Setting up SSH Keys

In order to gain access to Kay, you must first be a member of an active National Service Project or Condominium. You can request your own National Service Project or join an existing one, from the Project and User Management Application.

Remember, in order to connect to Kay via SSH:

  • You will need to login using your central ICHEC account username. You will be requested to authenticate using both your central ICHEC account password and SSH key-based authentication.
  • All users must initially configure an SSH key on each device they use to connect to Kay. Please note that the latter requires that you generate SSH public-private key pair on each local workstation (and not on Kay) for security reasons (e.g. ssh-keygen for Linux/Mac, MobaXterm for Windows; DO NOT store your private key on Kay). Check out our tutorial - Setting up SSH Keys - for more details.

Please read these instructions very carefully.

Getting Started - Generating your SSH Key

To configure and use SSH key based authentication, you need to perform two steps

  1. Generate SSH Keys: The SSH Keys are always generated in pair, one public key and one private key. You should generate these keys on the computer you are using to connect to Kay.
  2. Copy Public Key to Kay: Only the public key should be copied to Kay, don't copy the private key.

Note: The private key should never be shared with anyone. Not even with ICHEC.

Follow the instructions below based on the operating system of your computer.

 

Linux or macOS

On Linux or macOS, you should have the required utilities pre-installed.

Generate SSH Key Pair

Warning: You should only generate 1 key per device. Please skip this section if you have already set up and sent us your SSH public key previously. Continue to "Logging in using an SSH Key".

In the terminal, use the following command:

 # Execute on your computer

 # Generate SSH Keys
ssh-keygen -t ed25519

During the key generation process, you will be prompted for

  1. Location, to save the keys: Press ENTER to accept the default location
  2. Passphrase, to encrypt the private key: A Passphrase is similar to a password. Set it to something secure and memorable. It doesn't need to be your ICHEC account password, it can be anything.

Note: SSH keys are generated in pairs. A private key (id_ed25519) and a public key (id_ed25519.pub). The private key (id_ed25519) should be kept locally and should NOT be shared (not even with us). The public key (id_ed25519.pub) should be added to the remote server.

View and copy the public SSH key (id_ed25519.pub). Run the following command in the local terminal to view the public SSH key.

# View the Public SSH Key
cat ~/.ssh/id_ed25519.pub

Send Public Key to ICHEC Support

Please email your public SSH key to support@ichec.ie from your registered email address and we will save this in your ~/.ssh/authorized_keys file on your behalf. It's important to send us the full output of your key.

Note: The private key should never be shared with anyone. Not even with ICHEC.

Logging in using an SSH Key

Once you have the ssh key set up, you can login using:

ssh <username>@kay.ichec.ie -i ~/.ssh/id_ed25519

Alternatively, you can add it to your SSH key agent:

 # Execute on your computer
 # Start the ssh-agent in the background.
 eval "$(ssh-agent -s)"

 # Add your SSH private key to the ssh-agent. If you created your key with a different name, or if you are adding an existing key that has a different name, replace id_ed25519 in the command with the name of your private key file.
 ssh-add ~/.ssh/id_ed25519

Once you have set up the agent, simply SSH using:

ssh <username>@kay.ichec.ie

 

On Windows

On Windows, install MobaXterm, if it is not already installed. You can also use the portable version, if you don't have admin rights to install any software.

Generate SSH Key Pair

Warning: You should only generate 1 key per device. Please skip this section if you have already set up and sent us your SSH public key previously. Continue to "Logging in using an SSH Key".

Start MobaXterm, and follow the steps:

  • Click the “Start local terminal” button to start a new local terminal. This local terminal will support most of the Linux shell commands.
  • Create a new directory for saving the SSH keys. Run the following command in the local terminal.
mkdir -p "$USERPROFILE\.ssh"

Note: Paths in Windows use backslash as separator while Paths in Linux use forward slash as separator.

  • Generate the SSH keys. Run the following command in the local terminal.
ssh-keygen -t ed25519 -f "$USERPROFILE\.ssh\id_ed25519"

When prompted enter a memorable and strong passphrase to secure the SSH key. This passphrase is similar to a password and will be needed to use the generated SSH keys. It doesn't need to be your ICHEC account password, it can be anything.

Note: SSH keys are generated in pairs. A private key (id_ed25519) and a public key (id_ed25519.pub). The private key (id_ed25519) should be kept locally and should NOT be shared (not even with us). The public key (id_ed25519.pub) should be added to the remote server.

  • View and copy the public SSH key (id_ed25519.pub). Run the following command in the local terminal to view the public SSH key.
cat "$USERPROFILE\.ssh\id_ed25519.pub"

The following screencast summarizes the previous steps

Send Public Key to ICHEC Support

Please email your public SSH key to support@ichec.ie from your registered email address and we will save this in your ~/.ssh/authorized_keys file on your behalf. It's important to send us the full output of your key.

Note: The private key should never be shared with anyone. Not even with ICHEC.

Setup MobaXterm to use the private key

Create and setup a new MobaXterm session. A session in MobaXterm saves the SSH connection settings and creates a shortcut.

  • In the main window, click the “Session” button from the toolbar, and click the “SSH” button in the popup window. Enter the following details
“Basic SSH settings” Tab
Remote host: kay.ichec.ie
Check box for Specify username
Specify username: yourusername

“Advanced SSH settings” Tab
Check box for Use private key
Use private key: C:\Users\Your Username\.ssh\id_ed25519

You can use the file dialog box to search for the private key path. Click OK to save the session settings. Now the session is saved in the “User sessions” tab on the left. You can double click the session name to connect to Kay.

Note: Use your own ICHEC username instead of yourusername in the ssh command. Use your Windows username in the location dialog.

The following screencast summarizes the previous steps

 

If you have any issues setting up the SSH key based authentication, contact the ICHEC Helpdesk.