How do I use public key authentication?

Linux & Mac

  1. Open a Terminal and generate a key pair:
    ssh-keygen -t rsa -b 4096
  2. Use a passphrase for appropriate security.
  3. The keys are created in ~/.ssh/ (inside your home directory).
  4. Upload the public key file ~/.ssh/ to the RCE using an SFTP client like Filezilla, or run:
    scp ~/.ssh/
  5. Complete the "On the RCE" steps below to authorize the new key.


  1. Download PuTTYgen and run it.
  2. Select SSH-2 RSA under Type of key to generate and specify 4096 as the Number of bits in a generated key. Then click on Generate.
  3. Generate entropy/randomness by moving the mouse around as instructed.
  4. Under Key comment, enter your email address.
  5. Specify a Key passphrase and repeat it under Confirm passphrase.
  6. Click on Save public key and save it as
  7. Click on Save private key and save it as id_rsa. You can save it in the same location as the public key.
  8. Upload your public key to the RCE using SFTP (e.g. FileZilla, WinSCP).
  9. Complete the "On the RCE" steps below to authorize the new key.

On the RCE

  1. SSH into the RCE (ssh or open a Terminal via an NX session.
  2. Make your public key an authorized key:
    cat ~/ >> ~/.ssh/authorized_keys
  3. Exit the RCE and log in via SSH or PuTTY, and you no longer need to type your password.
    You will still need to type your passphrase once to unlock your key, but after unlocking your key it can authorize multiple SSH connections when you use an SSH agent to temporarily retain your credentials. You can think of this as being similar to a "password manager" as you would use for a web browser. Examples of SSH agents include Pageant (puTTY/Windows), Keychain (Mac), and ssh-agent (Linux & Mac).

Enable NX Pubkey Authentication

  1. Add your public key to the NX authorized keys file:
    cat ~/ >> ~/.nx/config/authorized.crt
  2. Modify permissions:
    chmod 755 {~/.nx,~/.nx/config,~/.nx/config/authorized.crt}
  3. The public key file on the RCE can be deleted:
    rm ~/
  4. From the client, select key-based authentication. (NoMachine instructions)