wiki:RequestAccount

Request an account for access to the infrastructure

1. About asymmetric key cryptography

We use asymmetric key cryptography to secure accounts. Hence you will get an account name, but no password. Instead of a password we use two digital keys:

  • A private key and
  • A public key.

The private key can be used to encrypt data (close the lock) and the associated public key can be used to decrypt the data (open the lock). As the name suggests the public key is not secret; you can share this with anyone, publish it on your website, etc. Hence your public key cannot be compromised, because it's intended to be public. The private key on the other hand must be private; if it gets stolen your account is compromised and can be abused. Therefore, contact us immediately if you ever suspect your private key may have been stolen/copied!

For additional details and background see Wikipedia - Asymmetric Key Cryptography

2. Generate a public/private key pair

2.A On Linux / Unix / Mac OS X

Open a terminal/shell.

On Mac OS X you can find the Terminal in Applications -> Utilities -> Terminal.app

Generate key pair

To generate an RSA key pair with OpenSSH, type the following command:

ssh-keygen -t rsa -b 4096 -C "your_comment_see_below"

As comment/label for your keys please use your first initial followed by (optionally your middle name followed by) your family name all in lowercase and without any separators like spaces, dots or underscores. So if you are Jack the Hippo, please use jthehippo as comment, so we can easily identify the key as yours.

Select where to store the key pair

The ssh-keygen application will now ask you where you want to save the private key. By default it will be stored in your ~/.ssh/ folder where ~ is your home directory. The public key will be stored with a .pub suffix in the same location as the private key.

WARNING1: Accepting the default may overwrite existing keys, so check first if you already have a key in that location! Accept the default by pressing return if you have no key in the default location.

WARNING2: OpenSSH will by default use the key from the default location :). If you create an additional key in a non-default location, you will need to explicitly specify which key file to use when connecting via ssh or sftp.

Enter file in which to save the key (/path/to/your/home_dir/.ssh/id_rsa): <return>

Secure the private key

Secure your private key with a good password. DO NOT choose a simple password or even worse an empty one!

Enter passphrase (empty for no passphrase): <Type the passphrase>

Ssh-keygen will now generate two files. In case you chose the default location these will be:

  • Your private key in ~/.ssh/id_rsa
  • Your public key in ~/.ssh/id_rsa.pub

If you forgot to add a password to your private key or if you want to change the password later on, you can add a (new) password to your existing private key with:

ssh-keygen -p -f ~/.ssh/id_rsa

Proceed to step 3. Request account and have the public key linked to your account

2.B On Windows

Get PuTTYgen

You can use PuTTYgen to generate a key pair. PuTTYgen is distributed as part of the PuTTY suite of apps as well as together with WinSCP.

  • Install WinSCP if you want to transfer data via SFTP.
  • Install PuTTY if you want to login via SSH to work on for example one of the compute clusters or VMs in our cloud.

In the screenshot below we launch a PuTTYgen that was installed as part of WinSCP to generate our public/private key pair

Configure

From the parameters section on the bottom of the window choose:

  • Type of key to generate: SSH-2 RSA
  • Number of bits in a generated key: 4096

Generate key pair

Click the Generate button... yes you really have to move the mouse now: computers are pretty bad at generating random numbers and PuTTYgen uses the coordinates of your mouse movement as a seed to generate a random number.

Secure private key and save pair to disk

Your key pair was generated. Now make sure you:

  • Replace the comment in Key comment with your first initial followed by (optionally your middle name followed by) your family name all in lowercase and without any separators like spaces, dots or underscores. So if you are Jack the Hippo, please use jthehippo, so we can easily identify the key as yours.
  • Secure your private key with a good password before saving the private key. DO NOT choose a simple password or even worse an empty one!
  • Click the Save public key button.
  • Click the Save private key button.
  • Select and copy all the text in the text box at the top of the window underneath Public key for pasting into OpenSSH authorized_keys file:
    You can paste it in the email you'll send in the next step...

3. Request account and have the public key linked to your account

To request an account, contact us via email and

  • 3.A If on Linux / Unix / Mac OS X: attach the id_rsa.pub public key file generated with ssh-keygen.
    If you cannot see / find the key file, you most likely stored the file in your ~/.ssh folder. Folders and files that start with a . are hidden files and not displayed by default. On Mac OS X you can press [Shift]+[Cmd]+. to toggle the visibility of hidden files in Open... and Save... dialog windows. Please use Google to search for a solution to display hidden files in other situations like Finder windows or on other platforms.
  • 3.B If on Windows: paste the contents of the public key as displayed in PuTTYgen in the email.
  • Motivate your account request by specifying the project your are working on and by adding your collaborators here in Groningen on CC.
  • Never ever email/give anyone your private key! If you do, the key is no longer private and useless for security: trash the key pair and start over by generating a new pair.
  • If you ever suspect that your private key may have been compromised (laptop got stolen, computer got infected with a virus/trojan/malware, etc.): contact us immediately, so we can block the public key for the compromised private key, and start over by generating a new pair.

4. Start using servers/services

When you get notified that your public key has been linked to your account, you can login and:

Last modified 3 weeks ago Last modified on 2017-03-03T12:59:34+01:00

Attachments (4)

Download all attachments as: .zip