SSH allows you to generate a list of key pairs. One private, one public. The two combined allow secure encryption and decryption of data. When used with SSH it allows very strong login to various services that use it. Some examples would be an SSH terminal, SFTP, and rsync. To generate a unique key pair for you, follow the directions below.

1. Open a shell in your favorite terminal application (Terminal.app, eterm, etc)
2. Type: ssh-keygen -d to generate a DSA public/private key pair.
3. You will then be prompted to enter a location to save the key pair. Feel free to use the default. If you plan to generate multiple key pairs, you should name them with a descriptive name, include the full path to where you want to store them, usually this is in your home directory inside the .ssh/ directory. The private key will have the filename you enter, the public key will have .pub appended to the end of that filename. An example might be /Users/username/.ssh/JoyentStrongspace. This will generate two files. JoyentStrongspace and JoyentStrongspace.pub.
   
4. After generating the keys it will prompt for a passphrase. This passphrase will be used to type in a password when accessing the keys. You can leave this blank if you’d like. It does however provide another mechanism with which to keep your data safe. If someone were to obtain your private key (which you shouldn’t share) they would still need the passphrase to use it. Many leave it blank in order to make rsync backups to Strongspace work seamlessly without requiring the user to type in a password. Another safer way to do this is to use SSHAgent. See below for more information.
5. You should make sure your keys are private. Make sure your local .ssh/ directory is restricted to you: chmod 700 ~/.ssh && chmod 600 ~/.ssh/*

After generating a key pair you can use it to login to your various Joyent services.

1. Create a file called authorized_keys on the server in ~/.ssh/
2. Copy the contents of your filename.pub file (it’s one line long) to the authorized_keys file.
3. You should make sure your keys are private. Make sure your local .ssh/ directory is restricted to you: chmod 700 ~/.ssh && chmod 600 ~/.ssh/*
4. You can now access the server by typing: ssh -i ~/.ssh/YOURKEY -o “PasswordAuthentication no” -p 22 username@theserver.tld This isn’t ideal, but with some simple configuration changes to your SSH client it can make your logins more secure.

After the last bit you were probably thinking, “Wow, that almost makes things harder.” You’re right, but we can make it easier. The following snippet of configuration makes it so you can skip the long line each time you want to login and essentially create an alias for each host you want to connect to via SSH.

• Open ~/.ssh/config in your favorite text editor (vi, vim, emacs, nano, TextMate)
• The following lines will help make your life easier.

   Host favoritename
     HostName ServerIP
     IdentityFile ~/.ssh/keyfile
     PasswordAuthentication no
     Port 22
     User your_username

• This allows you to type ssh favoritename at the command line and login to your server without having to type in lots of information about your connection.