The purpose of this section is to help you set up SSH key authentication for CIRC systems. SSH key authentication offers an additional layer of security for your passwords and your connection.

In conventional password authentication, you prove who you are by using the correct password. If a server has been compromised or traffic intercepted, an attacker can learn your password. However, in public key authentication, you instead generate a key pair made up of a public key that everyone is allowed to know, and a private key which you keep secret. Your private key is able to generate signatures, and anyone with your public key can verify that this is a genuine signature.

Using SSH keys involves generating a pair on your own computer, and copying your public key to the server. When the server asks you to prove who you are, your SSH client generates a signature from your private key that the server can verify using your public key. If somehow this communication is compromised, the attacker does not gain your private key or your password, only one signature, which cannot be re-used.

These instructions apply to Linux & UNIX systems that have SSH already installed, which most will.

Generating SSH Keys

The first step is to generate your personal SSH keys. Open a terminal and type the following command:

    ssh-keygen

You will then be prompted to choose a directory to save the file to. You can just press ‘Enter’ to accept the default (which will be /home/username/.ssh/id_rsa on Linux/UNIX systems).

Next, you will be prompted to create a passphrase for your SSH key. It is critical that you enter a passphrase here! If you do not, anyone who gains physical access to your system will be able to connect with your credentials to any system that you use this key with! Additionally, you should not use the same password as you use to connect to the CIRC, or to log on to your computer. Note: You will not see the characters as you type your password.

Once you’ve finished, your key will be generated, and you’ll be given both your fingerprint and randomart image, and your keys will be stored in the .ssh folder in your home directory. It is important that you back these files up and save them in a secure location!

Sending SSH Keys to the Server

The next step is to send your public SSH key to the server. This allows it to verify your identity and complete the authentication process.

With one command line we can easily send the keys to the server. At the terminal prompt, type:

    cat ~/.ssh/id_rsa.pub | ssh YourNetIDHere@bluehive.circ.rochester.edu append-to-authorized-keys

This command copies the contents of your public SSH key to the server, and also makes sure the permissions are correct on it.

Connecting to CIRC Systems

Now that your keys are on the CIRC servers, you can now access systems as you normally would, e.g.:

    ssh YourNetIDHere@bluehive.circ.rochester.edu

However, note that you are now prompted for your SSH key passphrase, instead of your NetID password!