Topics Map > Research Computing Support > Linstat
Topics Map > Software > Linux
Configuring a Public/Private Key Pair to Log into Linstat
Public key authentication uses two files to prove who you are rather than a password: a public key on the server and a private key on your local computer. Once configured, you'll be asked for the password associated with the key rather than your SSCC password whenever you log into Linstat from that computer. Using a key pair takes some configuration, but does not send all your network traffic through an intermediary like VPN or Winstat. This makes it a good choice for Linstat users outside the United States who are concerned about the performance of their interactive sessions. (How you connect has no bearing on how quickly jobs run.)
Configuring a key pair requires a connection to Linstat. If you will be traveling we suggest configuring it before you leave the United States; otherwise you'll need to connect using VPN or Winstat once to set up the key pair.
No matter how you connect to Linstat, the process of creating a key pair is very much the same:
Generate a public/private key pair on your local computer
Add the key to .ssh/authorized_keys in your Linstat home directory
- Configure the client program to use key authentication rather than passwords
This article has instructions for SecureCRT , PuTTY , and Mac/Linux . (Recall that if you're connecting remotely and not using VPN you cannot use X-Win32. SecureCRT and PuTTY are good alternatives, though neither of them can display graphics without forwarding them to a separate program like X-Win32 or Xming .)
SecureCRT
In SecureCRT, click Tools , Create Public Key .
Set the Key type to DSA .
Enter a password for the key or, even better, a passphrase , along with a comment. The comment could be used to remind you of the password, but must not allow others to guess it.
Set the Key length in bits to 1024 .
Select the OpenSSH Key format, and then save the keys in a convenient location on your local hard drive (the default location is probably OK).
Click Yes when asked if you want to use this as your global public key.
Now that the key has been generated it, use Notepad, TextPad or your favorite text editor and open Identity.pub. (The .pub extension indicates that this is the public key, to be shared with the server, rather than the private key which remains on your computer.)
If you are currently on the SSCC network save the file as z:\.ssh\authorized_keys . The .ssh folder is hidden by default, so you'll need to type its name rather than clicking on it.
If not, copy the entire contents of the file, log in to Linstat, then open .ssh/authorized_keys using your preferred Linux text editor ( pico , emacs , vi , etc.).
Paste in the contents of the key, making sure it is all on one line, and save the file.
If you haven't already, log into Linstat. Then run the following command:
chmod g-w ~/.ssh/authorized_keys
(SSCC uses "user private groups" to make it easy to share files in project directories while keeping files in home directories private. Unfortunately the program that manages key pair connections doesn't understand user private groups and insists keys must not have group write permissions for security reasons.)
Next, open the session properties for your Linstat connection.
Under Category on the left, click Connection , SSH2 . Then select PublicKey in the Authentication section and click the up arrow until it is the top choice.
Click OK , and from now on when you log in to Linstat, you'll be prompted for your key passphrase rather than your SSCC password.
PuTTY
To create a public/private key pair in PuTTY, you need to run PuTTYgen. You can find it by searching or by clicking Start , All Programs , PuTTY , PuTTYgen .
Set the type to SSH-2 DSA and click Generate .
You will be asked to generate randomness by moving your mouse around. Once the generation finishes, enter a password for the key or, even better, a passphrase , along with a comment. The comment could be used to remind you of the password, but must not allow others to guess it. Save both the public key and the private key in a convenient location on your local hard drive by clicking Save public key and Save private key . Then copy everything contained in the box Public key for pasting into Open SSH authorized_keys file .
If you are on the SSCC network, open Notepad, TextPad, or your favorite text editor, paste in the key and save it as z:\.ssh\authorized_keys . The .ssh folder is hidden by default, so you'll need to type its name rather than clicking on it.
If you are not on the SSCC network, log in to Linstat, then open .ssh/authorized_keys using your preferred Linux text editor ( pico , emacs , vi , etc.), paste in the key, and save it. Either way, make sure the entire key is pasted onto one line.
If you haven't already, log into Linstat. Then run the following command:
chmod g-w ~/.ssh/authorized_keys
(SSCC uses "user private groups" to make it easy to share files in project directories while keeping files in home directories private. Unfortunately the program that manages key pair connections doesn't understand user private groups and insists keys must not have group write permissions for security reasons.)
Run PuTTY and load your previously saved Linstat profile.
Under Category on the left choose Connection , SSH , Auth . Then click Browse and find the private key you generated and saved.
Go back to Session to save the profile, then click Open . You'll be prompted for your key passphrase rather than your SSCC password.
Mac or Linux
On a Mac or Linux computer, open a terminal and run ssh-keygen . When it asks where to save the file press enter for the default location. Choose a password or, even better, a passphrase.
Then open the file id_dsa.pub using your favorite text editor and copy the contents. (The .pub extension indicates that this is the public key, to be shared with the server, rather than the private key which remains on your computer.)
Log in to Linstat, then open .ssh/authorized_keys using your preferred Linux text editor ( pico , emacs , vi , etc.), paste in the key, and save it. Make sure the entire key is pasted onto one line.
Next run the following command:
chmod g-w ~/.ssh/authorized_keys
(SSCC uses "user private groups" to make it easy to share files in project directories while keeping files in home directories private. Unfortunately the program that manages key pair connections doesn't understand user private groups and insists keys must not have group write permissions for security reasons.)
The next time you connect you'll be prompted for the key passphrase, not your SSCC password.