Generating SSH keys for remote access outside network

Instructions for Mac/Linux

For Mac or Linux, run ssh-keygen in the terminal. The key pair will be generated, and then you will be prompted for a location to save the keys, and to set a passphrase (which is optional, but recommended).

After you finish setting up your key, you have two options to get your key approved in the RCF network:

  1. If you are out of network and would like the RCF staff to approve your key, email rcfsupport with the public key attached. The public key will be found in the directory you set for your key pair earlier, and will end with the file extension .pub . Make absolutely sure that you pick the file ending in .pub, as the other key is the private key, which should not be shared with anyone. Once we receive the key, we can add your key to your authorized keys file, and then you will be able to log in remotely from outside the network.
  2. If you are already on the math network, run the following command:

    ssh-copy-id -i /path/to/publickey.pub username@ssh.math.umass.edu

    where the path and username is appropriately modified. You will be prompted regarding accepting the authenticity of the key, enter "yes" and proceed. You should see some output with the line "Number of key(s) added: 1". If you do, then try connecting to a network outside the math network (example: eduroam on campus or your home network) and test the remote SSH connection. You should be prompted for both the SSH password and user password. When logging in from outside the math network, you will be prompted for both passphrases. When logging in within the math network, you will only be prompted for the SSH passphrase, if one was set.

Instructions for Windows

For Windows, instructions will be given for the following set of software which needs to be installed on your machine:

  1. Putty (Windows SSH client and Key Generator
  2. WinSCP (for secure copying of files between host and remote)

The installation of PuTTY comes with PuTTYgen, a key generating program. Run this program, and then it should present you the option to generate a key pair with various settings. RSA with 2048 bits is standard, but you can use other settings if you'd like. Click "generate", and move your mouse around in the blank spot while it's generating. After it's done, you can optionally set a passphrase. Be sure to save both the public and private key.

After you finish setting up your key, you have two options to get your key approved in the RCF network:

  1. If you are out of network and would like the RCF staff to approve your key, email rcfsupport with the public key attached. The public key will be found in the directory you set for your key pair earlier, and will end with the file extension .pub . Make absolutely sure that you pick the file ending in .pub, as the other key is the private key, which should not be shared with anyone. Once we receive the key, we can add your key to your authorized keys file, and then you will be able to log in remotely from outside the network.
  2. For this method, you must be on the math network on campus. First, run WinSCP. You will be prompted for login and server information. For protocol, select "SCP". After logging in, a directory window should open. This is your remote drive. Now copy your public key (file extension ending in .pub) into your remote home directory. After that, SSH into your account via PuTTY. Then run the following command:

    cat publickey.pub >> .ssh/authorized_keys

    where the name of the key is modified accordingly. If you get an error saying the directory .ssh does not exist, create the directory using the command mkdir .ssh. Now re-run the above cat command. If no errrors occur, try connecting to a network outside the math network (example: eduroam on campus or your home network) and test the remote SSH connection. You should be prompted for both the SSH password and user password. When logging in from outside the math network, you will be prompted for both passphrases. When logging in within the math network, you will only be prompted for the SSH passphrase, if one was set.