Create ssh-key pairs

Update: April 11, 2023 - The German Federal Office for Information Security (BSI) requires a key length of at least 3000 bits for the RSA method with the expiration of the year 2023. Therefore, the Institute of Nuclear Physics will no longer accept RSA keys with 2048 bits for new applications. Existing users have been requested to generate new, BSI-compliant keys.

Update: May 15, 2020 - Due to a serious security incident on the university's HPC systems, all SSH keys used so far lose their validity with immediate effect.

If you need access to the computer network of the Institute of Nuclear Physics, please generate a *new* SSH key pair. Use a particularly good passphrase, your email address (Uni-Mainz or home institute) as comment.

Under no circumstances should you omit the passphrase. As you can see, one single careless person is enough to cause inconvenience to the whole university. Do not be that person!

If possible, create an ed25519 key:


ssh-keygen -t ed25519


Two files are created:

  • You should send your public key ~/.ssh/ to the IT group via the ticket system or by email to (no need to do both) with the request to add you to the ssh gateway.
  • Your private key ~/.ssh/id_ed25519 will be activated with your passphrase. Passphrase and private key are to be kept secret and must not be given to anyone - not even to us.

Alternatively, you can also generate rsa keys. However, this is only useful if you need access to older systems. The key length should be at least 3072 bits, but not more than 4096 bits. It does not make sense to increase the rsa key length further. The gain in security is minimal, the handling is very difficult and the algorithm becomes even slower. If you have security concerns, use the ed25519 keys.

If you yourself have access to a machine for which you want to set up remote access, you can also add the public key yourself to the ~/.ssh/authorized_keys file.

Alternative for older Windows versions:

Please follow our instructions for generating SSH keys with PuTTY.