Each LinkSCEEM site uses SSH Public Key Based Authentication. The SSH protocol is recommended for remote login and remote file transfer which provides confidentiality and security for data exchanged between two computer systems, through the use of public key cryptography.
The following tutorial will guide you in generating a key pair and uploading the public key.
To log in to your LinkSCEEM Account requires that you obtain a private-public key pair. To do this you must generate a SSH key pair on the machine from which you want to login. The private key of the pair will remain in a secure location on the machine of origin. The public key of the pair must be moved to the proper location on the LinkSCEEM machine. Please refer to your allocation notification for details on how to request that your public key be added to your account at each site, typically you will simply send the public key to the system administration staff of the LinkSCEEM site.
The following sections describe how to setup key pairs.
1. Check for an .ssh directory:
2. Create a public and private key pair:
3. The ssh-keygen program will prompt you for a filename for saving the private key. You should press Enter to use the default name (e.g., /home/username/.ssh/id_rsa).
4. The program will prompt you for a password to protect your private key. LinkSCEEM strongly recommends that you enter a password when generating a public and private key pair. If you choose not to use a password, anyone who gains access to your private key can authenticate to your account without a password.
Once you enter and confirm your password, ssh-keygen will create a private and public key using the name you specified. The public key will have a .pub extension (e.g., id_rsa.pub).
5. Copy the contents of your public key, so you can paste it into the authorized_keys file on the remote resource you want to access:
- View the file:
- Highlight and copy the contents of the public key file.
6. The LinkSCEEM site staff will add the the public key to the authorized_keys file at the LinkSCEEM site. Typically, sending the site support staff your public key is sufficient, however specific instructions may be included in your allocation notification.
In Windows, you can use PuTTY or SSH Secure Shell to set up SSH key based authentication. Download information for SSH Secure Shell is available at FileWatcher.
- Using Putty
Detailed instructions on a method for use with putty can be found at the following website:
- Using SSH Secure Shell
- In SSH Secure Shell, from the Edit menu, select Settings. In the window that opens, select Global Settings, then User Authentication, and then Keys.
- Under "Key pair management", click Generate New... . In the window that appears, click Next.
- In the Key Generation window that appears:
- From the drop-down list next to "Key Type:", select DSA.
- From the the drop-down list next to "Key Length:", select at least 1024. You may choose a greater key length, but the time it takes to generate the key, as well as the time it takes to authenticate using it, will increase.
- Click Next. The key generation process will start. When it's complete, click Next again.
- In "File Name:" field, enter a filename for storing your private key. Your public key will be stored in a file with the same name, plus a .pub extension. In the boxes next to "Passphrase:", enter a passphrase for your private key or leave the boxes empty if you do not want to protect your private key with a passphrase. Click the Next button.
Note: LinkSCEEM strongly recommends that you enter a password when generating a public and private key pair. If you choose not to use a password, anyone who gains access to your private key can authenticate to your account without a password.
- To complete the key generation process, click Finish.
- Back in the Settings window, we can now click on the newly generated key and then export the public key to a location where it is easy to find (such as the Desktop). Once the key is exported, click the OK button. The LinkSCEEM site staff can add the the public key to the authorized_keys file at the LinkSCEEM site. Typically, sending the site support staff your (exported) public key is sufficient, however specific instructions may be included in your allocation notification.
- The next time you make a connection to the remote host, when you see the connection dialog box, change the "Authentication Method:" field to Public Key. You will be prompted for the passphrase for your private key (if you supplied one). This passphrase is not sent to the remote host. If you did not supply a passphrase for your private key, you will not receive a request for a passphrase when connecting to the remote host. The terminal will simply open.
To change the authentication method permanently, before ending your session, from the File menu, select Save Settings. Alternatively, modify the SSH profile for that server:
- In your SSH terminal window, click Profiles, and then select Edit Profiles... .
- In the list on the left, select the profile you want to modify. Then on the right, select the Authentication tab.
- Under "Authentication methods:", select Public Key. Then click the up arrow in the upper right corner across from the heading "Authentication methods:" as many times as necessary to move it to the top.
- Click OK.
The one caveat to this site is that you cannot add the public key to the LinkSCEEM systems yourself, you must send them to the support staff.