Managing SSH keys with Kanidm For lab members who joined before 2026-05-22. orca's logins are now managed centrally through Kanidm for new members. If you already had an orca account before that date, your existing access still works and you don't need to follow this. This page covers SSH access to orca , whose logins are managed through the lab's identity server, Kanidm . You register your SSH public key with Kanidm once, then you can log in. (For web services and passwords, see Accounts .) Other lab machines are still being migrated — ask Adarsh for access to those. 1. Make sure you have an SSH key On your laptop: ls ~/.ssh/id_ed25519.pub If that file exists, skip to step 2. Otherwise create one: ssh-keygen -t ed25519 -C "your-name@arizona.edu" Press Enter for the default location; a passphrase is recommended. This creates a private key ( ~/.ssh/id_ed25519 — never share it) and a public key ( ~/.ssh/id_ed25519.pub — safe to share). 2. Copy your public key cat ~/.ssh/id_ed25519.pub Copy the whole line — it starts with ssh-ed25519 . 3. Register it with Kanidm You have two options for doing this: via the web (easier) or via the command line. 3.1 Web (easier) Sign in at idm.lab.pyarelal.xyz → Profile → Credentials -> SSH Keys → Add SSH Key , paste the public key from step 2, and give it a Title (e.g. my-macbook-pro ). 3.2 Command line If you have the kanidm client tools : kanidm login -D kanidm person ssh add-publickey