======Setup SSH Keys======
With the implemenation of two-factor authentication on the ssh protocol at the Observatory, you need to setup two ssh keys to make life easy. These two key are:
  - To login from your laptop to an Observatory machine
  - To login between computers at the Observatory

Below we deal with these two cases. Please note that when you setup a private/public key pair, you need to be extremely carefull with the private key. It's name already indicates it is a **private** key. It is like a password, extremely important and you shield this file with your life! It is best if you add, during the creation of the key pair, a complex passphrase.

=====Login from outside the Observatory=====
Login from the internet is usually done from your own personal computer. Of course that is a MacBook, but for all those 'other system' users we describe belog how to setup a private/public key pair to allow seemless logon to the Observatory computers.
====From Windows====
For Windows, you can use ''%%putty%%'', ''%%MobaXterm%%'' or ''%%Bitvise Tunnelier%%'' to open a terminal session to a Linux desktop or server computer. Below we describe the setup for each program separately:
  * [[:services:2fa:ssh:putty|Setup Putty]]
  * [[:services:2fa:ssh:winscp|Setup WinSCP]]
  * [[:services:2fa:ssh:tunnelier|Setup Bitvise Tunnelier]]

====From MacOS====
  * [[:services:2fa:ssh:macos|Setup key based login from MacOS]]
====From Linux====
  * [[:services:2fa:ssh:linux|Setup Linux]]


=====Ssh key based login between computers at the Observatory=====
To setup an ssh key pair to allow you to login password/2fa less between Observatory computers tthat all share the ''%%/home%%'' directory structure, you can simply create a keypair in your ''%%.ssh%%'' directory:
  $ ssh-keygen -t ecdsa
  Generating public/private ecdsa key pair.
  Enter file in which to save the key (/home/testuser1/.ssh/id_ecdsa):
  Enter passphrase (empty for no passphrase):
  Enter same passphrase again:
  Your identification has been saved in /home/testuser1/.ssh/id_ecdsa
  Your public key has been saved in /home/testuser1/.ssh/id_ecdsa.pub
  The key fingerprint is:
  SHA256:xb4Rs37UbXt3Wn5cHkdKWy2ZDBbor9F83IYNLhjsfIU testuser1@<machine>.strw.leidenuniv.nl
  The key's randomart image is:
  +---[ECDSA 256]---+
  |           ...   |
  |         .. o    |
  |         o=. + o.|
  |         o++E.O.+|
  |        So+*.=.@o|
  |         .=+* BoB|
  |          o+.o =O|
  |          ..   +B|
  |              . o|
  +----[SHA256]-----+

and then add the public key to your ''%%authorized_keys%%'' file:
   cat ~/.ssh/id_ecdsa.pub >> ~/.ssh/authorized_keys

From this point on login into Observatory Lunix computers from Observatory Linux computers is easy.