Skip to content

Setting Up Public Key Authentication on the Oak Data Transfer Node (DTN)#

This documentation provides a step-by-step guide on setting up public key authentication on the Oak Data Transfer Node (DTN) at Stanford. This process allows SUNetIDs to securely transfer data without the need to enter a password each time.

Important Limitation: The Oak DTN is designed for data transfer purposes only.

The Oak DTN supports non-interactive access methods such as sftp, rsync, scp, and sshfs. It does not provide a shell session for interactive use, i.e., you cannot ssh into it. Please ensure you use the DTN as intended.

Prerequisites#

Before proceeding, please ensure you have the following:

  • An SSH key pair. You should have a key pair already generated. If not, you can generate a new key pair using the ssh-keygen command.
  • An SSH client installed on your machine.

Steps#

Copy the Public Key to the DTN#

Use the scp command to transfer your public key to the DTN. Replace XXX with the appropriate extension for your public key, usually rsa, dsa, ecdsa, ed25519, etc. Replace $SUNetID with your SUNet ID. 

$ scp ~/.ssh/id_XXX.pub $SUNetID@dtn.oak.stanford.edu:/oak/stanford/.ssh/$SUNetID/authorized_keys

This command will copy your public key to the authorized_keys file on the DTN, allowing the DTN to recognize your private key when you attempt to connect.

Unused Public Keys are Automatically Deleted

Public keys that remain unused for a period of 45 days will be automatically deleted from the DTN. If your key is deleted due to inactivity, you'll need to repeat the process to re-install it.

Key additions or re-additions cannot be automated due to the need for Duo two-step verification.

Connect to the DTN#

Once the public key is set up, you can connect to the DTN using your private key:

$ scp /path/to/local/file $SUNetID@dtn.oak.stanford.edu:/oak/stanford/groups/leland/data/

After completing the setup, you won't be prompted for Duo two-step verification when connecting to the DTN with the corresponding private key. Please remember to keep your private key secure and never share it.