The IDM system of the TU Darmstadt allows you to upload the public part of your ssh key pair into your TU-ID vault.

See “Details” right of this text (or click on the image down below) for how it works and how it plays with our login nodes.

Security experts recommend ssh key-based logins over password-based logins as more secure. While passwords can be sniffed (eg. by keyloggers or “man in the middle” attacks), ssh key pairs require possession (of two matching key files) and knowledge (“passphrase”).

While passwords are necessarily sent via network from client to host for validation, the private key or its protecting passphrase never travels the wire.

We highly recommend the key type “ed25519” (based on elliptic curve cryptography) for all your ssh keys. This type is more secure (by the current state of knowledge), and for a comparable level of security shorter than RSA keys.

Even more strongly recommended is to assign a passphrase to the private part of the key pair, as else just obtaining the private key would allow an attacker to digitally pretend being you.

You can create such a key with

ssh-keygen -t ed25519 …

This tool asks interactively for all further details – remember to choose a strong passphrase!