Table of contents

  1. Introduction
  2. Install PuTTY
  3. Creating a key
  4. Copying your key to a server
    1. From UT VPN, UT wireless, or CS network
    2. From off-campus
  5. Using PuTTY with your new key
  6. Using ssh-agent (optional)
  7. Additional information

For instructions on adding SSH keys for other platforms, visit this FAQ.

Introduction

As of April 12, 2019, SSH keys are required when SSHing to CS/CSRES networks when outside of our networks, campus wireless, or the VPN. The University ISO will quarantine any host allowing SSH access that has not disabled password authentication.

An SSH key pair consists of two keys: One public key and one private key. The public key, as the name suggests, is public and can be safely shared with the world. The private key should never be shared with anyone and should be kept safe.

In order to use SSH keys to connect to a remote computer, one must first create an SSH key pair on one's computer, then copy the public SSH key to the remote computer. You will create an SSH key pair on each computer that you want to SSH from. You can use the same public SSH key from one computer to connect to many others.

E.g., if you have two computers at home, home1 and home2, and want to use them to connect to remote1, remote2, and remote3 you would create an SSH key pair on both home1 and home2, and then send the public key from home1 to all three remote computers, and lastly you would send the public key from home2 to all three remote computers.

Below are the necessary instructions to create an SSH key pair and add your public key to your CS account. Adding your public SSH key to linux.cs.utexas.edu will automatically add it to all other machines on the CS network. For the purposes of these instructions, we will assume that you want to SSH into a CS machine from a computer at home. To avoid confusion, we will use the following terminology:

HOME = Your home computer
CS_USER = Your CS username
linux.cs.utexas.edu = The machine that you need to SSH into and add SSH key to.

NOTE: All commands will be run on HOME.

Install PuTTY

  1. Go to this link.
  2. Click on the msi file that you wish to use. (Read the FAQ entry if you're not sure if you need 32- or 64-bit installer)
  3. Follow the installation instructions.

Creating a key

To create a 4096-bit RSA key, run the following:

  1. Hold the Windows key and press r. This will open the "Run" window.
  2. Type puttygen.exe and press Enter (or click "OK").
  3. Under "Type of key to generate", be sure that "RSA" is selected.
  4. Enter "4096" for "Number of bits in a generated key".
  5. Click the "Generate" button.
  6. As it generates your key, moving your mouse around will help speed up the process.
  7. Enter a passphrase in "Key passphrase". (ALWAYS use a passphrase!!) 1
  8. Re-enter your passphrase in "Confirm passphrase".
  9. Click "Save private key" and choose a location to save your new ppk file. (Remember this location)
  10. Right-click in the text field labeled "Public key for pasting into OpenSSH authorized_keys file" and choose "Select All".
  11. Right-click again in the same text field and choose "Copy".

What is currently in your clipboard is your public SSH key and is perfectly safe to be shared with anyone.

The ppk file that you saved in step #9 is your private SSH key. You should NOT share it with anyone.

Copying your key to a server

From UT VPN, UT wireless, or CS network

If you are connected to UT VPN, or have brought your machine on campus and have connected to UT wireless or the CS network, then you can use the method below.

You can find more information on how to connect to UT VPN by visiting this page.

To copy your SSH public key from HOME to linux.cs.utexas.edu, simply:

  1. Hold the Windows key and press r. This will open the "Run" window.
  2. Type putty.exe and press Enter (or click "OK").
  3. Under "Host Name" type "linux.cs.utexas.edu" and press Enter (or click "Open").
  4. When it prompts for "login as: ", type in your CS_USER and press Enter.
  5. mkdir -p ~/.ssh && nano ~/.ssh/authorized_keys
  6. Press down until your cursor is at the bottom of the file.
  7. Right-click to paste your public SSH key into the file.
  8. Hold the ctrl key and press x to save the file.
  9. When asked "Saved modified buffer?" press y.
  10. When prompted for "File Name to Write:" simply press Enter.
  11. chmod 700 ~/.ssh && chmod 600 ~/.ssh/authorized_keys

Congratulations! You can now use your SSH key to log into any CS machine that you have access to!

From off-campus

Copy to a USB drive

If you are unable to connect to UT VPN or cannot bring your machine to campus, then copying your public SSH key to a USB drive is another solution.

On your home computer:

  1. Plug in a USB drive.
  2. If it does not auto-mount, open File Explorer and open the USB device on the lefthand side of the window.
  3. Inside the USB drive's folder, right-click inside the folder and choose New > Text Document.
  4. Name the file "id_rsa.pub" and then open it with Notepad.
  5. Right-click inside the empty document and click "Paste" to paste your public SSH key.
  6. Click on "File" and then "Save" to save the file, then close Notepad.
  7. Safely unmount/eject your USB drive and bring it to campus.

From here, you will want to log into a CS lab machine and do:

  1. Plug in the USB drive
  2. If it does not auto-mount, open a file manager and open the USB device to view its contents.
  3. In a terminal, run df -hT to find the full path to your mounted USB drive.
  4. cat /media/yourusername/directory/id_rsa.pub >> ~/.ssh/authorized_keys (Replace the second path with your real USB drive's mount point path)
  5. chmod 700 ~/.ssh && chmod 600 ~/.ssh/authorized_keys
  6. If step #5's command gives any errors, please submit a helpreq.
  7. Safely unmount/eject your USB drive.

Using PuTTY with your new key

Be sure to NOT press Enter or click on "Open" at all during any step except for #10. If you do accidentally, you will need to restart all of the steps.

  1. Hold the Windows key and press r. This will open the "Run" window.
  2. Type putty.exe and press Enter (or click "OK").
  3. Under "Host Name" type "linux.cs.utexas.edu".
  4. On the lefthand side, click on the + symbol next to "SSH".
  5. Underneath "SSH", click on "Auth".
  6. Click on "Browse..." and find your ppk file that you saved previously.
  7. If you wish to have PuTTY remember your username, enter it in Connection > Data > "Auto-login username".
  8. Lastly, click on "Session" (the first category), click on "Default Settings" and then click "Save".
  9. Now that your default settings have been saved, you can click on "Open" and it will ask you for your SSH key passphrase and log you into linux.cs.utexas.edu. 2
  10. The next time you open PuTTY, all you will need to do is simply press Enter or click "Open".

Using ssh-agent (optional)

PuTTY does not use ssh-agent, however it as the Pageant command, which can remember your SSH key's passphrase. While Pageant is not covered in this documentation, a quick search engine search for "Pageant" will point you in the right direction.

Additional information

  1. More in-depth information on SSH keys
  2. Wikipedia: ssh-agent
  3. Selecting a strong password

  1. This is not your CS password. The passphrase that you choose for your SSH key should be different from your CS password. See Selecting a strong password to learn how to choose a secure passphrase instead of a password.

  2. When typing your passphrase, you won't see any output on your screen. This is normal and is for your security.