SSH Keys
What are SSH Keys?
SSH keys provide a secure way to authenticate yourself to an SSH server using public-key cryptography and challenge-response authentication. Unlike passwords, SSH keys help prevent brute-force attacks and do not expose valid credentials if the server is compromised. They are the preferred method for accessing the cluster because they enhance security and streamline actions that require authentication, such as logging in or transferring files.
SSH keys always come in a pair
a “private key” that exists on your local computer
a “public key” that can be transferred on to the cluster or any other system that uses keys
To learn more visit: https://wiki.archlinux.org/title/SSH_keys
Set up SSH Keys for Linux, MacOS and Windows Subsystem for Linux (WSL)
To generate a key, on your local command line enter the following
ssh-keygen -t rsa -b 4096
ssh-keygen will then prompt you to protect your private key with a passphrase. You may create one or leave it blank.
Generating public/private rsa key pair.
Enter file in which to save the key (/home/mobaxterm/.ssh/id_rsa):
Created directory '/home/mobaxterm/.ssh'.
Enter passphrase (empty for no passphrase):
.
.
.
Add the public key to the cluster (adjust path to id_rsa.pub if needed and enter your netid)
ssh-copy-id -i ~/.ssh/id_rsa.pub yournetidhere@hpc2.storrs.hpc.uconn.edu
If the ssh-copy-id
command fails. We have to manually copy the key onto the cluster:
On a local terminal, open the id_rsa.pub file with a text editor (nano, vim, cat).
Copy the content
On the cluster, create a new file called ~/.ssh/authorized_keys
Paste the contents of id_rsa.pub into the ~/.ssh/authorized_keys
You should now be able to access the cluster without password or duo prompts!
Set up SSH Keys for Putty/WinSCP
Obtaining and Starting PuTTYgen
PuTTYgen is included in the WinSCP installation package. You can also download it separately from the WinSCP download page.
PuTTYgen originates from PuTTY and is also part of the PuTTY installation package. It does not matter if you use PuTTYgen from WinSCP or the PuTTY installation package, they are identical.
To start PuTTYgen, go to Tools > PuTTYgen on Login dialog.
When you run PuTTYgen you will see a window where you have two main choices: Generate, to generate a new public/private key pair, or Load to load in an existing private key.
After loading or generating a key the following output will be displayed.
Optionally set a passphrase then save both the public and private keys.
Add the public key to the cluster (adjust path to id_rsa.pub if needed and enter your netid)
If the ssh-copy-id
command fails. We have to manually copy the key onto the cluster:
Open the key in puTTYgen
copy the key output in the top box
Paste the contents into the ~/.ssh/authorized_keys file
Adding SSH Key to Filezilla
“Edit” > “Settings” > “SFTP” > “Add key file…” and locate your id_rsa.pub public key.
For more details on file transfer and Filezilla: File Transfer - Storrs HPC - UConn Knowledge Base
Using Private Key for Passwordless Access on MobaXterm
Edit a saved User Session by right clicking and selecting “edit session” or create a new session.
In “Session Settings” > Advanced SSH settings”, select “Use private key”. Then locate the private key on your local machine. For MobaXterm, it will be under your AppData\Roaming\MobaXterm\home\.ssh
labeled “Private Key File”.
Click “OK” to save and you should be able to log on the cluster with that session without password or DUO prompt!
SSH Keys in WinSCP
WinSCP requires the private key to be in the format PuTTY (.ppk file). Fortunately, WinSCP includes a program called PuTTYgen and allows you to generate a key pair where the private key is in the .ppk format.
Next, generate a key pair and save the private key.
Edit or create a new session. Under Advanced>SSH>Authentication, check “Allow agent forwarding” and locate the private key file that you previously generated.
You should now be able to connect without the DUO prompt!