Setting up SSH keypair¶

If you want to use LUMI from a terminal, you need to register an SSH key pair. The SSH keys are the only way to connect to LUMI when using a Linux, macOS or Windows PowerShell terminal, or MobaXterm or PuTTY from Windows. There is no option for using passwords.

LUMI only accepts SSH keys based on the RSA (4096 bit) or ed25519 algorithms. If possible, we recommend using ed25519.

Generate your SSH keys¶

If you already have an appropriate SSH key pair that you want to use with LUMI, you may skip to registering your public key. If not, start by generating an SSH key pair as detailed below.

From a terminal (all OS)With MobaXTerm or PuTTY (Windows)

An SSH key pair can be generated using a Linux, macOS, Windows PowerShell terminal. For example, you can use the following command to generate an ed25519 key:

ssh-keygen -t ed25519

or, alternative, use the following command to generate a 4096 bit RSA key:

ssh-keygen -t rsa -b 4096

You will be prompted for a file name and location where to save the key. Accept the defaults by pressing Enter. Alternatively, you can choose a custom name and location and add it interactively or as a command line argument with for example -f /home/username/.ssh/id_rsa_lumi.

Next, you will be asked for a passphrase. Please choose a secure passphrase. It should be at least 8 (preferably 12) characters long and should contain numbers, letters and special characters. Do not leave the passphrase empty.

After that an SSH key pair is created, i.e. a pair of files containing the public and private keys, e.g. files named id_rsa_lumi (the private key) and id_rsa_lumi.pub (the public key) in your /home/username/.ssh/ directory.

An SSH key pair can be generated with the PuTTygen tool or with MobaXterm (Tools MobaKeyGen). Both tools are identical.

In order to generate your key pairs for LUMI, choose the option RSA and set the number of bits to 4096. The, press the Generate button.

Create SSH key pair with windows - step 1

You will be requested to move the mouse in the Key area to generate some entropy; do so until the green bar is completely filled.

Create SSH key pair with windows - step 2

After that, enter a comment in the Key comment field and a strong passphrase. Please choose a secure passphrase. It should be at least 8 (preferably 12) characters long and should contain numbers, letters and special characters. Do not leave the passphrase empty.

Create SSH key pair with windows - step 3

The next step is to save your public and private key. Click on the Save public key button and save it to the desired location (for example, with id_rsa_lumi.pub as a name). Do the same with your private key by clicking on the Save private key button and save it to the desired location (for example, with id_rsa_lumi as a name).

Warning

The private key should never be shared with anyone, not even with LUMI staff. It should also be stored only on your local computer (public key can be safely stored in cloud services). Protect it with a good password! Otherwise, anyone with access to the file system can steal your SSH key.

Register your public key¶

For regular users (with a non-Finnish allocation)With a Finnish allocation

Now that you have generated your key pair, you need to register your public key in your MyAccessID user profile. From there, the public key will be copied to LUMI.

To register your key, click on the Settings item of the menu on the left as shown in the figure below. Then select SSH keys and click the New key button. Now copy and paste the content of your public key file in the text area and click the Add SSH key button.

MyAccessID Own profile information to add ssh public key.

Now that you have generated your key pair, you need to register your public key in your MyCSC user profile.

To register your key with MyCSC, click on the Profile item of the menu on the left side of the screen. If your browser window is narrow, the navigation might be hidden, in which case you need to open it from the top-right button. In the lower right corner of the Profile page there is a box which reads SSH PUBLIC KEYS. Click the Add key button (you may need to re-login). Paste the content of your public key in the text area which reads Key. Omit the ending of the key file that has your local username and the name of your computer. It should look like

ssh-ed25519 AAAAC3NzaC1lZDI....I3J

Add a title, e.g., lumi, and then click Add.

After registering your SSH key, there can be a couple of hours delay until it is synchronized to LUMI and your account is created. You will receive your username via email once your account has been created.