What are SSH keys?
The short answer is like passwords, but better.
They're more secure than passwords, and they're also easier to manage for group accounts.
SSH keys consist of three parts:
- A public key file that gets installed into the account you want to log into. This is not sensitive, and can be freely shared with the account owner.
- A private key file that stays secure in your account or on your computer. This is sensitive, and must not be shared with anyone.
- A passphrase, which is a password for the private key. This is also sensitive, and like any password, must not be shared.
They're easier to manage than passwords, because account owners can easily add or remove keys in the account without needing privileged access.
They're also more secure than passwords, because an attacker would need to have both the passphrase and the private key file to gain access to your account.
SSH keys at CSE
Generating a key
Generating an SSH key is very simple:
- Connect to a login server or VLAB using your zID and zPass
- From the terminal, run ssh-keygen -t rsa
- Accept the default path and filename when prompted, and be sure to set a secure passphrase
- This will create ~/.ssh/id_rsa.pub (your public key) and ~/.ssh/id_rsa (your private key).
Adding an SSH key to a shared account
For course accounts, this happens automatically overnight if you're in the appropriate account class for the course.
If there are any problems, or you need access immediately, contact System Support.
For any other shared accounts, the account owner or System Support will need to do this for you.
Once the SSH key is installed in the shared account, you will be able to run (for example) ssh firstname.lastname@example.org from a login server or VLAB.
See below for details on connecting directly from your own computer.
Adding an SSH key to your own account
To allow login to your own account with your SSH key:
- Connect to a login server using your zID and zPass
- From the terminal, run cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys
Your key is now installed and ready to use.
Using your SSH key from your own computer
Downloading your key
In order to use your key directly from your own computer, you will need to download your private key file:
- Set up Cyberduck on your computer, and connect to your own homedir
- Ensure that Edit -> Preferences | Browser | Show Hidden Files is selected.
- Download your private key from .ssh/id_rsa to your own computer
On Windows, you will need to convert the key to .ppk format:
- If you haven't already, download and install PuTTY on your computer.
- Run the PuTTYgen app that comes bundled with PuTTY
- Go to Conversions -> Import to open the id_rsa key you downloaded
- Click Save Private Key to save out a .ppk version of the file
On Mac, you don't need to convert the key - just save it directly in your /Users/YourUsername/.ssh folder.
Using your key with SSH applications
In PuTTY, go to Settings -> Connection -> SSH -> Auth, and set the private key field to point to the .ppk file you saved.
Make sure to save your session to preserve the setting for next time.
In Cyberduck, go to Bookmarks -> Edit Bookmark and set the SSH Private Key field there.
You should now be able to connect directly from your computer to any account that your SSH key is installed in