Configuring a Public/Private Key Pair to Log into Linstat

Public key authentication uses two files to prove who you are rather than a password: a public key on the server and a private key on your local computer. Once configured, you'll be asked for the password associated with the key rather than your SSCC password whenever you log into Linstat from that computer. Using a key pair takes some configuration, but does not send all your network traffic through an intermediary like VPN or Winstat. This makes it a good choice for Linstat users outside the United States who are concerned about the performance of their interactive sessions. (How you connect has no bearing on how quickly jobs run.)

Configuring a key pair requires a connection to Linstat. If you will be traveling we suggest configuring it before you leave the United States; otherwise you'll need to connect using VPN or Winstat once to set up the key pair.

No matter how you connect to Linstat, the process of creating a key pair is very much the same:

  1. Generate a public/private key pair on your local computer

  2. Add the key to .ssh/authorized_keys in your Linstat home directory

  3. Configure the client program to use key authentication rather than passwords

This article has instructions for SecureCRT, PuTTY, and Mac/Linux. (Recall that if you're connecting remotely and not using VPN you cannot use X-Win32. SecureCRT and PuTTY are good alternatives, though neither of them can display graphics without forwarding them to a separate program like X-Win32 or Xming.)

SecureCRT

In SecureCRT, click Tools, Create Public Key.

Key Generation Wizard

Set the Key type to DSA.

Set Key type to DSA

Enter a password for the key or, even better, a passphrase, along with a comment. The comment could be used to remind you of the password, but must not allow others to guess it.

Choose a passphrase and comment

Set the Key length in bits to 1024.

Set key length to 1024

Select the OpenSSH Key format, and then save the keys in a convenient location on your local hard drive (the default location is probably OK).

Choose the key format and location to save it

Click Yes when asked if you want to use this as your global public key.

Now that the key has been generated it, use Notepad, TextPad or your favorite text editor and open Identity.pub. (The .pub extension indicates that this is the public key, to be shared with the server, rather than the private key which remains on your computer.)

Open the key in a text editor and copy the contents

If you are currently on the SSCC network save the file as z:\.ssh\authorized_keys. The .ssh folder is hidden by default, so you'll need to type its name rather than clicking on it.

If not, copy the entire contents of the file, log in to Linstat, then open .ssh/authorized_keys using your preferred Linux text editor (pico, emacs, vi, etc.).

Log into Linstat and edit your authorized key file

Paste in the contents of the key, making sure it is all on one line, and save the file.

Paste in the key contents

If you haven't already, log into Linstat. Then run the following command:

chmod g-w ~/.ssh/authorized_keys

(SSCC uses "user private groups" to make it easy to share files in project directories while keeping files in home directories private. Unfortunately the program that manages key pair connections doesn't understand user private groups and insists keys must not have group write permissions for security reasons.)

Next, open the session properties for your Linstat connection.

Open properties for your Linstat session

Under Category on the left, click Connection, SSH2. Then select PublicKey in the Authentication section and click the up arrow until it is the top choice.

Make PublicKey the top Auth method

Click OK, and from now on when you log in to Linstat, you'll be prompted for your key passphrase rather than your SSCC password.

PuTTY

To create a public/private key pair in PuTTY, you need to run PuTTYgen. You can find it by searching or by clicking Start, All Programs, PuTTY, PuTTYgen.

Set the type to SSH-2 DSA and click Generate.

Generate a key

You will be asked to generate randomness by moving your mouse around. Once the generation finishes, enter a password for the key or, even better, a passphrase, along with a comment. The comment could be used to remind you of the password, but must not allow others to guess it. Save both the public key and the private key in a convenient location on your local hard drive by clicking Save public key and Save private key. Then copy everything contained in the box Public key for pasting into Open SSH authorized_keys file.

Set a passphrase and then save. Copy the key itself.

If you are on the SSCC network, open Notepad, TextPad, or your favorite text editor, paste in the key and save it as z:\.ssh\authorized_keys. The .ssh folder is hidden by default, so you'll need to type its name rather than clicking on it.

If you are not on the SSCC network, log in to Linstat, then open .ssh/authorized_keys using your preferred Linux text editor (pico, emacs, vi, etc.), paste in the key, and save it. Either way, make sure the entire key is pasted onto one line.

Edit .ssh/authorized_keys

If you haven't already, log into Linstat. Then run the following command:

chmod g-w ~/.ssh/authorized_keys

(SSCC uses "user private groups" to make it easy to share files in project directories while keeping files in home directories private. Unfortunately the program that manages key pair connections doesn't understand user private groups and insists keys must not have group write permissions for security reasons.)

Run PuTTY and load your previously saved Linstat profile.

Open your Linstat profile

Under Category on the left choose Connection, SSH, Auth. Then click Browse and find the private key you generated and saved.

Set Auth to the private key you generated

Go back to Session to save the profile, then click Open. You'll be prompted for your key passphrase rather than your SSCC password.

Mac or Linux

On a Mac or Linux computer, open a terminal and run ssh-keygen. When it asks where to save the file press enter for the default location. Choose a password or, even better, a passphrase.

Then open the file id_dsa.pub using your favorite text editor and copy the contents. (The .pub extension indicates that this is the public key, to be shared with the server, rather than the private key which remains on your computer.)

Log in to Linstat, then open .ssh/authorized_keys using your preferred Linux text editor (pico, emacs, vi, etc.), paste in the key, and save it. Make sure the entire key is pasted onto one line.

Next run the following command:

chmod g-w ~/.ssh/authorized_keys

(SSCC uses "user private groups" to make it easy to share files in project directories while keeping files in home directories private. Unfortunately the program that manages key pair connections doesn't understand user private groups and insists keys must not have group write permissions for security reasons.)

The next time you connect you'll be prompted for the key passphrase, not your SSCC password.

Last Revised: 3/20/2017