SSH login by public key authentication

For security enhancement, SSH login for the Linux server of the Zengaku Computer System from outside of the university is rejected except for public key authentication. If you do not have a public key in your home directory, SSH login can not be done from outside of the university.

In order to put keys in the home directory, log in from on-campus, such as a satellite room, or use Remote Desktop.

About Key Authentication

Public Key authentication allows to login for a user who has a private key only. Create a pair of public key and private key in advance, put a public key in the server and store a private key in the client (laptop, etc.).

Generating and Registering

Generating key pair (public key and private key)

Generate public key and private key using PuTTYgen. Refer the following page if you like.

Note: Public key should be generated with the method using how to copy public key described in [Public key for pasting into OpenSSH authorized_keys file], and make sure NOT pressing [Save public key] button.

Setup your public key to server

After you generate the key pair, set your public key to the server. The following is a summary of the procedure written on the page above.

Note: The following procedure is for using one key pair. If you use the existing key too, append public key to ~/.ssh/authorized_keys.

  1. Rename public key file to [authorized_keys] (there is no extension).
  2. Have a remote connection to Windows desktop of Zengaku Computer System via the remote access.
  3. Create a directory [.ssh] under Z: drive, at where public key is saved. (Skip this step if the folder already exists.)
    • Right-Click on [Start] → Click on [Run] and input “cmd” in the appeared window.
    • Type as follows:
      Z:\> mkdir Z:\.ssh [ENTER]
      
  4. Copy your public key [authorized_keys] (there is no extension) in the .ssh directory.
    • Note: No need to copy a private key.

Test login and initial setup

Using a terminal software, check whether you can log in, and do the initial setting. Here are examples with TeraTerm and with WinSCP.

When logging in for the first time, since the host key of the server is not cached, a confirmation dialog as to whether to trust the server is displayed. In that case, check the fingerprint of the key displayed in the dialog and the fingerprint at the bottom of this page to make sure if you are connected to the correct server.

Login with terminal software (TeraTerm)


Login with file transfer software (WinSCP)


After you specify your private key file, leave the password field blank and click on “Login”. Then you will be required passphrase of the private key later. At that time, input the passphrase that you specified when you created the private key using PuTTYgen.