HostKeys
From SOMWiki
How to create and install a host key for authentication to the Unix servers
Host keys provide a more secure method of authentication to the Unix servers. When logging into a Unix server with an application configured to use your host key, the private key on your computer is matched to the public key in your Unix home directory on the server. The host key replaces the need for you to enter your Uxix password. However; use of a passphrase to protect the private key on your computer is recommended. Without a passphrase, anyone who has access your computer and knows your Unix userid could obtain your private key and login to the Unix server as you.
If you forget your host key passphrase, you will not be able to login using the host key. You will need to create and install a new host key. Otherwise, you can disable the host key option in your application and login normally using your Unix userid and password.
Install the SOM Support Pack Software
The Yale SOM Support Pack contains puttgen and putty which you can use to generate the host keys and connect to the Unix servers. Instructions for downloading and installing the support pack are available at The Yale SOM Support Pack
Create the Host Keys
-In Windows, go to Start\Run, type "puttygen" and hit Enter.
-Under Parameters, Select the "SSH2 DSA" option.
-Click the Generate button.
-Move the mouse pointer back and forth over the "PuTTY Key Generator" window to generate a random key.
-Copy and paste the entire key in the "Public key for pasting into OpenSSH authorized_keys file" textbox into a new text file called "authorized_keys". Hang onto this file.
-RECOMMENDED: Enter a Key passphrase and type it again to Confirm it.
-Click the "Save Public Key" button.
File name: [userid]_openssh (replace [userid] with your Unix userid)
-Click the "Save private key" button
File name: [userid]_priv (replace [userid] with your Unix userid)
-Close the PuTTY Key Generator
Install WinSCP
Instructions for downloading and installing WinSCP (part of the SOM Support Pack) are available at WinSCP (Windows SCP Client) Tutorial
Install the Public Host Key to the Unix Server with WinSCP
-In Windows, go to Start\Run, type "winscp" and hit Enter.
-Click on Session.
-Enter Host name: tiamat.som.yale.edu
-Enter User name: [userid] (replace [userid] with your Unix userid)
-Don't enter the password.
-Click the Save button.
-Click the OK button to accept the default session name [userid]@tiamat.som.yale.edu.
-Click the Login button.
-Enter your Unix password (when prompted) and click OK
-On the right pane (in your Unix home directory), double click the ".ssh" folder.
-Drag and drop the "authorized_keys" file you created earlier into the ".ssh" folder. Click the Copy button.
-Drag the [userid]_priv.ppk file to the ".ssh" folder. Click the Copy button. Right click and rename the new [userid]_priv.ppk in the ".SSH" folder to "id_dsa"
-Close WinSCP
Using Your Private Key with PuTTY
-In Windows, go to Start\Run, type "putty" and hit Enter.
-Under Session, enter Host Name (or IP address): tiamat.som.yale.edu Select the Protocol: SSH
-Under Connection\SSH\Auth, click Browse to locate your "Private key file for authentication" which is the "[userid]_priv.ppk" file you saved earlier.
-Under Session, enter Saved Sessions: [userid]@tiamat.som.yale.edu (replace [userid] with your Unix userid.
-Click the Save button.
-Click the Open button.
-When prompted, enter your userid and hit ENTER.
-RECOMMENDED, enter the key passphrase if you entered one while saving the private key file earlier.
Using Your Private Key with WinSCP
-Open WinSCP, under Session\Stored Sessions, select the [userid]@tiamat.som.yale.edu session you created earlier and click the Load button.
-Under Session, browse for the "Private key file" by clicking the "..." button and selecting the [userid]_priv.ppk file you created earlier.
-Click the Open button.
-Click the Save button.
-Click the OK button and click Yes to overwrite if prompted.
-Click the Login button to login now using your private key file for authentication.
-RECOMMENDED, enter the key passphrase if you entered one while saving the private key file earlier.
--Btt2 11:30, 27 Apr 2006 (EDT)
