Centre for Intelligent Machines

User Tools

Site Tools

Trace:
access:sshkeys

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
access:sshkeys [2025/03/10 10:54] olivieraccess:sshkeys [2025/03/10 11:17] (current) – [Using keys] olivier
Line 17: Line 17:
  
 ==== OpenSSH ==== ==== OpenSSH ====
-When prompted for a file, the default of $HOME/.ssh/id_rsa should be fine. **Make sure to enter a passphrase**, the security of your generated key depends on it. Once the key has been generated, you will have two files. The private key will be stored in the file name you entered above, the public key will have the same name, with ".pub" appended to it. So the default file name for the public key will be {{File|$HOME/.ssh/id_rsa.pub}}. The contents of the ".pub" file is what you will need to send to the CIM systems staff so they can grant your key access to resources. The simplest way is probably to output the file, copy it and paste it into an email. If you are setting up SSH key based authentication on your own, append the contents of {{File|$HOME/.ssh/id_rsa.pub}} to {{File|$HOME/.ssh/authorized_keys}} (create it if it does not exist) on the computer you will be connecting to. +When prompted for a file, the default of $HOME/.ssh/id_rsa should be fine. **Make sure to enter a passphrase**, the security of your generated key depends on it. Once the key has been generated, you will have two files. The private key will be stored in the file name you entered above, the public key will have the same name, with ".pub" appended to it. So the default file name for the public key will be $HOME/.ssh/id_rsa.pub. The contents of the ".pub" file is what you will need to send to the CIM systems staff so they can grant your key access to resources. The simplest way is probably to output the file, copy it and paste it into an email. If you are setting up SSH key based authentication on your own, append the contents of $HOME/.ssh/id_rsa.pub to $HOME/.ssh/authorized_keys (create it if it does not exist) on the computer you will be connecting to. 
-{{Shell|Outputting the public key in OpenSSH format| + 
- <nowiki+<code
-cat $HOME/.ssh/id_rsa.pub</nowiki> +cat $HOME/.ssh/id_rsa.pub 
-}}+</code>
  
 ==== Commercial SSH ==== ==== Commercial SSH ====
 In some cases, the CIM systems staff may need your ssh key in commercial SSH format. In these cases, you can use the following command to output the key in the appropriate format, when it prompts you for a file, enter the filename you specified when generating the key. In some cases, the CIM systems staff may need your ssh key in commercial SSH format. In these cases, you can use the following command to output the key in the appropriate format, when it prompts you for a file, enter the filename you specified when generating the key.
-{{Shell|Outputting the public key in Commercial SSH format| + 
- <nowiki+<code
-ssh-keygen -e</nowiki> +ssh-keygen -e 
-}}+</code>
  
 == Using Keys == == Using Keys ==
 If you used the default location for your key, OpenSSH should find the key and prompt you for the passphrase automatically. If you chose a different location, you can specify the file with the -i switch. If you used the default location for your key, OpenSSH should find the key and prompt you for the passphrase automatically. If you chose a different location, you can specify the file with the -i switch.
-{{Shell|Specifying a key to use| 
- <nowiki> 
-ssh -i ~/.ssh/id_rsa barn.cim.mcgill.ca</nowiki> 
-}} 
  
-=== Using ssh-agent ===+<code> 
 +ssh -i ~/.ssh/id_rsa barn.cim.mcgill.ca 
 +</code> 
 + 
 +==== Using ssh-agent ====
 The ssh-agent program included with OpenSSH can store your SSH key in memory so you can log in with key-based authentication without needing to type your passphrase. If you are running Gnome or KDE, there should already be a ssh-agent running in your session, and all you need to do is add your key with ssh-add. The ssh-agent program included with OpenSSH can store your SSH key in memory so you can log in with key-based authentication without needing to type your passphrase. If you are running Gnome or KDE, there should already be a ssh-agent running in your session, and all you need to do is add your key with ssh-add.
-{{Shell|Adding your key to the ssh-agent| + 
- <nowiki+<code
-ssh-add</nowiki> +ssh-add 
-}}+</code>
  
 If you used a nonstandard filename for your key, you can specify the name on the command line. If you used a nonstandard filename for your key, you can specify the name on the command line.
-{{Shell|Adding your key to the ssh-agent specifying the file name| + 
- <nowiki+<code
-ssh-add ~/.ssh/id_rsa</nowiki> +ssh-add ~/.ssh/id_rsa 
-}}+</code>
  
 You can also specify multiple keys on the command line. You can also specify multiple keys on the command line.
  
 If you are running a desktop that does not start an agent for you, you can start it manually simply by typing the command ssh-agent. If you are running a desktop that does not start an agent for you, you can start it manually simply by typing the command ssh-agent.
-{{Shell|Starting a SSH agent| + 
- <nowiki+<code
-ssh-agent</nowiki> +ssh-agent 
-}}+</code>
  
 You will get output that looks something like this: You will get output that looks something like this:
  
-= Windows = +===== Windows ====
-Under Windows, CIM recommends using [http://www.chiark.greenend.org.uk/~sgtatham/putty/ PuTTY] for SSH. PuTTY is a free, open-source SSH client for Windows and Unix that is under active development. Please see the [[SSH]] page for more information.+Under Windows, CIM recommends using [http://www.chiark.greenend.org.uk/~sgtatham/putty/|PuTTY] for SSH. PuTTY is a free, open-source SSH client for Windows and Unix that is under active development. 
 + 
 +==== Generating Keys ==== 
 +To generate a SSH key with PuTTY, you will need PuTTYgen, which can be downloaded separately from the PuTTY download page, or can be downloaded as part of the PuTTY install package. If you use the installer, PuTTYgen will be located on the start menu under **Start->All Programs->PuTTY->PuTTYgen**. 
 + 
 +Once you have obtained PuTTYgen, start it, in the lower right there you will see a text box for **Number of bits in generated key**, change this to 4096. 
 + 
 +{{ :access:keygen-puttygen-start.png?direct&400 |}} 
 + 
 +Click **Generate**, you will be asked to move your mouse around in the blank area to generate randomness. This uses mouse movement to ensure that completely random numbers are used to generate the key.
  
-== Generating Keys == +{{ :access:keygen-puttygen-generate.png?direct&400 |}}
-To generate a SSH key with PuTTY, you will need PuTTYgen, which can be downloaded separately from the PuTTY download page, or can be downloaded as part of the PuTTY install package. If you use the installer, PuTTYgen will be located on the start menu under {{GUI|Start->All Programs->PuTTY->PuTTYgen}}.+
  
-Once you have obtained PuTTYgenstart it, in the lower right there you will see a text box for {{GUI|Number of bits in generated key}}, change this to 4096. +Once the key is generatedselect the text in the area marked **Public key for pasting into OpenSSH authorized_keys file:** and copy it to the clipboardThis is the information that the CIM systems staff will need to grant your key access to resourcesYou can paste it into an email to the CIM Systems Staff immediately if you wishIf you are configuring key-based authentication yourself, place the public key in **$HOME/.ssh/authorized_keys** on the computer you will be connecting to. If this file already exists, you can append the public key to it.
-{| +
-| http://docs.cim.mcgill.ca/images/keygen/keygen-puttygen-start.png +
-<small><center>Make sure to change the number of bits for the generated key to 4096.</center></small> +
-|}+
  
-Click {{GUI|Generate}}, you will be asked to move your mouse around in the blank area to generate randomness. This uses mouse movement to ensure that completely random numbers are used to generate the key. +{{ :access:keygen-puttygen-key.png?direct&400 |}}
-{| +
-| http://docs.cim.mcgill.ca/images/keygen/keygen-puttygen-generate.png +
-<small><center>Move the mouse around to generate random numbers.</center></small> +
-|}+
  
-Once the key is generated, select the text in the area marked {{GUI|Public key for pasting into OpenSSH authorized_keys file:}} and copy it to the clipboard. This is the information that the CIM systems staff will need to grant your key access to resourcesYou can paste it into an email to the CIM Systems Staff immediately if you wishIf you are configuring key-based authentication yourselfplace the public key in {{File|$HOME/.ssh/authorized_keys}} on the computer you will be connecting to. If this file already existsyou can append the public key to it. +You will need to save your key, but first you should set a passphraseTo set the passphrase type it into the **Key passphrase** and **Confirm passphrase** text boxesWhen selecting your passphraseplease select a secure phrasePreferably at least 12 characters with numbers, capital letterssmall letters and punctuation.
-{| +
-| http://docs.cim.mcgill.ca/images/keygen/keygen-puttygen-key.png +
-<small><center>Copy the OpenSSH authorized_keys version of your key to send to the CIM systems staff</center></small> +
-|}+
  
-You will need to save your key, but first you should set a passphrase. To set the passphrase type it into the {{GUI|Key passphrase}} and {{GUI|Confirm passphrase}} text boxes. When selecting your passphrase, please select a secure phrase. Preferably at least 12 characters with numbers, capital letters, small letters and punctuation. +{{ :access:keygen-puttygen-passphrase.png?direct&400 |}}
-{| +
-| http://docs.cim.mcgill.ca/images/keygen/keygen-puttygen-passphrase.png +
-<small><center>Be absolutely sure to set a passphrase for you key, this is vital to the key's security.</center></small> +
-|}+
  
-Once you have set a passphrase, you will need to save the key, you can click {{GUI|Save private key}} to save the private key. Please select a safe location to save the key, and keep a backup so you do not loose it. Also try to make sure that the key is secure. The private is the key you will need to access resources.+Once you have set a passphrase, you will need to save the key, you can click **Save private key** to save the private key. Please select a safe location to save the key, and keep a backup so you do not loose it. Also try to make sure that the key is secure. The private is the key you will need to access resources.
  
 Once you have saved your private key, you can optionally save your public key, this is useful to have in case you wish to access more than one resource with the same key. Once you have saved your private key, you can optionally save your public key, this is useful to have in case you wish to access more than one resource with the same key.
  
-== Using keys == +==== Using keys ==== 
-To use the key, you will need to use Pageant, this is available on the PuTTY download page, and is included in the PuTTY install package. After installing the PuTTY install package, Pageant will be available at {{GUI|Start->All Programs->PuTTY->Pageant}}. When you start Pageant, you should see a new icon in your system tray, right click on this icon and select {{GUI|Add key}}. Select the private key file you saved earlier and enter the passphrase when you are prompted.+To use the key, you will need to use Pageant, this is available on the PuTTY download page, and is included in the PuTTY install package. After installing the PuTTY install package, Pageant will be available at **Start->All Programs->PuTTY->Pageant**. When you start Pageant, you should see a new icon in your system tray, right click on this icon and select **Add key**. Select the private key file you saved earlier and enter the passphrase when you are prompted.
  
-{+{{ :access:keygen-pageant-add-key.png?direct&400 |}}
-| http://docs.cim.mcgill.ca/images/keygen/keygen-pageant-add-key.png +
-<small><center>You will need to add the private key to the Pageant to use it.</center></small> +
-|}+
  
-Once you have added the private key to the Pageant, use PuTTY to connect to the resource you need to access as usual (see the [[SSH]] page for more information). You will not be prompted for a password when you connect. Pageant keys will also work with [http://winscp.sf.net/ WinSCP].+Once you have added the private key to the Pageant, use PuTTY to connect to the resource you need to access as usual. You will not be prompted for a password when you connect. Pageant keys will also work with [[http://winscp.sf.net/|WinSCP]].
  
access/sshkeys.1741618496.txt.gz · Last modified: 2025/03/10 10:54 by olivier
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki