Why use SSH keys?
SSH keys are like passwords, but better.
They're more secure than passwords, because an attacker would need to have both a key's passphrase and the private key file to gain access to an account.
They make it easier to manage access to group accounts, because account owners can easily add or remove keys in their account without needing privileged access.
What are SSH Keys?
SSH keys consist of three parts:
- A public key file that gets installed into the account you want to log into. This is not sensitive, and can be freely shared with others.
- A private key file that stays secure in your account or on your computer. This is sensitive, and must not be shared with anyone.
- A passphrase, which is a password for the private key. This is also sensitive, and like any password, must not be shared.
SSH keys at CSE
Generating a key
Generating an SSH key is very simple:
- Connect to a login server or VLAB using your zID and zPass
- From the terminal, run ssh-keygen -t rsa
- Accept the default path and filename when prompted, and be sure to set a secure passphrase
- This will create ~/.ssh/id_rsa.pub (your public key) and ~/.ssh/id_rsa (your private key).
- Keep the private key for yourself. Only give the public key to other people.
Adding an SSH key to an account you control.
You may want to use an SSH key to log into your CSE account.
Or you administer a shared account and you want to give someone else login access.
To add an SSH key to a CSE account:
- Get a copy of the public key.
- Login to the CSE account that want to accept logins using that key.
- Append the public key to the file .ssh/authorized_keys
You can do that with an editor or with a shell command like:
cat key.pub >> ~/.ssh/authorized_keys
- Ensure the authorized_keys file is only readable by its account:
chmod 600 ~/.ssh/authorized_keys
The key is now installed and ready to use.
Adding an SSH key to another account
For course accounts, this happens automatically overnight if you're in the appropriate account class for the course.
If there are any problems, or you need access immediately, contact System Support.
For any other shared accounts, the account owner, or System Support will need to do this for you.
Once the SSH key is installed in the shared account, you will be able to run (for example) ssh email@example.com from a login server or VLAB.
See below for details on connecting directly from your own computer.
Using your SSH key from your own computer
Downloading your key
In order to use your key directly from your own computer, you will need to download your private key file:
- Set up Cyberduck on your computer, and connect to your own homedir
- Ensure that Edit -> Preferences | Browser | Show Hidden Files is selected.
- Download your private key from .ssh/id_rsa to your own computer
On Windows, you will need to convert the key to .ppk format:
- If you haven't already, download and install PuTTY on your computer.
- Run the PuTTYgen app that comes bundled with PuTTY
- Go to Conversions -> Import to open the id_rsa key you downloaded
- Click Save Private Key to save out a .ppk version of the file
On Mac, you don't need to convert the key - just save it directly in your /Users/YourUsername/.ssh folder.
Using your key with SSH applications
In PuTTY, go to Settings -> Connection -> SSH -> Auth, and set the private key field to point to the .ppk file you saved.
Make sure to save your session to preserve the setting for next time.
In Cyberduck, go to Bookmarks -> Edit Bookmark and set the SSH Private Key field there.
You should now be able to connect directly from your computer to any account that your SSH key is installed in