SSH Key Pair Setup + Upload

This guide will walk you through creating an ssh key pair and uploading the public key to Duke OIT's public key management.

What you need to do depends on what kind of platform you are on: Mac, Linux, and Powershell on Windows work one way, and MobaXTerm on Windows works another way.  

Mac, Linux, or POWERSHELL (WINDOWS):

The first thing you need to do is open a terminal.  On Mac, you use the "Terminal" app (if you don't have it on your dock search for it in LaunchPad, then once it is running, right click and go to Options -> Keep in Dock.  You are going to want to use it a lot).  If you are in Windows, go to the box in the bottom left where you can type things in and start typing Powershell.   It should show up in the menu above---click it to open it. If you are in Linux, open your favorite terminal.

Next, run this command:

ssh-keygen -t ed25519

You should get prompted for what file to save the key in.  The default should be fine (just hit enter).

Next you should be prompted for a passphrase.  Pick something secure and that you can remember.   Note that we will show you in a second how to not need to type this password very often.

Once you have your key pair generated, go to

https://idms-web-selfservice.oit.duke.edu/advanced

and find the section titled "Manage Your Public SSH Keys."  In that section there should be clickable text that says "+ See More about SSH keys".  Click that to expand this section, and you should see a textbox for "New Public Key".   In your terminal, run

cat ~/.ssh/id_ed25519.pub 

Please be sure that you do not accidentally leave off the .pub.  The file ~/.ssh/id_ed25519 (without the .pub) is your private key file, which you should NEVER share with ANYONE.

Note that the contents of this file (what is displayed by cat) should look something like this:

ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGsvlghZXCKF9wnS/EvGvHAE+hcGg4WKj1ggXeu1Kd1u drew@Kahra.local

Copy the key (as printed by cat) and paste it into the textbox that says "New Public Key" on the OIT website.  Then click the "Add Key" button on that website.   It may take a second to work, but then should display the key under "Existing Keys".  You should also receive an email with it.

To make things simpler for you, you can add your key to the authentication agent.  On Mac, you can do this if you are on OSX 12.0 or newer:

ssh-add --apple-use-keychain ~/.ssh/id_ed25519

and this if you are on an older version of OSX:

ssh-add -K ~/.ssh/id_ed25519

(and then type the password you just used) which will add add the key to the authentication agent, and also save the password in your keychain.

Then edit ~/.ssh/config and add these lines to it :

Host *

UseKeychain yes

AddKeysToAgent yes

IdentityFile ~/.ssh/id_ed25519

Windows users probably need to follow the instructions here https://docs.microsoft.com/en-us/windows-server/administration/openssh/openssh_keymanagement for how to start the ssh agent.

On Linux or Windows, just ssh-add ~/.ssh/id_ed25519  .

(Note: Im not a Windows user so if there is something fancy to do with ssh-agent, I dont know it---please feel free to let me know). 

Windows (in MobaXTerm):

First, you need to get MobaXTerm if you do not already have it.   Go to https://mobaxterm.mobatek.net/download.html and download the free version.

Open MobaXterm and go to the Tools menu, and find "MobaKeyGen (SSH key generator).   For me, it is in the third ("Network") section of the menu.    This should bring up a window that say s"MobaXterm SSH Key Generator".  At the bottom is set of radio buttons labeled  "Type of key to generate".  Chose "Ed25519"  and then click the "Generate" button in the middle of the window.  You should get a progress bar, and after it finishes, the top part of this window should say "Public key for pasting into OpenSSH server (~/.ssh/authorized_keys file).  Below that should be a text box in which you can enter a "Key passphrase" and then retype it in the "Confirm passphrase" box.   Please set a secure passphrase that you will remember!

Now, go to https://idms-web-selfservice.oit.duke.edu/advanced  

and find the section titled "Manage Your Public SSH Keys."  In that section there should be clickable text that says "+ See More about SSH keys".  Click that to expand this section, and you should see a textbox for "New Public Key".    Copy the text in the "Public key for pasting into OpenSSH server (~/.ssh.authorized_keys_file)" box.  It should look generally like this:

ssh-ed25519 AAAAC3NzaC1lZDI1NTEAAAAIEds4R9w2XZF-IBlk0PBqkjwWedGdB4gqDnowdlm7GGC ed25519-key20220822

Paste that key into the "New Public Key" box on the OIT website.  Then click the "Add Key" button on that website.   It may take a second to work, but then should display the key under "Existing Keys".  You should also receive an email with it.

Finally, click the "Save private key".  You will get a file dialog to save the file.  Pick somewhere you want to save it (and please remember to NEVER share this private key with ANYONE).    You can also save the public key if you want.   If you need it later, you could get it from OIT's website.  Now, you can close the key generation window.

To use this key, you add it when you setup a Session.  To do so, click the "Session" button at the top, and specify the hostname and user name in the "Basic SSH settings" at the top.  Then click "Advanced SSH settings" at the bottom.   Find the "Use private key" checkbox, and click it.  Then click the little icon at the edge of the textbox next to it.  This will give you a file selector, and you can choose the private key file you just saved.  Click "OK" and you should be good to go.

 

RESET MY PASSWORD!

Requesting a password reset is a thing of the past.  If you lose your key (e.g. your computer breaks and you need a new one) or forget your key passphrase, you can just generate a new key pair and upload it via OIT's web interface.