How do I set up a SSH key to connect to Technology Solutions managed servers?

Tags password

Table of Contents

Overview

For convenient and secure access to Technology Solutions managed servers, we support using SSH key pairs to access services. An SSH public/private key pair acts like a lock and key both customized for your access. When you register an SSH public key it will be uploaded to all Technology Solutions managed servers on which you have an account, within an hour. You will then be able to use your private key to access the server. The same public/private key pair is used for all legacy systems, though you can upload multiple public keys if you like. A legacy system is a Linux server running an unsupported OS, such as Centos/Red Hat versions below 8.x.

We encourage the use of SSH keys for a few reasons: First, it prevents password guessing attacks on servers that are configured to not accept any passwords. Second, it prevents a potential attacker from stealing a password that may be used for other university resources. Having no password means there is no password to steal. Finally, SSH keys are convenient, especially if you wish to set up programs that interact with your virtual machines such as to run commands and upload and download files.

Whatever SSH program you use, it should provide a way to generate an SSH public/private key pair. Below we provide instructions on how to do it with a few popular SSH programs. Once you've generated you keys, upload your public key, do NOT upload your private key. You must keep your private key secure, you may also wish to encrypt it for added security.

SecureCRT and SecureFX for Windows

SecureCRT and SecureFX are commercial Windows SSH and SFTP programs provided free of charge to UIC users through the Webstore.

1. To configure your SSH keys in either SecureCRT or SecureFX, open the Quick Connect window.

2. Under Authentication select PublicKey, then click the Properties button.


where to find public keys and properties
 

3. In the Public Key Properties window, click Create Identify File... button.

4. This will open the Key Generation Wizard. Select Key type of RSA and click Next.

5. You may then add a passphrase to protect your key, then click Next.


where to enter and confirm passphrase
 

6. Select a Key length of 2048 then click Next again. Wait for key generation to complete.


where to set key length
 

7. Save your new key using OpenSSH Key format. On newer versions of SecureCRT select OpenSSH Key format (legacy). Take note of the filename of your new key as well as the public key filename.

8. Newer versions of SecureCRT create the .pub file incorrectly so that you can't add it to SecureCRT. You will need to edit the .pub file with Notepad and replace YIKES! with RSA in two places.


where to select openSSH Key format

Use the SSH Keys form to upload your new public key. This is the file of type "PUB" and with the file extension ".pub". It may take up to an hour for your new public key to be active on your virtual servers. After an hour, you should be able to connect with your new private key.

Upload SSH Key

1. Use the SSH Keys form to upload your new public key.


choose file buton for new public key
 

Using Terminal for Mac OS X or Linux

OpenSSH is the most popular SSH command line tool set. If you have Mac OS X, Linux, or any UNIX variant, then you already have the OpenSSH command line tools installed.

Generating and Using SSH Keys

To create a new SSH key pair, run the following command in a terminal:

ssh-keygen -t dsa

You will be prompted for a location to save the key. This file is your private key.
The default path is:

~/.ssh/id_dsa

This default is recommended, as SSH will use it automatically when connecting to your virtual server.
If you already have an existing key pair and want to generate another, choose a different filename when prompted.

Passphrase

ssh-keygen will then ask for a passphrase used to encrypt your private key.
If you press Enter without entering a passphrase, the private key will not be encrypted.

Public Key Location

Your public key uses the same base filename as your private key, with .pub added.
Example (default):

id_dsa.pub

Uploading Your Public Key

Use the SSH Keys upload form to submit your public key file.

Your .ssh directory locations:

  • macOS: /Users/YourUserName/.ssh
  • Linux and Unix: /home/YourUserName/.ssh

Note:

  • The .ssh folder is hidden and may not appear in file dialogs.
  • You can manually type .ssh into the path field to access it.
  • Upload only the .pub file. Do not upload your private key.

After uploading, your public key should appear in the list.
It may take up to one hour for the key to propagate to all virtual servers.

Connecting With Your SSH Key

To connect to a server, run:

ssh user@server

If you saved your private key in a non-default location, specify it using the -i option:

ssh -i /path/to/private_key user@server

If your key has a passphrase, you will be prompted for it.
The server should not ask for a password. If it does, something is incorrect. Do not enter a password.

The first time you connect, you will be asked to verify the server fingerprint.
Future connections will validate the fingerprint automatically.

Using Fetch for Mac OS X

Fetch is a popular SFTP client for Mac OS X.

1. Select File then New Connection.

Mac Fetch File location
 

2. Enter the server's hostname and your username for that server.


mac fields for server hostname and username
 

3. Be sure to select SFTP from the Connection Type drop-down menu.


mac selector for connect with SFTP
 

4. In the password field, enter a sample password, just type anything (but don’t leave it blank), and then Connect.

100% helpful - 1 review
Print Article