Lafayette CollegeTechnology Help
If you have been granted access to a Lafayette hosted server, you’ll need to use SSH (Secure SHell) to connect.
SSH keys provide an increased security option for authenticating to shared and service-related systems. The following instructions detail how to create SSH key pairs for use with UNIX-like and Windows systems.
The ssh-keygen command is used to generate SSH keys.
Linux and macOS provide this command natively as part of OpenSSH.
Windows 10 onward also provide this command as part of OpenSSH.
Older versions of Windows, i.e., Windows 7 and early releases of Windows 10 do not have OpenSSH preinstalled and require installation of software that includes OpenSSH such as PuTTy or MobaXterm.
The ssh-keygen command generates cryptographic keys in OpenSSH format. This format refers to the compact single-line string structure that is ideal for use with UNIX-like systems, i.e., authorized_keys. This is the required format for College systems and OpenSSH formatted keys using the ed25519 algorithm is the current standard for SSH authentication.
The OpenSSH format comprises three fields:
An example OpenSSH formatted key appears below where the three fields can be clearly seen:
ssh-ed25519 AAAAB3NzaC1yc…[truncated]…3NzaC1yc user@hostname
NOTE: Keys provided using the PEM or SECSH (RFC 4716) public key file formats cannot be accepted.
The SSH-keygen tool will produce key files in the appropriate format, named id_rsa.pub. These files will, by default, be written to a directory named .ssh in the user’s home directory.
$HOME/.ssh/
When ssh-keygen generates a new key, two keys (a key pair) are actually generated. These comprise a private key (secret), and a public key that can be freely distributed as necessary. The private key file is written to a text file named id_rsa or id_ed25519 and the public key is written to a text file named id_rsa.pub or id_ed25519.pub.
Once a key has been generated, navigate to the .ssh directory and either copy the file or its contents. This information can then shared as widely as needed, i.e., with anyone administering systems to be accessed.
This process will request a passphrase. The passphrase may be empty to indicate no passphrase (host keys must have an empty passphrase), or it may be a string of arbitrary length. Instead of RSA, DSA can also be used. The steps to create authorization keys by using the SSH-keygen tool are as follows:
This information is based on the ssh-keygen Wikipedia page.
If you’re using Windows, then you will generate your key using PuTTY by copying and pasting the key from the Key Generator using the instructions available at:
By default PuTTY generates keys in PEM or SECSH Public Key File Format. This is not the desired format so please copy and paste your key as described in the directions above so that you can send it in OpenSSH format.