May 8, 2018

SSH Access

If you have been granted access to a server at Lafayette, you’ll need to use SSH to connect. For security reasons, we use SSH public keys for authentication. The following instructions detail how to create SSH key pairs for use on UNIX-based and Windows systems.

Creating SSH key pairs on Mac OS X, Linux, and other UNIX-based systems

Mac OS X, Linux, or other UNIX-based system can use the built in ssh-keygen command for creating key pairs. This command generates keys in OpenSSH format, which is the desired format for Lafayette Systems. Please do not provide your key in PEM or SECSH Public Key File Format.

The SSH-keygen tool, which produces a file named id_rsa.pub that is in the appropriate format, stores the private key in $HOME/.ssh/id_rsa and the public key in $HOME/.ssh/id_rsa.pub in the user’s home directory. The user should then copy the id_rsa.pub to $HOME/.ssh/authorized_keys in his home directory on the remote machine. It also asks for a passphrase. The passphrase may be empty to indicate no passphrase (host keys must have an empty passphrase), or it may be a string of arbitrary length. Instead of RSA, DSA can also be used. The steps to create authorization keys by using the SSH-keygen tool are as follows:

  1. Start the SSH-keygen tool by using the following command to generate an RSA authentication key:[axl@asterisk1 axl]$ ssh-keygen -t rsa
    Generating public/private rsa key pair.
  2. Enter the path to the file that will hold the key: By default, the file name $HOME/.ssh/id_rsa, which represents an RSA v2 key, appears in parentheses.Enter file in which to save the key (/home/axl/.ssh/id_rsa):
    <return>
  3. Enter a passphrase for using your key: The passphrase you will enter will be used for encrypting your private key. A good passphrase should be alphanumeric having 10-30 character length. You can also use the null passphrase however it can be a loophole for the security.Enter passphrase (empty for no passphrase):
    <Type the passphrase>
  4. Re-enter the passphrase to confirm it: Type your passphrase once again to confirm it. Enter same passphrase again: <Type the passphrase>
    Your identification has been saved in /home/axl/.ssh/id_rsa.
    Your public key has been saved in /home/axl/.ssh/id_rsa.pub.
    The key fingerprint is:
    0b:fa:3c:b8:73:71:bf:58:57:eb:2a:2b:8c:2f:4e:37
    axl@myLocalHost
  5. Check the Passphrase Key: The private key was saved in .ssh/id_rsa file which is the read-only file. No one else must see the content of that file, as it is used to decrypt all correspondence encrypted with the public key. The public key is save in .ssh/id_rsa.pub file.
  6. Provide the contents of the id_rsa.pub file to the appropriate party for access to the server.

This information is based on the ssh-keygen Wikipedia page.

Creating SSH key pairs on Windows using PuTTY

If you are using Windows, then you will generate your key using PuTTY by copying and pasting the key from the Key Generator using the instructions available at:

By default PuTTY generates keys in PEM or SECSH Public Key File Format. This is not the desired format so please copy and paste your key as described in the directions above so that you can send it in OpenSSH format.

Tagged in: