SSH Keys

What are SSH keys?

The short answer is like passwords, but better.

They're more secure than passwords, and they're also easier to manage for group accounts.

SSH keys consist of three parts:

  • A public key file that gets installed into the account you want to log into. This is not sensitive, and can be freely shared with the account owner.
  • A private key file that stays secure in your account or on your computer. This is sensitive, and must not be shared with anyone.
  • A passphrase, which is a password for the private key. This is also sensitive, and like any password, must not be shared.

They're easier to manage than passwords, because account owners can easily add or remove keys in the account without needing privileged access.

They're also more secure than passwords, because an attacker would need to have both the passphrase and the private key file to gain access to your account.

SSH keys at CSE

Generating a key

Generating an SSH key is very simple:

  • Connect to a login server or VLAB using your zID and zPass
  • From the terminal, run ssh-keygen -t rsa
  • Accept the default path and filename when prompted, and be sure to set a secure passphrase
  • This will create ~/.ssh/ (your public key) and ~/.ssh/id_rsa (your private key).

Adding an SSH key to a shared account

For course accounts, this happens automatically overnight if you're in the appropriate account class for the course.

If there are any problems, or you need access immediately, contact System Support.

For any other shared accounts, the account owner or System Support will need to do this for you.

Once the SSH key is installed in the shared account, you will be able to run (for example) ssh from a login server or VLAB.

See below for details on connecting directly from your own computer.

Adding an SSH key to your own account

To allow login to your own account with your SSH key:

  • Connect to a login server using your zID and zPass
  • From the terminal, run cat ~/.ssh/ >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys

Your key is now installed and ready to use.

Using your SSH key from your own computer

Downloading your key

In order to use your key directly from your own computer, you will need to download your private key file:

  • Set up Cyberduck on your computer, and connect to your own homedir
  • Ensure that Edit -> Preferences | Browser | Show Hidden Files is selected.
  • Download your private key from .ssh/id_rsa to your own computer

On Windows, you will need to convert the key to .ppk format:

  • If you haven't already, download and install PuTTY on your computer.
  • Run the PuTTYgen app that comes bundled with PuTTY
  • Go to Conversions -> Import to open the id_rsa key you downloaded
  • Click Save Private Key to save out a .ppk version of the file

On Mac, you don't need to convert the key - just save it directly in your /Users/YourUsername/.ssh folder.

Using your key with SSH applications

In PuTTY, go to Settings -> Connection -> SSH -> Auth, and set the private key field to point to the .ppk file you saved.

Make sure to save your session to preserve the setting for next time.

In Cyberduck, go to Bookmarks -> Edit Bookmark and set the SSH Private Key field there.

You should now be able to connect directly from your computer to any account that your SSH key is installed in

Last edited by jbc 25/03/2020

Tags for this page:

SSH, PuTTY, cyberduck, public, private, keys, course, shared