What is SSH?

If you have been granted access to a Lafayette hosted server, you’ll need to use SSH (Secure SHell) to connect.

SSH keys provide an increased security option for authenticating to shared and service-related systems. The following instructions detail how to create SSH key pairs for use with UNIX-like and Windows systems.

Creating SSH key pairs on Mac OS X, Linux, and other UNIX-based systems

The ssh-keygen command is used to generate SSH keys.

Linux and macOS provide this command natively as part of OpenSSH.

Windows 10 onward also provide this command as part of OpenSSH.

Older versions of Windows, i.e., Windows 7 and early releases of Windows 10 do not have OpenSSH preinstalled and require installation of software that includes OpenSSH such as PuTTy or MobaXterm.

The ssh-keygen command generates cryptographic keys in OpenSSH format.  This format refers to the compact single-line string structure that is ideal for use with UNIX-like systems, i.e., authorized_keys.  This is the required format for College systems and OpenSSH formatted keys using the ed25519 algorithm is the current standard for SSH authentication.

The OpenSSH format comprises three fields:

  • Field 1 is the algorithm used, i.e., ssh-ed25519.
  • Field 2 is the key “blob”, a Base64 encoded string encompassing the key parameters (algorithm type, length, name and public key bytes).  This field is always exactly 68 characters in length.
  • Field 3 is a comment field providing an optional descriptor.  This field usually defaults to the user@hostname for the computer used to generate the key.

An example OpenSSH formatted key appears below where the three fields can be clearly seen:

ssh-ed25519 AAAAB3NzaC1yc…[truncated]…3NzaC1yc user@hostname

NOTE:  Keys provided using the PEM or SECSH (RFC 4716) public key file formats cannot be accepted.

SSH key files

The SSH-keygen tool will produce key files in the appropriate format, named id_rsa.pub.  These files will, by default, be written to a directory named .ssh in the user’s home directory.

$HOME/.ssh/

When ssh-keygen generates a new key, two keys (a key pair) are actually generated. These comprise a private key (secret), and a public key that can be freely distributed as necessary.  The private key file is written to a text file named id_rsa or id_ed25519 and the public key is written to a text file named id_rsa.pub or id_ed25519.pub.

Once a key has been generated, navigate to the .ssh directory and either copy the file or its contents.  This information can then shared as widely as needed, i.e., with anyone administering systems to be accessed.

Key Generation Step-by-step

This process will request a passphrase. The passphrase may be empty to indicate no passphrase (host keys must have an empty passphrase), or it may be a string of arbitrary length. Instead of RSA, DSA can also be used. The steps to create authorization keys by using the SSH-keygen tool are as follows:

  1. Start the SSH-keygen tool by using the following command to generate an RSA authentication key:[axl@asterisk1 axl]$ ssh-keygen -t rsa
    Generating public/private rsa key pair.
  2. Enter the path to the file that will hold the key: By default, the file name $HOME/.ssh/id_rsa, which represents an RSA v2 key, appears in parentheses.Enter file in which to save the key (/home/axl/.ssh/id_rsa):
    <return>
  3. Enter a passphrase for using your key: The passphrase you will enter will be used for encrypting your private key. A good passphrase should be alphanumeric having 10-30 character length. You can also use the null passphrase however it can be a loophole for the security.Enter passphrase (empty for no passphrase):
    <Type the passphrase>
  4. Re-enter the passphrase to confirm it: Type your passphrase once again to confirm it. Enter same passphrase again: <Type the passphrase>
    Your identification has been saved in /home/axl/.ssh/id_rsa.
    Your public key has been saved in /home/axl/.ssh/id_rsa.pub.
    The key fingerprint is:
    0b:fa:3c:b8:73:71:bf:58:57:eb:2a:2b:8c:2f:4e:37
    axl@myLocalHost
  5. Check the Passphrase Key: The private key was saved in .ssh/id_rsa file which is the read-only file. No one else must see the content of that file, as it is used to decrypt all correspondence encrypted with the public key. The public key is save in .ssh/id_rsa.pub file.
  6. Provide the contents of the id_rsa.pub file to the appropriate party for access to the server.

This information is based on the ssh-keygen Wikipedia page.

Key Generation on Windows

If you’re using Windows, then you will generate your key using PuTTY by copying and pasting the key from the Key Generator using the instructions available at:

By default PuTTY generates keys in PEM or SECSH Public Key File Format. This is not the desired format so please copy and paste your key as described in the directions above so that you can send it in OpenSSH format.

Tagged in: