Table of Contents

SSH Key Based Authentication

SSH Keys are an advanced feature that allow you to use a key to connect instead of using your password. This has the benefit of being both more secure, and more convenient to use. SSH keys are an optional way to access the SoCS servers from Off Campus. Regular password based login is still allowed from on campus, or from off campus while running the VPN. Please note that SSH may not be enabled on your Windows machine by default. Follow the topic in this article on how to install SSH before continuing with this guide.

SSH Keys One Time Setup

To set up public key private key access to linux:

Part A For all platforms

  1. Have a passphrase (password) handy that you can remember. This should be different than your central login password.
  2. Open a terminal window (or PowerShell for Windows)
  3. Type ssh-keygen -t ed25519 -C central-ID@linux.socs.uoguelph.ca at the command prompt
    1. Press return to accept the default file locations for storing keys
    2. Enter your passphrase when prompted (make sure you can remember it)
    3. Enter the SAME passphrase again
  4. In the same terminal window, change to your .ssh directory. A foolproof way to do this is to first type cd followed by enter, then type cd .ssh
  5. Type “more id_ed25519.pub” without the quotes
  6. Copy the long string of text that begins with ssh-ed25519 and ends with yourusername@linux.socs.uoguelph.ca. It will wrap across several lines.
  7. Keep that text in the clipboard for the next step and go to Part B (either for on campus or off campus, depending on your location).

Part B For all platforms

On Campus Only

If you are working on campus, you can set can set up your keys using ssh.

  1. ssh to linux.scos.uoguelph.ca using your Central Login ID and password (use PowerShell on windows if you don't have a different client. On OS/X and linux just use a terminal)
Off Campus Only

If you are working off campus you should use NoMachine to upload your ssh key.

  1. Connect to NoMachine to facilitate the file transfer process. If you have not used NoMachine before, please reference our guide to NoMachine here. NoMachine supports file transfer via scp and is our recommendation for off-campus students.
  2. Once you have connected to NoMachine, open a terminal and follow the next steps.
All Platforms
  1. Type “cd ~/.ssh” at the command prompt (without the quotes).
    • If you get an error “.ssh No such file or directory”, type “cd ~”, then “mkdir .ssh”, then type “cd .ssh”, otherwise ignore this step.
  2. Use your favourite command line editor (vim, nano, emacs, etc.) to edit the authorized_keys file
    • i.e. type 'nano authorized_keys' at the command line
    • Unless you've done this step once already, you will be creating this file. it MUST be called authorized_keys
  3. Paste in the long string of text that you copied to your clipboard in step A
  4. Save the file.
  5. Log out of the server.

Part C For all platforms

  1. Open terminal window, or Powershell (Windows only)
  2. ssh to portkey.socs.uoguelph.ca
  3. You SHOULD be prompted for the passphrase you used in Part A, and then you should connect to our linux servers (ssh central-ID@linux.socs.uoguelph.ca).
  4. This login method works for secure FTP programs too, such as filezilla, which will allow you to ftp files directly to your linux account.

Notes and Info

  1. If you are unable to bring your private key to campus (via a laptop, removable storage device, etc.) and cannot transfer files via NoMachine, you must send your public key to help@socs.uoguelph.ca. Your public key will then be put into your home folder. This process may take up to a day to complete, so it is recommended to only use this option as a last resort.
  2. Once the key has been added to the server, attempt to ssh from off campus using ssh central-ID@portkey.socs.uoguelph.ca, agreeing to any prompts that you receive while connecting. You will be prompted to input the password you saved during the keygen creation here.
    • If ssh is not able to find your private keys file, you can include the -i flag to specify the location of your keys (ex. ssh jdoe@uoguelph.ca -i ~/.ssh/id_ed25519)
    • NOTE: The portkey server is a jump server and has nothing installed. You will not be able to run/compile code on this server - its sole purpose is to connect you to the main server cluster (linux.socs.uoguelph.ca).
  3. After connecting to portkey, ssh again into central-ID@linux.socs.uoguelph.ca to ensure that your connection is successful.
Advanced User SSH Key Setup Guide

If you feel confident in your ability, below are the list of commands that you can execute to get your key onto the server while on campus. This guide is suited for students that can troubleshoot common Linux issues related to ssh and file movement. If you are not confident, follow Part A For all platforms above for a more in-depth guide.

Server-Side Setup 

ssh central-ID@linux.socs.uoguelph.ca
cd ~
mkdir .ssh 
cd .ssh
ls
touch authorized_keys (if the file already exists, skip this step)

Local Machine 

ssh-keygen -t ed25519 -C central-ID@linux.socs.uoguelph.ca 
scp ~/.ssh/id_ed25519.pub central-ID@linux.socs.uoguelph.ca:~/.ssh/ed25519.pub

On linux.socs.uoguelph.ca 

cd ~/.ssh
cat ed25519.pub >> authorized_keys
exit