg.ligo.org and login with your LIGO.ORG username and password. If you do not already have an LDG account, you can enroll there, just follow the instructions. If you DO already have an LDG account, then click on the My SSH Keys link at the top of the page and you will be able to add your public key there. You can also use your ssh keys with your GitLab account by adding it at https://git.ligo.org/-/user_settings/ssh_keys.