GitList -GitList

Raw Blame History

--- title: 'Generating Key Pair and Registering Public Key' taxonomy: category: - docs --- [toc] ## What is Key Authentication?{#key} Key Authentication is an alternative means to authenticate using a pair of the generated public key and the private key saved on your computer instead of password authentication. Password-based authentication can be misused by a third person through cracking such as dictionary attacks. All you have to do is to keep in your mind that the private key should be strictly managed, and then there is no concern of such attacks. A private key can be protected by setting up the passphrase (passwords with longer strings of characters), and it protects your private key from being misused in case if your computer or laptop was stolen and the private key leaks. !! **The use of private keys without a passphrase is prohibited** and must be set. If a private key without a passphrase is placed on the login node, it will be automatically deleted. ## Generating a Key Pair {#keygen} ### Procedure{#procedure} Generate the key pair using the ssh-keygen command in the 'Command Prompt' on Windows or in the 'Terminal' on Mac. On Windows, it is also possible to generate keys with [MobaXterm](/login/mobaxterm#pubkey). ```nohighlight $ ssh-keygen -t rsa -b 3072 -m pem #(1) Generating public/private rsa key pair. Enter file in which to save the key (/home/taro/.ssh/id_rsa): #(2) Enter passphrase (empty for no passphrase): #(3) Enter same passphrase again: #(4) Your identification has been saved in /home/taro/.ssh/id_rsa. Your public key has been saved in /home/taro/.ssh/id_rsa.pub. The key fingerprint is: 8c:13:10:d2:c0:12:c5:0b:53:d4:3f:b6:9c:16:f6:ca taro@test.kyoto-u.ac.jp ``` ### Checking the Generated Key Pair{#check} If you have generated a key pair with the default storage location, check %HOMEPATH%\.ssh (on Windows) and ~/.ssh (on Mac/Linux) and you will find the keys generated as follows. **id_rsa** is the private key and **id_rsa.pub** is the public key. Before logging in to the supercomputer, you need to register your public key by following the procedure in [Registering a public key via the user portal](#regist). - On Windows ```nohighlight >dir %HOMEPATH%\.ssh 2022/10/01 01:23 1,675 id_rsa 2022/10/01 01:23 410 id_rsa.pub >type %HOMEPATH%\.ssh\id_rsa.pub ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAsotK4PbdadfhbXbTPIsxvwKFIg+8Lmp0pXKckAOuSnoaaT516ddj9rnIJlE/JaJf0cltp+087R6Ov8LPY+QeQvzzUfGiAQQVdwBiMrVQVqXylIoidU86uz/w8GITXltu1m+fXO+O26dEESQWsAgiNfVOzB57OCadGX1iCy6/2CxvNEB3mnHkvmC+H3azP27tTARHXqTBThuxjwR9iZBkx2iYSW3tVg0cDdzuLP3ULVrJXHrrLCr1HGaAzQEs0M+vtrV+G8gLlkeqbKy4YKWKUY/xkM8c/20jnSKP36SeU4fezbRQREkYqRjx4a3kx97K1sfch/WKwzuHWqhYYMtvEw== taro@test.kyoto-u.ac.jp ``` - On Mac/Linux ```nohighlight $ ls ~/.ssh/ id_rsa id_rsa.pub $ cat ~/.ssh/id_rsa.pub ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAsotK4PbdadfhbXbTPIsxvwKFIg+8Lmp0pXKckAOuSnoaaT516ddj9rnIJlE/JaJf0cltp+087R6Ov8LPY+QeQvzzUfGiAQQVdwBiMrVQVqXylIoidU86uz/w8GITXltu1m+fXO+O26dEESQWsAgiNfVOzB57OCadGX1iCy6/2CxvNEB3mnHkvmC+H3azP27tTARHXqTBThuxjwR9iZBkx2iYSW3tVg0cDdzuLP3ULVrJXHrrLCr1HGaAzQEs0M+vtrV+G8gLlkeqbKy4YKWKUY/xkM8c/20jnSKP36SeU4fezbRQREkYqRjx4a3kx97K1sfch/WKwzuHWqhYYMtvEw== taro@test.kyoto-u.ac.jp ``` ## Registering a public key via the user portal{#regist} 1. Go to the [User Portal](https://web.kudpc.kyoto-u.ac.jp/portal/) , and enter your User ID and Password to log in. ![](portal_new_01.png?lightbox=100%&resize=600) 2. Select the **SSH Public Key** in the left menu. ![](portal_new_02.png?lightbox=100%&resize=600) 3. In the **Add SSH Public Key** page, enter a **title** (any title you like), copy and paste the created public key to the **Public Key** . After confirming **set passphrase of the private key** , and then click the **Add** to complete the registration process. ![](portal_new_03.png?lightbox=100%&resize=600) 4. After registration is completed, you can log in to the system using the private key and passphrase. For how to log in, please refer to [Logging In on Windows](/login/windows) or [Logging In on Mac and Linux](/login/mac_linux). ## Handling of the Keys{#note} ### Maintaining the Confidentiality of Keys{#manage} A leakage of its private key poses a serious security threat to the system. Please make sure that you maintain the confidentiality of your private key. If there is any implication that your private key may leak out, contact us by Email at portal \* kudpc.kyoto-u.ac.jp (please replace \* with @ ). ### Handling of the Keys When Logging-In to the System Using Multiple PCs{#multi} When you log in to the system using multiple PCs such as a desktop PC and a laptop, the different key pairs are required for each PC. ### Adding and Deleting a Public Key{#kanri} Please add or delete the public key with reference to [Registering a public key via the user portal](#regist). ### When You Lost Private Key or Forgot Passphrase{#key_loss} Registering a public key via the [Use Portal](https://web.kudpc.kyoto-u.ac.jp/portal/) becomes invalid after you successfully logged in to the systems and a certain period of time has elapsed. When you lost your private key or forgot your passphrase, please send us an email detailing the following information using your registered email address: - To：consult \* kudpc.kyoto-u.ac.jp ( please replace \* with @) - From：your registered email address - Subject：Requesting for the approval to re-register the public key - Text： - Your user ID： - Organization where you belong： - Your name： - Details and reasons for losing your private key or forgetting your passphras