Skip to content

Setting up SSH key pair

Before connecting to LUMI, you need to register an SSH key pair. You can only log in to LUMI using SSH keys. There is no option for using passwords.

LUMI only accepts SSH keys based on the RSA (4096 bit) or ed25519 algorithms. If possible, we recommend to use ed25519.

Generate your SSH keys

If you already have an appropriate SSH key pair that you want to use with LUMI, you may skip to registering your public key. If not, start by generating an SSH key pair as detailed below.

An SSH key pair can be generated using a Linux, macOS, Windows PowerShell terminal. For example, you can use the following command to generate an ed25519 key:

ssh-keygen -t ed25519

or, alternative, use the following command to generate a 4096 bit RSA key:

ssh-keygen -t rsa -b 4096

You will be prompted for a file name and location where to save the key. Accept the defaults by pressing Enter. Alternatively, you can choose a custom name and location. For example /home/username/.ssh/id_rsa_lumi.

Next, you will be asked for a passphrase. Please choose a secure passphrase. It should be at least 8 (preferably 12) characters long and should contain numbers, letters and special characters. Do not leave the passphrase empty.

After that an SSH key pair is created, i.e. a pair of files containing the public and private keys, e.g. files named id_rsa_lumi (the private key) and id_rsa_lumi.pub (the public key) in your /home/username/.ssh/ directory.

An SSH key pair can be generated with the PuTTygen tool or with MobaXterm (Tools MobaKeyGen). Both tools are identical.

In order to generate your key pairs for LUMI, choose the option RSA and set the number of bits to 4096. The, press the Generate button.

Create SSH key pair with windows - step 1

You will be requested to move the mouse in the Key area to generate some entropy; do so until the green bar is completely filled.

Create SSH key pair with windows - step 2

After that, enter a comment in the Key comment field and a strong passphrase. Please choose a secure passphrase. It should be at least 8 (preferably 12) characters long and should contain numbers, letters and special characters. Do not leave the passphrase empty.

Create SSH key pair with windows - step 3

The next step is to save your public and private key. Click on the Save public key button and save it to the desired location (for example, with id_rsa_lumi.pub as a name). Do the same with your private key by clicking on the Save private key button and save it to the desired location (for example, with id_rsa_lumi as a name).

Warning

The private key should never be shared with anyone, not even with LUMI staff. It should also be stored only on your local computer (public key can be safely stored in cloud services). Protect it with a good password! Otherwise, anyone with access to the file system can steal your SSH key.

Register your public key

Now that you have generated your key pair, you need to register your public key in your MyAccessID user profile. From there, the public key will be copied to LUMI.

To register your key, click on the Settings item of the menu on the left as shown in the figure below. Then select SSH keys and click the New key button. Now copy and paste the content of your public key file in the text area and click the Add SSH key button.

Screenshot of user profile settings to setup ssh public key
MyAccessID Own profile information to add ssh public key.

Now that you have generated your key pair, you need to register your public key in your MyCSC user profile.

To register your key with MyCSC, click on the My Profile item of the menu on the left as shown in the figure below. Then scroll to the end and in the SSH PUBLIC KEYS panel click the Modify button. From here, click the Add new button and paste the content of your public key in the text area and click Add.

Screenshot of user profile settings to setup ssh public key
MyCSC profile information to add ssh public key.

After registering your SSH key, there can be a couple of hours delay until it is synchronized to LUMI and your account is created. You will receive your username via email once your account has been created.