Topics Map > Research Computing Support > Linstat
Topics Map > Software > Linux

Configuring a Public/Private Key Pair to Log into Linstat

Public key authentication uses two files to prove who you are rather than a password: a public key on the server and a private key on your local computer. Once configured, you'll be asked for the password associated with the key rather than your SSCC password whenever you log into Linstat from that computer. Using a key pair takes some configuration, but does not send all your network traffic through an intermediary like VPN or Winstat. This makes it a good choice for Linstat users outside the United States who are concerned about the performance of their interactive sessions. (How you connect has no bearing on how quickly jobs run.)

Configuring a key pair requires a connection to Linstat. If you will be traveling we suggest configuring it before you leave the United States; otherwise you'll need to connect using VPN or Winstat once to set up the key pair.

No matter how you connect to Linstat, the process of creating a key pair is very much the same:

  1. Generate a public/private key pair on your local computer

  2. Add the key to  .ssh/authorized_keys  in your Linstat home directory

  3. Configure the client program to use key authentication rather than passwords

This article has instructions for  SecureCRT  ,  PuTTY  , and  Mac/Linux  . (Recall that if you're connecting remotely and not using VPN you cannot use X-Win32.  SecureCRT  and  PuTTY  are good alternatives, though neither of them can display graphics without forwarding them to a separate program like X-Win32 or  Xming  .)

SecureCRT

In SecureCRT, click  Tools  ,  Create Public Key  .

Key Generation Wizard

Set the  Key type  to  DSA  .

Set Key type to DSA

Enter a password for the key or, even better, a  passphrase  , along with a comment. The comment could be used to remind you of the password, but must not allow others to guess it.

Choose a passphrase and comment

Set the  Key length in bits  to  1024  .

Set key length to 1024

Select the  OpenSSH Key  format, and then save the keys in a convenient location on your local hard drive (the default location is probably OK).

Choose the key format and location to save it

Click  Yes  when asked if you want to use this as your global public key.

Now that the key has been generated it, use Notepad, TextPad or your favorite text editor and open  Identity.pub.  (The  .pub  extension indicates that this is the  public  key, to be shared with the server, rather than the  private  key which remains on your computer.)

Open the key in a text editor and copy the contents

If you are currently on the SSCC network save the file as  z:\.ssh\authorized_keys  . The  .ssh  folder is hidden by default, so you'll need to type its name rather than clicking on it.

If not, copy the entire contents of the file, log in to Linstat, then open  .ssh/authorized_keys  using your preferred Linux text editor (  pico  ,  emacs  ,  vi  , etc.).

Log into Linstat and edit your authorized key file

Paste in the contents of the key, making sure it is all on one line, and save the file.

Paste in the key contents

If you haven't already, log into Linstat. Then run the following command:

chmod g-w ~/.ssh/authorized_keys

(SSCC uses "user private groups" to make it easy to share files in project directories while keeping files in home directories private. Unfortunately the program that manages key pair connections doesn't understand user private groups and insists keys must not have group write permissions for security reasons.)

Next, open the session properties for your Linstat connection.

Open properties for your Linstat session

Under  Category  on the left, click  Connection  ,  SSH2  . Then select  PublicKey  in the  Authentication  section and click the up arrow until it is the top choice.

Make PublicKey the top Auth method

Click  OK  , and from now on when you log in to Linstat, you'll be prompted for your key passphrase rather than your SSCC password.

PuTTY

To create a public/private key pair in PuTTY, you need to run PuTTYgen. You can find it by searching or by clicking  Start  ,  All Programs  ,  PuTTY  ,  PuTTYgen  .

Set the type to  SSH-2 DSA  and click  Generate  .

Generate a key

You will be asked to generate randomness by moving your mouse around. Once the generation finishes, enter a password for the key or, even better, a  passphrase  , along with a comment. The comment could be used to remind you of the password, but must not allow others to guess it. Save both the public key and the private key in a convenient location on your local hard drive by clicking  Save public key  and  Save private key  . Then copy everything contained in the box  Public key for pasting into Open SSH authorized_keys file  .

Set a passphrase and then save. Copy the key itself.

If you are on the SSCC network, open Notepad, TextPad, or your favorite text editor, paste in the key and save it as  z:\.ssh\authorized_keys  . The  .ssh  folder is hidden by default, so you'll need to type its name rather than clicking on it.

If you are not on the SSCC network, log in to Linstat, then open  .ssh/authorized_keys  using your preferred Linux text editor (  pico  ,  emacs  ,  vi  , etc.), paste in the key, and save it. Either way, make sure the entire key is pasted onto one line.

Edit .ssh/authorized_keys

If you haven't already, log into Linstat. Then run the following command:

chmod g-w ~/.ssh/authorized_keys

(SSCC uses "user private groups" to make it easy to share files in project directories while keeping files in home directories private. Unfortunately the program that manages key pair connections doesn't understand user private groups and insists keys must not have group write permissions for security reasons.)

Run PuTTY and load your previously saved Linstat profile.

Open your Linstat profile

Under  Category  on the left choose  Connection  ,  SSH  ,  Auth  . Then click  Browse  and find the private key you generated and saved.

Set Auth to the private key you generated

Go back to  Session  to save the profile, then click  Open  . You'll be prompted for your key passphrase rather than your SSCC password.

Mac or Linux

On a Mac or Linux computer, open a terminal and run  ssh-keygen  . When it asks where to save the file press enter for the default location. Choose a password or, even better, a  passphrase. 

Then open the file  id_dsa.pub  using your favorite text editor and copy the contents. (The  .pub  extension indicates that this is the  public  key, to be shared with the server, rather than the  private  key which remains on your computer.)

Log in to Linstat, then open  .ssh/authorized_keys  using your preferred Linux text editor (  pico  ,  emacs  ,  vi  , etc.), paste in the key, and save it. Make sure the entire key is pasted onto one line.

Next run the following command:

chmod g-w ~/.ssh/authorized_keys

(SSCC uses "user private groups" to make it easy to share files in project directories while keeping files in home directories private. Unfortunately the program that manages key pair connections doesn't understand user private groups and insists keys must not have group write permissions for security reasons.)

The next time you connect you'll be prompted for the key passphrase, not your SSCC password.



Keywords:public private key linstat login   Doc ID:102671
Owner:Dan B.Group:Social Science Computing Cooperative
Created:2020-05-31 10:21 CDTUpdated:2020-11-03 14:08 CDT
Sites:Social Science Computing Cooperative
CleanURL:https://kb.wisc.edu/sscc/configuring-a-public-private-key-pair-to-log-into-linstat
Feedback:  0   0