# Managing SSH keys with Kanidm > **For lab members who joined before 2026-05-22.** orca's logins are now managed centrally through Kanidm for new members. If you already had an orca account before that date, your existing access still works and you don't need to follow this. This page covers SSH access to **orca**, whose logins are managed through the lab's identity server, [Kanidm](https://idm.lab.pyarelal.xyz). You register your SSH **public key** with Kanidm once, then you can log in. (For web services and passwords, see [Accounts](https://wiki.lab.pyarelal.xyz/books/lab-manual/page/accounts).) Other lab machines are still being migrated — ask Adarsh for access to those. ## 1. Make sure you have an SSH key On your laptop: ```bash ls ~/.ssh/id_ed25519.pub ``` If that file exists, skip to step 2. Otherwise create one: ```bash ssh-keygen -t ed25519 -C "your-name@arizona.edu" ``` Press Enter for the default location; a passphrase is recommended. This creates a **private** key (`~/.ssh/id_ed25519` — never share it) and a **public** key (`~/.ssh/id_ed25519.pub` — safe to share). ## 2. Copy your public key ```bash cat ~/.ssh/id_ed25519.pub ``` Copy the whole line — it starts with `ssh-ed25519`. ## 3. Register it with Kanidm You have two options for doing this: via the web (easier) or via the command line. ### 3.1 Web (easier) Sign in at [idm.lab.pyarelal.xyz](https://idm.lab.pyarelal.xyz) → Profile → Credentials -> **SSH Keys** → **Add SSH Key**, paste the public key from step 2, and give it a Title (e.g. `my-macbook-pro`). ### 3.2 Command line If you have the `kanidm` [client tools](https://kanidm.github.io/kanidm/stable/client_tools.html): ```bash kanidm login -D kanidm person ssh add-publickey