Setting up SSH keypair¶
If you want to use LUMI from a terminal, you need to register an SSH key pair. The SSH keys are the only way to connect to LUMI when using a Linux, macOS or Windows PowerShell terminal, or MobaXterm or PuTTY from Windows. There is no option for using passwords.
LUMI only accepts SSH keys based on the RSA (4096 bit) or ed25519 algorithms. If possible, we recommend using ed25519.
Generate your SSH keys¶
If you already have an appropriate SSH key pair that you want to use with LUMI, you may skip to registering your public key. If not, start by generating an SSH key pair as detailed below.
An SSH key pair can be generated using a Linux, macOS, Windows PowerShell terminal. For example, you can use the following command to generate an ed25519 key:
or, alternative, use the following command to generate a 4096 bit RSA key:
You will be prompted for a file name and location where to save the
key. Accept the defaults by pressing Enter. Alternatively, you can
choose a custom name and location and add it interactively or as a
command line argument with for example -f /home/username/.ssh/id_rsa_lumi
.
Next, you will be asked for a passphrase. Please choose a secure passphrase. It should be at least 8 (preferably 12) characters long and should contain numbers, letters and special characters. Do not leave the passphrase empty.
After that an SSH key pair is created, i.e. a pair of files containing
the public and private keys, e.g. files named id_rsa_lumi
(the private key) and id_rsa_lumi.pub
(the public key) in your
/home/username/.ssh/
directory.
An SSH key pair can be generated with the PuTTygen tool or with MobaXterm (Tools MobaKeyGen). Both tools are identical.
In order to generate your key pairs for LUMI, choose the option RSA and set the number of bits to 4096. The, press the Generate button.
You will be requested to move the mouse in the Key area to generate some entropy; do so until the green bar is completely filled.
After that, enter a comment in the Key comment field and a strong passphrase. Please choose a secure passphrase. It should be at least 8 (preferably 12) characters long and should contain numbers, letters and special characters. Do not leave the passphrase empty.
The next step is to save your public and private key. Click on the Save
public key button and save it to the desired location (for example, with
id_rsa_lumi.pub
as a name). Do the same with your private key by clicking
on the Save private key button and save it to the desired location (for
example, with id_rsa_lumi
as a name).
Key format
To use your key, you may need two different key formats. The instructions above generate a private key in PuTTY format (PPK), which can be used with PuTTY and in a MobaXTerm SSH session created via the MobaXTerm GUI.
However, if you are using the OpenSSH client (the ssh command in a MobaXTerm terminal), you will need a key in the OpenSSH format. To convert your key, go to the Conversions Export OpenSSH key menu in the key generator tool and save it in the OpenSSH format.
You can convert between these two key formats at any time using the key generator tool. Load a key by using the Conversions Import key menu, then save it in the desired format:
- OpenSSH to PPK: load a OpenSSH key, then save it with the Save private key button
- PPK to OpenSSH: load a PPK key, then save it via the Conversions Export OpenSSH key menu
Warning
The private key should never be shared with anyone, not even with LUMI staff. It should also be stored only on your local computer (public key can be safely stored in cloud services). Protect it with a good password! Otherwise, anyone with access to the file system can steal your SSH key.
Register your public key¶
Now that you have generated your key pair, you need to register your public key in your MyAccessID user profile. From there, the public key will be copied to LUMI.
To register your key, click on the Settings item of the menu on the left as shown in the figure below. Then select SSH keys and click the New key button. Now copy and paste the content of your public key file in the text area and click the Add SSH key button.
Now that you have generated your key pair, you need to register your public key in your MyCSC user profile.
To register your key with MyCSC, click on the Profile item of the menu on the left side of the screen. If your browser window is narrow, the navigation might be hidden, in which case you need to open it from the top-right button. In the lower right corner of the Profile page there is a box which reads SSH PUBLIC KEYS. Click the Add key button (you may need to re-login). Paste the content of your public key in the text area which reads Key. Omit the ending of the key file that has your local username and the name of your computer. It should look like
Add a title, e.g., lumi, and then click Add.
After registering your SSH key, there can be a couple of hours delay until it is synchronized to LUMI and your account is created. You will receive your username via email once your account has been created.