SSH Public Key Generation Instructions
- Run ’ssh-keygen -t rsa’.
- Enter a passphrase when prompted; follow the guidelines for picking a good password in general . Unlike UNIX passwords in which (at least in many UNIXes) only the first eight characters are really used, ssh passphrases can be any length, and the longer the better.
- This should create ~/.ssh/id_rsa (the private key; keep it private and do not send it to anyone) and ~/.ssh/id_rsa.pub (the public key).
- add your keys to the ssh-agent’s memory via ’ssh-add’, followed by your passphrase
- In order to enable ssh agent forwarding, please make sure you have the following in your file /etc/ssh/ssh_config:
Host *
ForwardAgent yes
Windows – F-Secure SSH
- Bring up the F-secure client
- To generate a public/private key pair, go to Edit/Settings, then select from the resulting menu Global settings/User Keys. Click on “Generate new keypair”, and follow the instructions.
-
Click on “View public key”, and you will see text that begins with this:
—- BEGIN SSH2 PUBLIC KEY —- - This text should be copied to the target machine into a file in your .ssh directory, for example $HOME/.ssh/fsecure_public_key.
- Once we have installed the key, you should be able to connect through public key by selecting the File/Connect option in F-secure.
Windows – PuTTY
PuTTY is a free implementation of Telnet and SSH for Win32 and Unix platforms, along with an xterm terminal emulator.
- Obtain Putty from http://www.chiark.greenend.org.uk/~sgtatham/putty Instructions on how to download
putty.exe – the ssh client
puttygen.exe – key generation utility
pageant.exe – ssh authentication agent for putty
are all present at the above URL, along with documentation.
Other SSH clients have similar setup procedures. See http://www.openssh.org/windows.html for a list of freely available ssh clients for Windows.
MAC OSX
1. Open a new terminal session
2. type ‘ ssh-keygen -t dsa ‘
3. Expect to see the following, and enter a passphrase which is easy for you to remember but “hard to crack”. Long passphrases with letters, numbers, non alphanumerics are good.
[sharon@agassi]$ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/sharon/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/sharon/.ssh/id_dsa.
Your public key has been saved in /home/sharon/.ssh/id_dsa.pub.
The key fingerprint is: 7b:ab:75:32:9e:b6:6c:4b:29:dc:2a:2b:8c:2f:4e:37 sharon@agassi
Your keys are stored in the .ssh/ directory in your home directory. Lets have a look at your keys.
[sharon@agassi]$ cd ~/.ssh
[sharon@agassi]$ ls -l
-rw——- 1 sharon sharon 526 Aug 30 11:21 id_dsa
-rw-r–r– 1 sharon sharon 334 Aug 30 11:21 id_dsa.pub
4. The file id_dsa contains your version 2 private key. File sizes (526 and 334) in your directory probably won’t be the same as the example above. The file id_dsa.pub contains your version 2 public key. Please send the public key (id_dsa.pub) to us at account-support and we’ll install this for you on the CACR systems you have access to. If you have password access to a remote system, you can install the public key yourself (append id_dsa.pub to $HOME/.ssh/authorized_keys) and ssh into the remote system rather than using the login/password mechanism.
5. In order to enable ssh agent forwarding, please make sure you have the following in your file /etc/ssh_config:
Host *
ForwardAgent yes
6. To ssh into a cacr system where your public key is installed, you can do
ssh username@remotesystem.cacr.caltech.edu
Note that your username on the remote system may be different than on your local host, thus the need to specify the username on the ssh line. Provided you have your sshkeychain installed and the sshagent running, you shouldn’t have to type a passphrase when ssh’ing into a remote system.
4/23/10