SSH Keys | Zentrum für Datenverarbeitung

SSH Keys

SSH keys can be used to authenticate a SSH connection. Using a ssh key is considered more secure than password authentication.

Any ssh key is always a key pair of a private and a public key.

The public key ends with *.pub and may be shared with other computers. If the publick key is added to another computer, you can use your private key to authenticate yourself there.

Do not pass your private key to anyone.

LinuxPlease click button to expand or collapse content

To create a secure key with an encyption depth of 4096 bit (as of 2017), which provides information about the key holder use this command in your terminal:
ssh-keygen -b 4096".
To create a key which includes your name and e-mail address use this command:
ssh-keygen -b 4096 -C "name, first name, e-mail".
This allows an association between the key and you as a person

You will be asked where to save your key. It is recommended to use the default path. You may just press Enter.

Next, you will be asked for a password to encrypt your private key. Enter a password, press Enter and confirm your password. Press Enter again.

Your keys are stored inside your home folder inside a folder called .ssh. The names are id_rsa (private key) and id_rsa.pub (public key).

SSH key authentication will now be used by default, if your public key was deployed at the computer you want to log on to.

WindowsPlease click button to expand or collapse content

You need to install Putty. Putty is also available as a ZDV App. If you install Putty, Puttygen will be installed with it. This program is used to create SSH keys.

Create an SSH key

Open Puttygen.

Change the 'numbers of bits generated' to 4096 (written in 2017).

Click on Generate.

Move your mouse over the blank area. If you move your mouse, the progress bar will move forward.

Once the key is generated you can protect it with a password. Enter you password inside the key passphrase field and confirm it.

To create a key which includes your name and e-mail address enter your name, family name, e-mail separated by a , into the Key comment field. This allows an association between the key and you as a person.

Click Save public key to save your public key and Save private key to save your private key.
It's important to remember where you saved your keys.

Authenticate with SSH key

To authenticate with an SSH key, your public key must be added to the remote computer.
You need to add your SSH key to your connection. Navigate to
Connection/SSH/Auth in the left menu. Click on Browse and select your private key:

If you establish a connection, you will be asked for your private key password.

There is a downside to this method: every time you establish a connection, you will be asked for your private key password. To avoid entering your password each time you make a connection, you may use a software called Pageant. Pageant is part of the Putty installation.

Open Pageant. You will see a tray icon:

Doubleclick on this icon. A new window will open:

You need to add your private key here. Click on Add Key and choose your private key.
You will be asked for your private key password.

After you entered your password, your key should appear inside the window:

As long as Pageant is running, you do not need to add your private key to Putty. If you establish a connection, your SSH key will be used automatically.

If you close Pageant, all added keys will be deleted and will then need to be added manually each time you open Pageant again. However, there is a way to load your key whenever Pageant is started.
To do so, create a Pageant shortcut. Right click the shortcut and select properties.
You need to change the target line:

Add a space behind the existing line and then add "the path to your private key". It's important that you use the "" symbols.
If you start Pageant using this shortcut, your private key will be loaded automatically and you just have to enter your password once.