If you have been granted access to a server at Lafayette, you’ll need to use SSH to connect. For security reasons, we use SSH public keys for authentication. The following instructions detail how to create SSH key pairs for use on UNIX-based and Windows systems.

Creating SSH key pairs on Mac OS X, Linux, and other UNIX-based systems

macOS, Linux, or other UNIX-based systems can use the built in ssh-keygen command for creating key pairs. This command generates keys in OpenSSH format, which is the desired format for Lafayette Systems. Please do not provide your key in PEM or SECSH Public Key File Format.

The SSH-keygen tool, which produces a file in the appropriate format, named id_rsa.pub, stores the private key in $HOME/.ssh/id_rsa and the public key in $HOME/.ssh/id_rsa.pub.  Both within the home directory. The id_rsa.pub file should also be copied to the following directory within your home directory on the HPC system.

  • $HOME/.ssh/authorized_keys

This process will request a passphrase. The passphrase may be empty to indicate no passphrase (host keys must have an empty passphrase), or it may be a string of arbitrary length. Instead of RSA, DSA can also be used. The steps to create authorization keys by using the SSH-keygen tool are as follows:

  1. Start the SSH-keygen tool by using the following command to generate an RSA authentication key:[axl@asterisk1 axl]$ ssh-keygen -t rsa
    Generating public/private rsa key pair.
  2. Enter the path to the file that will hold the key: By default, the file name $HOME/.ssh/id_rsa, which represents an RSA v2 key, appears in parentheses.Enter file in which to save the key (/home/axl/.ssh/id_rsa):
    <return>
  3. Enter a passphrase for using your key: The passphrase you will enter will be used for encrypting your private key. A good passphrase should be alphanumeric having 10-30 character length. You can also use the null passphrase however it can be a loophole for the security.Enter passphrase (empty for no passphrase):
    <Type the passphrase>
  4. Re-enter the passphrase to confirm it: Type your passphrase once again to confirm it. Enter same passphrase again: <Type the passphrase>
    Your identification has been saved in /home/axl/.ssh/id_rsa.
    Your public key has been saved in /home/axl/.ssh/id_rsa.pub.
    The key fingerprint is:
    0b:fa:3c:b8:73:71:bf:58:57:eb:2a:2b:8c:2f:4e:37
    axl@myLocalHost
  5. Check the Passphrase Key: The private key was saved in .ssh/id_rsa file which is the read-only file. No one else must see the content of that file, as it is used to decrypt all correspondence encrypted with the public key. The public key is save in .ssh/id_rsa.pub file.
  6. Provide the contents of the id_rsa.pub file to the appropriate party for access to the server.

This information is based on the ssh-keygen Wikipedia page.

Creating SSH key pairs on Windows using PuTTY

If you’re using Windows, then you will generate your key using PuTTY by copying and pasting the key from the Key Generator using the instructions available at:

By default PuTTY generates keys in PEM or SECSH Public Key File Format. This is not the desired format so please copy and paste your key as described in the directions above so that you can send it in OpenSSH format.

Tagged in: