Working With SSH Key Pairs

Tags:
Categories:

SSH keys) are generated using the ssh-keygen program on Linux/UNIX/macOS/Cygwin, or with PuTTYgen on Windows. Once an SSH key has been generated, you should upload your public key to the SDCC’s servers.

Generate SSH Keys

Generate a Key Pair on Linux/macOS

  1. Open a terminal window on the desktop machine or laptop that you will be using to log in to the SDCC.
  2. At the prompt, type: ssh-keygen -t rsa You will see output similar to the following: 
    Generating public/private rsa key pair.  

Enter file in which to save the key (/home/<user>/.ssh/id_rsa):
    where <user> is replaced by your user name.
    This command will generate an RSA key of the default length (2048 bits).
  3. To accept the default file name and location ~/.ssh/id_rsa, press Return.
  4. At the Enter passphrase prompt, type in a pass phrase, which will not be echoed as you type, and then press Return. This passphrase will be used to unlock your private key file (failing to enter a passphrase for your key will, of course, defeat all security related to the key pair).
  5. You will be prompted to verify the passphrase by entering it again. Retype your passphrase, and then press Return. The key pair will be generated, and you will see output similar to the following: 
     Your identification has been saved in /home/<user>/.ssh/id_rsa.  

 Your public key has been saved in /home/<user>/.ssh/id_rsa.pub.  

 The key fingerprint is:  
 SHA256:PFCKP1tBWnyxxXX+GM4g+ldsJ9/upHPNzloiQLX467c <user>@<machine.name>
    … where the actual fingerprint for your key will be displayed (not the one shown in the example above), and where the terms in brackets (<>) are replaced by the values appropriate for your machine.
    Two files will be created:
  • The first file is the private key, with the default name (or the name you entered above).
  • The second file is the public key, with .pub appended to the file name.
  1. Copy the key fingerprint value from the output above.

Generate A New Key Pair using PuTTY for Windows

These instructions document the use of the free PuTTY client. PuTTY is an implementation of SSH for Windows and UNIX platforms, written and primarily maintained by Simon Tatham.

By default the PuTTYgen program used to generate key pairs will generate a 1024-bit RSA key. Ensure that the “Number of bits in a generated key” value at the bottom of the GUI is set to 2048 bits or larger, or else your key will be rejected by SDCC.

Additional information on using SSH keys with PuTTY can be found at http://the.earth.li/~sgtatham/putty/0.60/htmldoc/Chapter8.html.

  1. On the desktop machine or laptop that you will be using to login to the SDCC, from the PuTTY submenu in the Start menu, open the PuTTYgen program.
  2. Using the defaults, click the Generate button, and then move your mouse around in the space above the Generate button.
  3. When the key pair generation has completed, you will see a result similar to the following image, with both the Save public key and Save private key buttons now active.

![PuTTY Key Generator][/docs/ssh/putty_key.png]

If desired, you can change the value of the **Key comment:** field.   
  1. Enter a Key passphrase and Confirm passphrase for password protection on the generated key.
  2. To save your new keys, click the Save public key and Save private key buttons.
    The default save location for both files is the folder just above your My Documents folder, and your private key will have the file extension .ppk.
    Keep this window open so that you can copy and paste the key fingerprint later in the procedure.

Uploading Public Key to SDCC Servers

  1. To upload your key file, visit the SDCC’s SSH Key Upload form. You will be prompted for your Kerberos user name and password.
  2. On the form, click the Browse button. In the dialog box that appears, navigate to your .ssh directory (or the directory in which your public key file is stored).
    Linux/macOS: If your browser does not display hidden directories (directories whose names are preceded by a period, e.g. .ssh), you will need to type in, or copy and paste, the name of the public key file into the dialog box. Enter the full name of the public key file as displayed in output earlier, including the full path and the .pub file extension. If you copy and paste the name of the path, take care to leave off the period at the end of the line with the public key file name.
    PuTTY/Windows: The dialog box will most likely open in the default location for the key files. If not, you will need to navigate to the appropriate folder. Once in the correct folder, select the public key file and click Open.
  3. Copy and paste the fingerprint of your public key file (as displayed in output earlier) into the second box in the form, or type it into the dialog box.
    Linux/macOS: The fingerprint starts with (and contains) the SHA256:
    PuTTY/Windows: The key is comprised of 16 2-digit hexadecimal numbers, separated by colons (:)
  4. To upload your key file, click the Send File button
  5. You can now log in to the gateway machines using SSH keys. You will be prompted for the passphrase for your private key during the login process. This passphrase will not leave your local machine. If you wish to avoid typing in your passphrase at every login, you may wish to consider adding your keys to your SSH agent.

Using an Existing Key Pair

Linux/macOS

  1. To obtain the fingerprint of an existing public key in your system’s default format, open a Terminal window and type this command: ssh-keygen -l -f [public_key_file_name] where the first argument is a lower-case L, and <public_key_file_name> is the full path to your public key file.
    This command will return the default fingerprint hash of your public key, in output similar to the following: 
    2048 SHA256:PFCKP1tBWnyxxXX+GM4g+IdsJ9/upHPNzloiQLX467c you@yourhost.com (RSA)
    where your default fingerprint is prefixed by the text SHA256:.
    Note: If you are using a version of OpenSSH older than v6.8, the default fingerprint is in MD5.
  2. Proceed to upload your key as specified above.

PuTTY for Windows

  1. To load an existing key into the PuTTY Key Generator, and to obtain the fingerprint of an existing public key, click on the Load button.
  2. Proceed to upload your key as specified above.

Use an Existing Linux Key Pair on Windows

  1. If you have already uploaded a Linux public key to LDAP, you can use the same private key on your Windows machine by copying the Linux private key to your Windows machine, and converting the key to PuTTY format.
  2. After copying the private key to your Windows machine, launch the PuTTY Key Generator, and from the Conversions menu, choose Import.
  3. In the dialog box, browse to and select the private key file. As the file is imported, you will be prompted to enter its passphrase.
  4. After importing the key, to save it in .ppk format and use it on your Windows machine, click Save private key.
  5. It may be necessary to convert your public key as well: to do so, click Save public key.

Use an Existing Windows Key Pair on a Linux Machine

  1. To use a key that was generated in Windows on a Linux machine, from the PuTTY Key Generator’s Conversions menu, choose Export OpenSSH Key, and then copy the resulting files into the .ssh directory of the Linux machine.

Last modified : Louis Pelosi (acca9ac)