SSH Key Utilities
Tools for generating, inspecting, converting, and managing SSH keys — both at the SCDF and on your local machine.
SCDF useraccount portal
To view, upload, update, or delete SSH keys associated with your SCDF account, visit https://useraccount.sdcc.bnl.gov/ssh-key.
Only public keys are stored server-side. Private keys must remain on your local system.
Local utilities
The following commands ship with OpenSSH and are available on Linux, macOS, and Windows (via OpenSSH for Windows, WSL, or Git Bash).
ssh-keygen — generate and inspect keys
Generate a new Ed25519 key pair (recommended):
ssh-keygen -t ed25519 -C "your_email@example.com"
Generate an RSA key pair (4096-bit, for compatibility with older servers):
ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
Display the fingerprint of a public key:
ssh-keygen -l -f ~/.ssh/id_ed25519.pub
Change the passphrase on an existing private key:
ssh-keygen -p -f ~/.ssh/id_ed25519
Convert a PuTTY-format key (.ppk) to OpenSSH format — see Generate SSH Key Pairs for the full PuTTY workflow.
ssh-add — manage the SSH agent
Add a key to the running agent:
ssh-add ~/.ssh/id_ed25519
List keys currently loaded in the agent:
ssh-add -l
Remove all keys from the agent:
ssh-add -D
See SSH Agent for configuring agent forwarding through SCDF gateways.
ssh-copy-id — upload your public key to a remote host
ssh-copy-id username@remote-host
Appends your public key to ~/.ssh/authorized_keys on the remote host. Note: to authorize a key for SCDF access, use the useraccount portal instead — editing authorized_keys directly on SCDF systems is not supported.
ssh-keyscan — retrieve a host's public key
Useful for pre-populating ~/.ssh/known_hosts to avoid interactive fingerprint prompts:
ssh-keyscan -t ed25519,rsa ssh.sdcc.bnl.gov >> ~/.ssh/known_hosts
Always verify the retrieved fingerprint against a trusted source before trusting the key.