The purpose of this section is to help you set up SSH key authentication for CIRC systems. SSH key authentication offers an additional layer of security for your passwords and your connection.

In conventional password authentication, you prove who you are by using the correct password. If a server has been compromised or traffic intercepted, an attacker can learn your password. However, in public key authentication, you instead generate a key pair made up of a public key that everyone is allowed to know, and a private key which you keep secret. Your private key is able to generate signatures, and anyone with your public key can verify that this is a genuine signature.

Using SSH keys involves generating a pair on your own computer, and copying your public key to the server. When the server asks you to prove who you are, your SSH client generates a signature from your private key that the server can verify using your public key. If somehow this communication is compromised, the attacker does not gain your private key or your password, only one signature, which cannot be re-used.

Video Tutorial

The steps for Windows machines are for the popular PuTTY suite.

Prerequisites

In order to use these instructions, you will need the PuTTY client as well as PuTTYgen. They can both be downloaded from:

https://bluehound.circ.rochester.edu/CIRC/downloads

Generating SSH Keys

When you open PuTTYgen, you will see a window where you can choose to ‘Generate’ a new key pair. You will want to chose an RSA key, and 2048 bits. You can then click the ‘Generate’ button. You’ll have to move your mouse around in the blank area in the PuTTYgen window to generate randomness.

You should then enter a key passphrase to encrypt your key, so that your key is not an open entry to your account on the server. If you do not enter a passphrase, anyone who gains your key file can use it to log in to CIRC systems as you! Once you’ve entered your key, click the ‘Save private key’ button and save it someplace safe. You will also want to save your public key in a safe location.

Next, copy the text from the ‘Public key for pasting’ box.

Sending SSH Keys to the Server

You should now connect to the CIRC systems using PuTTY as you normally would. (If you need assistance with this, see the Getting Started Guide).

Once you are logged in, you should set your umask so that new files are created with appropriate permissions and then load up your favorite text editor and modify/create the file ~/.ssh/authorized_keys, e.g.:

    umask 177
    nano ~/.ssh/authorized_keys

At the bottom of this file, you can paste the line you copied previously.

To save the file, press Control + W on your keyboard, and press enter.

To quit nano, press Control + X.

Connecting to CIRC Systems

Now that your keys are put on the CIRC servers, you can now access systems as you normally would, but you will have to change one option in the PuTTY settings. In the Auth panel, add the location of your private key file to the ‘Private key file for authentication’ box. You should then re-save your session.

When you connect to CIRC’s systems in the future, you will be prompted for your SSH key passphrase instead of your NetID password.