Skip to main content

Create a ssh key

Access to the INCD computing clusters is performed via SSH and requires the use of SSH keys for authentication. Authentication with passwords is not supported. Each SSH key pair has two components a public key that must be added to the hosts to be remotely accessed, and a private key that must remain in the user workstation or laptop machine. The private key must be protected with a password. The users must generate their own SSH key pair in a machine of their own (workstation, laptop, etc). To generate an SSH key pair follow these instructions.

Linux

  • Users must generate the SSH key pair in a computer of their own (desktop, notebook etc).
  • The passphrase is used to protect the private key, very IMPORTANT please choose a strong password with uppercase and lowercase characters, numbers and symbols.
$ ssh-keygen -b 4096 
Generating public/private rsa key pair.
Enter file in which to save the key (/home/username/.ssh/id_rsa): 
Created directory '/home/username/.ssh'.
Enter passphrase (empty for no passphrase):           ----> IMPORTANT: Choose a strong password 
Enter same passphrase again:                          ----> IMPORTANT: Choose a strong password
Your identification has been saved in /home/username/.ssh/id_rsa.
Your public key has been saved in /home/username/.ssh/id_rsa.pub.
  • ssh-keygen will create a pair of keys, private (id_rsa) and public (id_rsa.pub), these files are created in the user home directory usually under $HOME/.ssh
  • The file and directory protections of $HOME/.ssh should be as follows:
ls -la $HOME/.ssh/
total 8
drwx------ 3 username group 4096 Jan 11 18:12 .
-rw------- 1 username group 1743 Feb 19 10:52 id_rsa
-rw-r--r-- 1 username group  404 Feb 19 10:52 id_rsa.pub
  • Users must send to the INCD administrators only the public key id_rsa.pub
  • The private key must must be kept private and must NEVER be shared with other persons.

Microsoft Windows

  • For users accessing the INCD public machines we recommend the use of terminal emulators in Windows like MobaXterm.
    • MobaXterm works both as a terminal and X windows server, this allows to display in your desktop graphical X11 windows from the remote Linux host.
    • MobaXterm documentation is available here
    • Key pairs can be generated with ssh-keygen -b 4096 -t rsa
    • You can also create and manage your SSH keys using the embedded MobaKeyGen application (available in the "Tools" menu).

  • Windows users can also generate ssh-keys using Putty
    • Download and install Putty
    • Generate the key in your Windows machine see these examples:
    • IMPORTANT: notice that Putty does not work as X windows graphics server.

  • Users must send to the INCD administrators only the public key id_rsa.pub
  • The private key must must be kept private and must NEVER be shared with other persons.

General remarks

  • You can only login from the machine where you have the SSH private key
  • The SSH authentication credentials can be forwarded automatically across machines see Configuring SSH, but you need to start from the machine and user account where your private key is stored.
  • If the INCD helpdesk confirms that your public key was installed and still you cannot login please check the permissions of:
    • $HOME/.ssh
    • $HOME/.ssh/id_rsa
    • $HOME/.ssh/id_rsa.pub
  • Check that the SSH private key password is correct. You can do this by trying to load the private key into the SSH agent with:with the command: ssh-add