SSH (Secure Shell) is a cryptographic protocol to log into remote servers, run remote commands, copy data to/from a server and more. It is often used to operate in environments without a desktop, such as the Robolab brick. Furthermore, it is the main transport protocol for accessing Git repositories.
You can test the availability of SSH by running ssh -V on the command line.
ssh -V
> OpenSSH_10.0p2, OpenSSL 3.6.0 1 Oct 2025
Modern Windows comes with a pre-installed SSH client.
If needed, you can install it from Settings > Apps/System > Optional features > Add a feature > OpenSSH Client
macOS comes with a built-in SSH client.
Please install the OpenSSH client using your distribution's package manager.
sudo apt install openssh-client # Debian, Ubuntu, Linux Mint, ...
sudo pacman -S openssh # Arch
sudo dnf install openssh-clients # Fedora, RedHat
SSH is best used with a public/private keypair. After the public key is pre-authorized on the desired server, SSH uses the private key for authentication and you won't need to enter a password to log in anymore.
If you don't already have one, generate a new keypair with the following command:
ssh-keygen
Save the keypair with the default name and location by simply pressing Enter!
Setting a passphrase is generally recommended, otherwise any person with access to the keyfile can impersonate you.
The resulting keypair is saved to the hidden folder .ssh of your home directory. The file ending in .pub is your public key, the other is the private one. Never share your private key!
If you set a passphrase for your keyfile, you need to enter it every time you use the key.
To avoid this, we can add our identities to a program called ssh-agent, where they are kept unlocked until a reboot.
Even better: on Windows, macOS and Gnome (Ubuntu) we can save the passphrase persistently in our Desktop Keychain and have it unlock and add our identities automatically after a reboot.
Enable and start the service for ssh-agent:
Services or Win+R ->services.msc).OpenSSH Authentication AgentStartup type to Automatic (Delayed Start)Ok, Right-click and press StartRun ssh-add on the command line and make sure your key is added successfully:
PS C:\Users\User> ssh-add
Enter passphrase for C:\Users\User\.ssh\id_ed25519:
Identity added: C:\Users\User\.ssh\id_ed25519 (user@DESKTOP-L4F7S9D)
The passphrase should now be saved and the identity automatically added to the SSH agent after a reboot.
For macOS we need to explicitly instruct the Apple Keychain which identities to save the passphrase for.
Edit or create the ssh config with the following command:
nano ~/.ssh/config
Enter the following lines to enable Keychain for your identity file:
Host *
AddKeysToAgent yes
UseKeychain yes
IdentityFile ~/.ssh/id_ed25519
After first unlock, the passphrase is saved to the Apple Keychain.
To unlock all saved identities automatically after boot, we have to silently call ssh-add --apple-load-keychain on each shell startup:
echo "ssh-add --apple-load-keychain > /dev/null 2>&1" >> ~/.zshrc
On Gnome (Ubuntu), the Gnome Keyring acts as a wrapper around ssh-agent.
On first use, it should prompt for the passphrase and provide a checkbox to save it to the keyring.
For other Linux systems, openssh-client contains a systemd-service to run ssh-agent on boot.
While this doesn't persist the passphrase in a keychain, it allows the agent to hold the identity after the first unlock of each boot.
The service is located in /usr/lib/systemd/user/ssh-agent.service and can be enabled with:
systemctl --user enable ssh-agent
systemctl --user start ssh-agent
systemctl --user status ssh-agent
Afterwards, set the environment variable SSH_AUTH_SOCK to $XDG_RUNTIME_DIR/ssh-agent.socket.
For further information for different Applications and Systems implementing ssh-agent, consult the Arch Wiki.
The identities currently held by the SSH agent can be viewed using:
ssh-add -l
Keyfiles with default name and location can be added manually using:
ssh-add
Other keyfiles can be added explicitly:
ssh-add <path-to-private-keyfile>
This must be the path to your private keyfile, for example:
ssh-add ~/.ssh/my_key
To use the git clone command with SSH and get access to private repositories, you need to add your public SSH key to your Gitlab account.
First you need to get your public key. Find the path you used in the key generation and the key with the .pub ending.
The default path is ~/.ssh/id_ed25519.pub, open the file in a text editor or print it with the terminal:
cat ~/.ssh/id_rsa.pub
Copy everything (from ssh-ed25519 to <user>@<hostname>)
Visit the Gitlab-Settings > SSH Keys and klick Add new key.
Paste your previously copied key in the text field. The name and expiration date are optional.
Hit Add key and you're done!
Test your SSH setup with the following command:
ssh -T git@se-gitlab.inf.tu-dresden.de
> Welcome to GitLab, @<zih-username>!