SSH login by public key authentication

For security enhancement, SSH login for the Linux server of the Zengaku Computer System from outside of the university is rejected except for public key authentication. If you do not have a public key in your home directory, SSH login can not be done from outside of the university.

In order to put keys in the home directory, log in from on-campus, such as a satellite room, or use Remote Desktop.

About Key Authentication

Public Key authentication allows to login for a user who has a private key only. Create a pair of public key and private key in advance, put a public key in the server and store a private key in the client (laptop, etc.).

Generating and Registering

Generating key pair (public key and private key)

Generate public key and private key using PuTTYgen. Refer the following page if you like.

Note: Public key should be generated with the method using how to copy public key described in [Public key for pasting into OpenSSH authorized_keys file], and make sure NOT pressing [Save public key] button.

Setup your public key to server

After you generate the key pair, set your public key to the server. The following is a summary of the procedure written on the page above.

Note: The following procedure is for using one key pair. If you use the existing key too, append public key to ~/.ssh/authorized_keys.

  1. Rename public key file to [authorized_keys] (there is no extension).
  2. Have a remote connection to Windows desktop of Zengaku Computer System via the remote access.
  3. Create a folder [.ssh] under Z: drive, at where public key is saved. (Skip this step if the folder already exists.)
    • Right-Click on [Start] → Click on [Run] and input “cmd” in the appeared window.
    • Type as follows:
      Z:\> mkdir z:\.ssh [ENTER]
      
  4. Copy your public key [authorized_keys] (there is no extension) in the .ssh directory.
    • Note: No need to copy a private key.

Test login and initial setup

Using a terminal software, check whether you can log in, and do the initial setting. Here are examples with TeraTerm and with WinSCP.

Login with terminal software

  1. Using TeraTerm

  2. After you log in at the first time, it would be more secure if you type as follows:
    % chmod 600 ~/.ssh [ENTER]
    

    If you’ve done this once, it is not required in subsequent logins.

Login with file transfer software

  1. Using WinSCP

    After you specify your private key file, leave the password field blank and click on “Login” (「ログイン」). Then you will be required passphrase of the private key later. At that time, input the passphrase that you specified when you created the private key using PuTTYgen.
  2. In the recent version of WinSCP (at May 2016), the way to specify the private key file changed as follows: