/
For External Users SSH Public Keys

For External Users SSH Public Keys

Owned by UKY CCS RCD
Last updated: yesterday at 2:47 pm by Vikram Gazula
4 min read

This guide will help you securely register, generate, and manage your SSH public keys. Authentication is handled through CILogon, which integrates with multiple Identity Providers (IDPs). Please follow the instructions below to upload and manage your SSH keys seamlessly.

Prerequisites

Before you begin, ensure you have the following:

  • Active University of Kentucky (UKY) linkblue users: If you are affiliated with the University of Kentucky, you must use UKY as your IDP.

  • Account with Another Supported IDP: If you are not affiliated with UKY, you can use any institutional or supported IDPs. You should use your institutional IDP to ensure the best compatibility and support.

  • SSH Client Installed: To generate SSH keys, you'll need an SSH client installed on your machine. Most UNIX-based systems come with OpenSSH pre-installed. For Windows, you can use PuTTY or install OpenSSH via Windows Features.

Supported Identity Providers (IDPs)

The SSH Key Management System supports authentication through the following IDPs via CILogon:

  • University of Kentucky (UKY)

  • ACCESS-CI, Google, GitHub, etc

Important Notes:

  • For University of Kentucky Users: All UKY-affiliated users must use the University of Kentucky as their IDP. Other IDPs are not supported for UKY users.

  • For Other Users: Users affiliated with other institutions can use any of their registered IDPs. However, it is recommended that they use their institutional IDP to ensure the best compatibility and support.

  • If you don't have an IDP, it is recommended that you use ACCESS. For more details, visit ACCESS Identity Registration.

Note: We currently do not support IDPs that utilize the amr (Authentication Methods References) claim, such as ORCID. If your IDP uses amr, you cannot authenticate using that provider. Please choose from the supported IDPs listed above.

Logging In

  1. Access the Login Page:

  2. Select Your IDP:

    • For UKY Users: Select University of Kentucky from the list of available Identity Providers.

    • For Other Users: Choose your preferred IDP from the list of available options.

    • Enter your credentials for the selected IDP.

    • Upon successful authentication, you will be redirected back to the SSH Key Management System.

Note: All University of Kentucky users must use the University of Kentucky as their IDP. Other Identity Providers are not supported for UKY users.

Registering and Uploading SSH Public Keys

After logging in, follow these steps to upload your SSH public key:

  1. Navigate to Submit SSH Public Key:

    • On the Home page, click on the "Submit SSH Public Key" button.

  2. Enter Your SSH Public Key:

    • In the Submit SSH Public Key form, paste your SSH public key into the provided text area.

    • Supported Key Formats:

      • ssh-rsa

      • ssh-ed25519

  3. Upload the Key:

    • Click the "Upload" button.

    • Upon successful upload, create a support ticket at the Support Ticket Portal to notify Administrators to add your account to the necessary resources.

Security Reminder: Always upload only your public SSH keys. Keep your private keys secure and do not share them.

 

After you have created and uploaded your SSH keys, please visit:

https://ukyrcd.atlassian.net/servicedesk/customer/portal/4/group/14/create/49 and open a ticket stating that your SSH keys have been successfully uploaded.

Managing Your SSH Keys

Viewing Your SSH Public Key

  1. Home Page:

    • After logging in, the Home page displays your current SSH public key, if any.

    • If no key is uploaded, you will see a message indicating that no SSH public key has been uploaded yet.

Deleting Your SSH Public Key

  1. Delete Key:

    • On the Home page, locate your SSH public key.

    • Click the "Delete SSH Public Key" button.

    • Confirm the deletion when prompted.

    • A confirmation message will appear upon successful deletion.

Note: Deleting your SSH public key will prevent access to systems that rely on it for authentication. Ensure that you have alternative access methods configured before deletion.

Unsupported Identity Providers

We currently do not support authentication through Identity Providers (IDPs) that utilize the amr (Authentication Methods References) claim, such as ORCID. Attempting to log in using these providers will result in authentication failure.

If your institution is not listed or you think there is an error, please let us know using the Support Ticket Portal.

Additional Information

Support

For help with SSH key generation or portal access, create a support ticket at the Support Ticket Portal.

Security Reminder

Always upload only your public SSH keys. Keep your private keys secure and do not share them.

Updating Your Secondary Email in the portal

Your secondary email is used for additional notifications and communications. Unlike your primary email (which is provided by your IDP and cannot be changed), you can update your secondary email at any time.

How to Update Your Secondary Email:

On the home page, locate the "Update Secondary Email" section.

Enter your new secondary email address in the provided field.

Click "Update Email" to save your changes.

A confirmation message will be displayed upon a successful update.

 

Generate SSH Public and Private Keys

Here's how to generate them:

 

(On Linux and macOS)

  1. Open a Terminal on Your System.

  2. Run the following command to generate an SSH key pair:

    ssh-keygen -t rsa -b 4096 -C "your_email@example.com"

    • Replace your_email@example.com with your ACCESS email address.

    • This will create a 4096-bit RSA key pair.

  3. When prompted, specify a location to save the keys:

    • Press Enter to accept the default location (~/.ssh/id_rsa).

  4. (Optional) Set a passphrase:

    • For additional security, enter a passphrase. Press Enter for no passphrase.

  5. After the process, your SSH key pair will be generated:

    • Public Key: ~/.ssh/id_rsa.pub

    • Private Key: ~/.ssh/id_rsa

 

(On Windows)

Using Git Bash (Recommended):

  1. Install Git for Windows:

  2. Open Git Bash:

    • Launch Git Bash from the Start menu.

  3. Generate the SSH Key Pair:

    Run the command in Git Bash: ssh-keygen -t rsa -b 4096 -C "your_email@example.com"

  4. Accept the default file location (e.g., /c/Users/your_username/.ssh/id_rsa) and choose whether to add a passphrase.

Using PuTTYgen:

  1. Download PuTTYgen:

    • Download PuTTYgen (part of the PuTTY suite).

  2. Run PuTTYgen:

    • Launch PuTTYgen and choose RSA as the key type, then set Number of bits in a generated key to 4096.

  3. Generate the Key:

    • Click Generate and move your mouse over the blank area to create randomness.

  4. Save Your Keys:

    • Once the key is generated, save both the public and private keys. You can copy the public key from the PuTTYgen window.

Center for Computational Sciences