The SSH key pair is used to log in to LeoMed via the command line.

  • the ed25519 algorithm for generating the SSH key pair is mandatory

  • a passphrase (non-empty, of minimum 16 characters) protection of the SSH key pair is mandatory

  • format convention for sharing the public SSH key: as file named <ETHZ-username>.pub (ETH-externals without an existing ETHZ account should use <name-lastname>.pub)

Table of Contents

Linux / Unix (macOS)

1

a. Open your terminal application of choice

b. Generate the SSH key using the following command. 

[user@workstation]$ ssh-keygen -t ed25519
2

a. Fill in the required information

b. Introduce a strong passphrase

Important

It is mandatory to encrypt the key with a strong passphrase with at least 16 characters.

3Example
[user@workstation]$ ssh-keygen -t ed25519
Generating public/private ed25519 key pair.
Enter file in which to save the key (/home/<username>/.ssh/id_ed25519):
Enter passphrase (empty for no passphrase): **********************
Enter same passphrase again: **********************
Your identification has been saved in /home/<username>/.ssh/id_ed25519
Your public key has been saved in /home/<username>/.ssh/id_ed25519.pub
The key fingerprint is:
SHA256:LhpfwohLVJM2h2N/q4UHIJNxzUysZ8pD2J1isJ91sBg bmx@LAPTOP-GHKPS84N
The key's randomart image is:
+--[ED25519 256]--+
|  . .*.          |
|  .+Eo*          |
|  +=@=.+         |
|  o*BBB .        |
|  .= Bo.S        |
| . .*o = .       |
|  o o.= *        |
| . . + B         |
|  . . o          |
+----[SHA256]-----+
4

Copy the public key and rename it to <username>.pub (where <username> should be replaced by your ETHZ username). ETH-externals without an existing ETHZ account should use <name-lastname>.pub.

The following command will copy the public key in the right format to your Desktop (assuming that the key was saved to /home/<username>/.ssh/id_ed25519; see the output above):

[user@workstation]$ cp ~/.ssh/id_ed25519.pub ~/Desktop/<username>.pub

Windows

Important

Windows 10 includes a built-in OpenSSH client since the April 2018 update, however, we will use MobaXterm (Portable Home Edition) for compatibility reasons.

When starting the portable edition, we get prompted to allow some network access for the executable. However, it seems unnecessary to do so as we saw that the SSH network connection does not depend on it and we can simply cancel the request. The only relevant task is to store the configuration for later access even when changing to another (updated) edition.

Option 1 - Using shell command from the MobaXterm local terminal 

1

a. Open MobaXterm

b. Click Start local terminal

   (In case the local terminal cannot be opened, see the troubleshooting section below.)

2

Enter the command as described in the Linux section above and continue as described there.

3

The two key files will be saved by default at a location, which is located within MobaXterm at /home/mobaxterm/.ssh/ .

To identify the location of the home directory in the Windows Explorer, you can click in the MobaXterm menu Settings Configuration.

In the window that opens, click on the icon "Browse persistent home folder" as highlighted in the picture (green circle). By default the two key files are in the subfolder .ssh.

Option 2 - Using graphical interface of MobaXterm

1

a. Open MobaXterm

b. Open the Tools menu

c. Click MobaKeyGen (SSH key generator)

2

a. Select the type EdDSA or Ed25519 (255bits) in the section Parameters

b. Click Generate

c. Introduce a strong passphrase


Important

It is mandatory to encrypt the key with a strong passphrase with at least 16 characters.

3

Save the private key

a. Open the Conversions menu

b. Select Export OpenSSH key (force new file format)

4

Save the public key by clicking the Save public key button

Save the public to <username>.pub (where <username> should be replaced by your ETHZ username; ETH-externals without an existing ETHZ account should use <name-lastname>.pub.)

5

Open the Public key file you just saved with a text editor (such as Notepad) and overwrite it only with the content from the box and save it.

This is because the format used by Putty/MobaXterm for the public key is not the expected one

6

Check for completeness: Make sure that you saved two files

  • private SSH key (see step 3)
  • public SSH key (see step 4)


Troubleshooting

MobaXterm local terminal closes immediately

Make sure that your home directory is at a suitable location:

In the MobaXterm menu click on Settings Configuration.

In the Window that opens, click on the yellow folder icons (highlighted in the picture below) and choose a suitable location for both the home and root directories.

If MobaXterm displays a warning message after confirming a folder, choose another location that does not lead to a warning.

If you need further help, please contact your local IT support group.