Managing SSH keys with Kanidm

For lab members who joined before 2026-05-22. orca's logins are now managed centrally through Kanidm for new members. If you already had an orca account before that date, your existing access still works and you don't need to follow this.

This page covers SSH access to orca, whose logins are managed through the lab's identity server, Kanidm. You register your SSH public key with Kanidm once, then you can log in. (For web services and passwords, see Accounts.) Other lab machines are still being migrated — ask Adarsh for access to those.

1. Make sure you have an SSH key

On your laptop:

ls ~/.ssh/id_ed25519.pub

If that file exists, skip to step 2. Otherwise create one:

ssh-keygen -t ed25519 -C "your-name@arizona.edu"

Press Enter for the default location; a passphrase is recommended. This creates a private key (~/.ssh/id_ed25519 — never share it) and a public key (~/.ssh/id_ed25519.pub — safe to share).

2. Copy your public key

cat ~/.ssh/id_ed25519.pub

Copy the whole line — it starts with ssh-ed25519.

3. Register it with Kanidm

You have two options for doing this: via the web (easier) or via the command line.

3.1 Web (easier)

Sign in at idm.lab.pyarelal.xyz → Profile → Credentials -> SSH KeysAdd SSH Key, paste the public key from step 2, and give it a Title (e.g. my-macbook-pro).

3.2 Command line

If you have the kanidm client tools:

kanidm login -D <your-username>
kanidm person ssh add-publickey <your-username> <label> "ssh-ed25519 AAAA... your-name@arizona.edu"

(The label, e.g. my-macbook-pro, just lets you tell keys apart — use one per device.)

4. Log into orca

ssh <your-username>@orca.infosci.arizona.edu

The first time, your shell may take a moment while your home directory is created.

Troubleshooting

Revision #7
Created 22 May 2026 22:27:45 by Adarsh Pyarelal
Updated 8 June 2026 20:06:28 by Adarsh Pyarelal