You are here

Using ssh on a Mac

Printer-friendly versionPrinter-friendly version


For background reading see connecting from outside the University - an overview.

Macs come with ssh installed. You can use this to login safely and securely to School of Informatics machines from elsewhere on the internet.

When using ssh it's important to know how to use it securely, so before reading further on this page you should read about Host Key Management. (That page refers to Linux, but ssh is the same on macOS and Linux.)


Before you can use ssh, you must be using a VPN - either the University VPN or the School's OpenVPN. The VPN page can help with that.

Kerberos and GSSAPI

This stage is optional but highly recommended. The most secure way to authenticate with the Informatics SSH service is to use GSSAPI (Kerberos). To use this you will need to set up Kerberos on your Mac. After that read the instructions for Using GSSAPI (Kerberos) authentication. Once again the instructions on that page are for Linux, but ssh on the Mac should be configured similarly, although note that the GSSAPIRenewalForcesRekey option is not supported. Once you have configured ssh as shown on that page you will be able to ssh to School servers without being prompted for your DICE username and password each time you connect.

How to use ssh

To use ssh first start the Terminal application.
The Mac Terminal icon
You can find this in the Utilities folder which is on the Finder's Go menu.

Choosing Utilities from the Finder's Go menu

Once you have a Terminal window running, this is how to use ssh:

ssh username@servername

... replacing username and servername with the correct values. Replace username with your DICE username - for example s1234567. Replace servername with the name of the server to connect to: (for undergrad and MSc students) or (for staff, visitors and research postgrads). For example, if your username was s1234567 and you wanted to connect to the Informatics ssh server for students, you would type this in the Terminal window:


If you are using Kerberos and GSSAPI, you will now be logged in to an Informatics ssh server. If you aren't using it, you will be prompted for your DICE password at this point.

If you type the wrong password

If you're not using Kerberos and GSSAPI, ssh will prompt you for your DICE password. If you type the wrong password your login will not succeed. If you get it wrong several times you will be temporarily locked out. This is a security measure. If this happens to you, simply wait a while then try again, or ask Informatics Computing Support for help.

Public Keys

The Public Key Support section of the External Login page explains why using ssh public keys is a bad idea. To remove a public key which you may previously have generated on your Mac, open Terminal once again and type

rm ~/.ssh/id_rsa*

The key's filenames may be different - see the FILES section of

man ssh-keygen

on your Mac.

Last reviewed: 

System Status

Home dirs (AFS)
Other services
University services
Scheduled downtime

Choose a topic