Setting up SSH Keys

Our firewall policy allows SSH access using password authentication only from an IP address in our member university's network. To access Kay from the wider Internet, you need to  configure SSH key based authentication.

To configure and use SSH key based authentication, you need to perform two steps

  1. Generate SSH Keys: The SSH Keys are always generated in pair, one public key and one private key. You should generate these keys on the computer you are using to connect to Kay.
  2. Copy Public Key to Kay: Only the public key should be copied to Kay, don't copy the private key.

Note: The private key should never be shared with anyone. Not even with us.

Follow the instructions below based on the operating system of your computer.

Linux or macOS

On Linux or macOS, you should have the required utilities pre-installed.

Generate SSH Key Pair

In the terminal, use the following command:

 # Execute on your computer
 
 # Generate SSH Keys
 ssh-keygen -t rsa -b 4096

During the key generation process, you will be prompted for

  1. Location, to save the keys: Press ENTER to accept the default location
  2. Passphrase, to encrypt the private key: A Passphrase is similar to a password. Set it to something secure and memorable. It doesn't need to be your ICHEC account password, it can be anything.

Once the command finishes, the SSH public key and private key will be created in two different files. If you have chosen the default location, they will be

  1. ~/.ssh/id_rsa : The private key
  2. ~/.ssh/id_rsa.pub : The public key

Copy Public Key to Kay

In the terminal, use the following command:

 # Execute on your computer
 
 # Copy the public key to Kay
 # Note: <username> should be replaced with your user name
 ssh-copy-id <username>@kay.ichec.ie

You might be asked for your password during this step, so make sure you are using your institution's network for this step. If you are off-campus, please email your public SSH key to support@ichec.ie and we save this in your authorized_keys file on your behalf.

Note: The private key should never be shared with anyone. Not even with us.

Logging in using an SSH Key

Once you have the ssh key set up, you can login using:

ssh <username>@kay.ichec.ie -i ~/.ssh/id_rsa

Alternatively, you can add it to your SSH key agent:

 # Execute on your computer
 # Start the ssh-agent in the background.
 eval "$(ssh-agent -s)"
 # Add your SSH private key to the ssh-agent. If you created your key with a different name, or if you are adding an existing key that has a different name, replace id_rsa in the command with the name of your private key file.
 ssh-add ~/.ssh/id_rsa

Once you have set up the agent, simply SSH using:

ssh <username>@kay.ichec.ie

On Windows

On Windows, install PuTTY, if it is not already installed.

Generate SSH Key Pair

Start PuTTYgen, and follow the steps:

  1. Under Parameters, set
    1. Type of key to generate: RSA
    2. Number of bits in a generated key: 4096
  2. Under Actions, click Generate
  3. Move the mouse cursor randomly until the green bar at the top is filled. The mouse movement is used by PuTTYgen to randomize the key generation. Once PuTTYgen have enough mouse input, it will generate the key pair and will show you the public key in a text box.
  4. Under Key, type your choice of Key Passphrase (and repeat it in Confirm Passphrase). A Passphrase is similar to a password. Set it to something secure and memorable. It doesn't need to be your ICHEC account password, it can be anything.
  5. Under Action, click Save private key and save the private key to a file.
  6. From Key, Copy the public key shown in the text box to the clipboard. You will use it in the next step.

Copy Public Key to Kay

Login to Kay, and use the following commands:

 # Execute on Kay

 # Create directory
 mkdir ~/.ssh
 # Set correct directory permission
 chmod 700 ~/.ssh
 # Create file
 touch ~/.ssh/authorized_keys
 # Set correct file permission
 chmod 600 ~/.ssh/authorized_keys

Now, edit the ~/.ssh/authorized_keys file with the editor of your choice (e.g. vim, emacs etc.) and paste the public key you copied in the previous step.

To add the public key, you need to login using your password, so make sure you are using your institution's network for this step. If you are off-campus, please email your public SSH key to support@ichec.ie and we save this in your authorized_keys file on your behalf.

Note: The private key should never be shared with anyone. Not even with us.

Setup PuTTY to use the private key

Start PuTTY, and follow the steps:

  1. Under Connection > SSH > Auth
    1. Click Browse and choose the private key file you created earlier
  2. Under Session
    1. In Host Name (or IP address) text box, enter kay.ichec.ie
    2. In Saved Sessions text box, enter kay
    3. Click Save to save the session.
    4. Click Open to connect.

From next time, you can select kay, click Load and click Open to connect.

 

If you have any issues setting up the SSH key based authentication, contact the ICHEC Helpdesk.