SSH Key Instructions

How to generate an SSH key pair (Windows)

Authentication for all users is done using SSH keys rather than a traditional username and password. You will need to generate an SSH key pair for yourself. If you are using Windows you can use PuTTYgen for this. Download and run the Windows installer to get the full suite of PuTTY programs from here: http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html

Be sure to pick the installer from the latest release version at the top of the page.

  1. Start up the PuTTYgen program (Start Menu → All Programs → PuTTY → PuTTYgen)
  2. Click on the “Generate” button.
  3. Follow the instruction to move the mouse over the blank area of the program in order to create random data used by PuTTYgen to generate secure keys.
  4. Key generation will occur once PuTTYgen has collected sufficient random data.
  5. Enter your desired passphrase in the “Key passphrase” and “Confirm passphrase” fields.
  6. Click on the “Save private key” button. Enter your own username for the file name. This will save the key as a “.ppk” file. Be sure to save to a private location that is easy to find, such as your home directory or your desktop.
  7. Copy the entire text from the “Public key for pasting into OpenSSH authorized_keys file” into an email and send it to noc@heanet.ie with details of who you are and what site this relates to. We will then load this onto the server.

How to generate an SSH key pair (Mac)

  1. Open the Terminal application
  2. run the command ssh-keygen -t dsa -C “your_email@youremail.com”
  3. Enter a strong passphrase for the private key when prompted
  4. Send the Public Key generated (/Users/your_user_dir/.ssh/id_dsa.pub) to noc@heanet.ie with details of who you are and what site this relates to. We will then load this onto the server

Key Security

You should never email or share your private key with anyone else.

If your key has been shared or you feel it may have been compromised, contact the NOC immediately so we can disable the key. We will then require you to generate a new key.

Sharing Access

If you wish to grant access to a colleague or a third party (e.g. web development company or a contractor) then please contact the NOC and ask for a new account to be created – do not share your private key.

Loading your SSH key

  1. Double click on your private key file (this is the .ppk file saved in the generation step above).
  2. This will start Pageant (the PuTTY SSH Key agent) if not already started.
  3. If your key has already been loaded, nothing will happen. Otherwise, enter your passphrase when requested (this is the one you picked during the generation step above).
  4. Your SSH key will now be stored in the computer’s memory and you will not be prompted again for your passphrase until you either log out or turn off your computer.

Removing your SSH key

If you prefer not to have your key stored in memory:

  1. Double click on Pageant in the system tray.
  2. Select your key and click “Remove Key”.

Connecting with WinSCP

Download the latest version of WinSCP from here: http://winscp.net/eng/download.php

  1. Make sure you have loaded your SSH key as above.
  2. Open up WinSCP. Click on “Session” in the menu on the left.
  3. Enter the hostname and username as given to you by the NOC.
  4. Leave the password field blank.
  5. Save the session to avoid having to enter the same information each time.
  6. Click Save, give the session a meaningful name and click OK.
  7. Click Login, answer “Yes” to the question about accepting the server’s host key.

You should then have the standard two-pane view with your local computer files on the left and the remote directory on the right.

When you run WinSCP again in the future, it will display your saved sessions automatically. You can then select the session name and click Login.