Using SSH to connect to department servers - short version
As of December 10th (2025-12-10), if you want to use SSH to access department servers from outside the Campus networks (ex. from home) - you will need to:
- Use SSH Public Keys, uploaded to CS SSH Public Key Management
- Login to our login nodes (salt/peppar/itchy/scratchy), or through them ("ProxyJump" /
ssh -Jflag)
or
- Connect via VPN first
or
- Use the Terminal via the browser
Right before this, we imported all keys used in your ~/.ssh/authorized_keys at the CS file server (if you had any) - but with a short expiration date (45 days instead of the default 1 year).
Ensure you renew the keys you use so that they do not expire.
Note: If you are using ssh keys for any self-administered computer (ie. not using the CS account/homedirectories managed by support), those keys are NOT automatically imported to the system, you should add them yourself before the cutoff date to avoid any issues.
Preparations - What you probably want:
Open up a Terminal on your computer.
Create an SSH key, if you don't have one already:
yourlaptop$ ssh-keygen -N ""Upload the
.pubpart of it to CS SSH Public Key Management.- Linux/macOS:
yourlaptop$ cat .ssh/id_ed25519.pub - Windows:
C:\...> type .ssh\id_ed25519.pub
- Linux/macOS:
[Optional Quality-of-Life improvement] Place the following in your config file (
~/.ssh/configfor Linux/WSL/macOS,YOURHOME\.ssh\configfor Windows native/PowerShell) to tell ssh which user to connect as, to make things easier for you:
Host git.cs.umu.se
User git
ProxyJump none
Host *.cs.umu.se
User YOURCSUSER
Host *.cs.umu.se !salt.cs.umu.se !peppar.cs.umu.se !itchy.cs.umu.se !scratchy.cs.umu.se
ProxyJump salt.cs.umu.se
This will instruct ssh to use 'git' as user for the Git VCS (our GitLab instance) and connect directly. For the rest of the CS machines, use YOURCSUSER as username, and for all except the login nodes - jump through salt.cs.umu.se (feel free to pick one of the others - peppar/itchy/scratchy - to spread the load).
This should work for applications such as VSCode as well. If you find applications that use ssh, but fail to use this - see below.
Usage after Preparations:
With the SSH Public key setup correctly, you'll be able to login to the department login servers without entering your password, you are instead authenticating with your private key.
yourlaptop$ ssh peppar.cs.umu.se
...
Welcome to peppar running Debian 13 x86_64!
Note: If you did not do the optional step above, you'll still need to specify your username with ssh,
ie. ssh -l YOURCSUSER peppar.cs.umu.se
(or ssh YOURCSUSER@peppar.cs.umu.se)
Why all this hassle?
- There is a lot of nasty people on the Internet, trying to break into our machines continously using leaked passwords or just guessing at commonly used passwords.
- We can be more safe if we only allow connections from the outside using keys that have been uploaded through a system that can utilize 2FA/MFA.
- MSB (Myndigheten för Samhällsskydd och Beredskap, soon to be called Myndigheten för civilt försvar) says that we need to have 2FA/MFA enabled for externally accessible services on government entities (which we are).
Paths for different operating systems
Probably something like:
| OS | Config file | Public key (send to us) | Private key (keep for yourself) |
|---|---|---|---|
| Linux | /home/YOURUSER/.ssh/config |
/home/YOURUSER/.ssh/id_ed25519.pub |
/home/YOURUSER/.ssh/id_ed25519 |
| macOS | /Users/YOURUSER/.ssh/config |
/Users/YOURUSER/.ssh/id_ed25519.pub |
/Users/YOURUSER/.ssh/id_ed25519 |
| Windows | C:\Users\YOURNAME\.ssh\config |
C:\Users\YOURNAME\.ssh\id_ed25519.pub |
C:\Users\YOURNAME\.ssh\id_ed25519 |
The directory .ssh might appear hidden in some applications / file dialogs - you might need to type it yourself.
Advanced instructions
For more advanced use, see the page with detailed instructions