ORION Virtual Machines are configured by default to utilize OpenSSH key exchanges for authentication, rather than passwords.  MacOS has built in OpenSSH functionality which makes it easy to configure ssh keys.

• To get started, open a Mac terminal window.  From the Mac finder, click Go->Utilities->Terminal.  If you expect to use a remote VM frequently, it is a good idea to pin the terminal to your Mac toolbar.

• If you do not already have an ssh key that you use for accessing remote systems, the following steps will create a new one for you.  At the Mac terminal prompt, you can generate your ssh key & provide a passphrase using the command ssh-keygen. Your private and public keys will be stored in the .ssh directory by default. You can use the command ‘cat’ to show the contents of the public key file, which will by default have a name that indicates the encryption cipher with a .pub extension (i.e., id_ed25519.pub)
  
  PLEASE NOTE:  We strongly recommend that you use a strong password to protect your private key and to not share a private key with others.  If someone gets an unprotected private key, they can use it to login to any system where your public key has been installed.  The public key, on the other hand, can be shared with others or installed on remote systems to provide access to accounts.  The ORION web console will utilize your public key, not your private key, to grant access to your virtual machines.
  
  

  mymac:~ mylocaluser$ ssh-keygen Generating public/private ed25519 key pair. Enter file in which to save the key (/Users/mylocaluser/.ssh/id_ed25519):  Created directory '/Users/mylocaluser/.ssh'. Enter passphrase (empty for no passphrase):  Enter same passphrase again:  Your identification has been saved in /Users/mylocaluser/.ssh/id_ed25519 Your public key has been saved in /Users/mylocaluser/.ssh/id_ed25519.pub The key fingerprint is: SHA256:9dD209lkkbWn/ATqEmB+ckOsCYLLm6k7m54eHAGDEEI mylocaluser@mymac.local The key's randomart image is: +--[ED25519 256]--+ |XE             .+| |+. .     . .   .o| | .. . . o = o ..+| | ... . + * + + *+| | .o     S = o =.+| |. .+     + +   + | | o+       . .   .| |.oo        .     | |BB               | +----[SHA256]-----+ mymac:~ mylocaluser$  mymac:~ mylocaluser$ cat .ssh/id_ed25519.pub ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHEW19D8ycBPFjotRhkA1ho6eYet2cjeXDwK6HMheA0p mylocaluser@mymac.local

• In the ORION web console, go to the drop-down for your user profile in the upper right-hand corner, and select Settings: Update SSH Key.

• Copy the contents of your private key, as seen above, into the text box and click the “Update SSH Key” button.  Be sure to copy the entire line, including the username/host at the end. Any VM that you create in ORION will automatically have this public key added to your account’s authorized_keys file when it is instantiated, thus allowing you to login.

• Note that you MUST do this step prior to creating any ORION VMs, otherwise, they will not get your ssh key installed and you won’t be able to login to them remotely.
  
  

• From your Mac terminal window, you will now load your ssh key into your key agent using the ssh-add command on your private key:
  
  

  mymac:~ mylocaluser$ ssh-add .ssh/id_ed25519 Enter passphrase for .ssh/id_ed25519:  Identity added: .ssh/id_ed25519 (mylocaluser@mymac.local)

• After you create a new VM, you should be able to ssh to the ORION virtual machine’s IP address, which can be found for each VM under the Virtual Machine section of the dashboard.  Each VM's panel shows the VM name, a color status code, the template used, the owner and creation time, and the IP address near the bottom next to the globe icon:
  
  

• Note that you will need to use your own NetID when sshing in, since the account name created on the new VM matches your NetID.  Also note that the first time you connect to your VM, you will get a message asking if you are sure you want to continue connecting; this is normal because each remote SSH host also has an identifying key to help ensure that the host is not spoofing its address.  This key will be added to your local ssh configuration and you will not get warned again unless the remote system has been reloaded and a new host key created.  You can just type yes and continue, and you will be logged into the remote ORION virtual machine; no password is required.
  
  

  mymac:~ mylocaluser$ ssh netid@10.134.196.144 The authenticity of host '10.134.196.144 (10.134.196.144)' can't be established. ED25519 key fingerprint is SHA256:lGXLiS28rRzTrBMwrg5TU0zhV2KgRcXP7uKFuGRPNgg. This key is not known by any other names. Are you sure you want to continue connecting (yes/no/[fingerprint])? yes Warning: Permanently added '10.134.196.144' (ED25519) to the list of known hosts. Last login: Mon Mar 24 15:31:27 2025 [netid@orion-196-144 ~]$

• Now that you have loaded your ssh key into your Mac's key agent, it will stay there until you restart your Mac desktop or reboot the Mac system:  the key agent keeps the key loaded so you can continue to use it without having to load it in each time.  To see your loaded keys, you can type ssh-add -L   If you want to remove the key from the agent for some reason, you can type ssh-add -D, which will clear out all your ssh keys from the agent.
  
  

  mymac:~ mylocaluser$ ssh-add -L ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHEW19D8ycBPFjotRhkA1ho6eYet2cjeXDwK6HMheA0p mylocaluser@mymac.local mymac:~ mylocaluser$ ssh-add -D All identities removed.