SSH Key Management

An SSH key with a passphrase provides additional security and can act as an additional authentication factor. Adding a passphrase to your SSH keys is recommended to comply with the Remote Access Services Requirement of the Minimum Security Standard for Networked Devices (MSSND)

See instructions for setting up SSH key authentication for Windows, Mac, and Linux below. 

Generate an SSH Key

Generate an SSH Key

SSH Key generation is now almost identical on Windows, Mac, and Linux platforms. The only difference is the location of the user's home directory and ssh key storage directory/folder.

Some notes before you begin:

  1. If you are creating more than one key, use a descriptive name (for example, if you create a key for each server you connect to, name the key after that server) and note the name for later. If not, use the default keyname.
  2. Though the key generation prompt says that you can use an empty passphrase, passphrases that meet campus passphrase requirements must be used.
  3. The path for saving the key, by default, is a sub-directory under your home directory/folder called .ssh.
    1. On Windows this is typically C:\Users\<USERNAME>/.ssh
    2. On Mac this is typically /Users/<USERNAME>/.ssh
    3. On Linux this is typically /home/<USERNAME>/.ssh

Steps:

  1. Go to the Start Menu and open a Command Prompt or Powershell window 
    1. On Mac this would Applications > Utilities > Terminal
    2. On Linux this would be Activities > Terminal
  2. Type in the command ssh-keygen -t ed25519

Running ssh-keygen will produce the following messages and prompts (Windows is shown below):

> ssh-keygen -t ed25519

Generating public/private ed25519 key pair.

Enter file in which to save the key (C:\Users\<USER>/.ssh/id_ed25519): 
Created directory 'C:\Users\<USER>/.ssh'.

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in [key_name].
Your public key has been saved in [key_name].pub.
The key fingerprint is:

SHA256:GKW7yzA1J1qkr1Cr9MhUwAbHbF2NrIPEgZXeOUOz3Us [username]@[yourcomputer].local
(your key fingerprint will be different from this example)

The key's randomart image is (your key's randomart image will be different from this example):

+--[ED25519 3072]--+
|    oo. ..=.++    |
|    o o + o.o.    |
|     . + = o ...    |
|   . = o + o . .   |
|  + + o S . . o.  |
|   + o + * .. +   |
|.    = B o   .  +. |
|.   . = =   .   . E |
|        o.o..        |
+-----[SHA256]-----+

Using an SSH Key on Windows

Upload the SSH Key

  1. Run a PowerShell one-line command to copy the key to the host:

    1. type $env:USERPROFILE\.ssh\[key_name].pub | ssh [username]@[server] "cat >> .ssh/authorized_keys"

  2. Manually copy the key to the authorized_keys file.

    1. Highlight the entire public key from the terminal window and copy the text.

    2. SSH into the server with your existing credentials. 

    3. Use your preferred text editor to create and/or open the authorized_keys file at  ~/.ssh/authorized_keys

    4. Paste the public key into the authorized_keys file. 

    5. Save the file and close the text editor. 

  3. Save the private key passphrase to LastPass

Open an SSH session with the SSH key 

  1. Open a PowerShell or Command Prompt window.
  2. If only one key has been made, connect using ssh [username]@[server]
  3. If multiple keys have been made, connect using ssh -i ~/.ssh/[key_name] [username]@[server]

Using an SSH Key on MacOS

Upload the SSH Key

  1. Open a terminal window by going to Applications > Utilities > Terminal.
  2. You can copy the key to the clipboard by running pbcopy < ~/.ssh/[key_name].pub  or  pbcopy < ~/.ssh/id_ed25519.pub if the default was used. 
  3. SSH into the server with your existing credentials.  
  4. Use your preferred text editor to create and/or open the authorized_keys file at  ~/.ssh/authorized_keys 
  5. Paste the public key into the authorized_keys file. 
  6. Save the file and close the text editor. 
  7. Save the private key passphrase to LastPass

Open an SSH session with the SSH key 

If only one key has been made, connect with ssh [username]@[server] 

If multiple keys have been made, connect with ssh -i ~/.ssh/[key_name] [username]@[server]

Using an SSH Key on Linux

Upload the SSH Key

  1. Open a terminal window by going to Activities > Terminal.
  2. Copy the public key to the server using either of the following:
    1. Run the command ssh-copy-id -i ~/.ssh/[key name].pub [username]@[server]  or  ssh-copy-id -i ~/.ssh/id_ed25519.pub [username]@[server] if the default was used.
    2. Manually copy the key to the authorized_keys file.
      1. Highlight the entire public key from the terminal window and copy the text.
      2. SSH into the server with your existing credentials. 
      3. Use your preferred text editor to create and/or open the authorized_keys file at  ~/.ssh/authorized_keys 
      4. Paste the public key into the authorized_keys file.
      5. Save the file and close the text editor. 
  3. Save the private key passphrase to LastPass

Open an SSH session with the SSH key 

If only one key has been made connect with ssh [username]@[server] 

If multiple keys have been made connect with ssh -i ~/.ssh/[key name] [username]@[server]

Current as of 2/9/2024