CSE 422S: Generating SSH Keys

When you connect to the school's servers with ssh,you must specify your username, e.g. ssh username@shell.cec.wustl.edu or you risk getting locked out of the server. If you connect with the wrong username or password 5 times in 30 minutes, your IP address will be blacklisted for 4 weeks.

To help prevent lockouts due to incorrect password attempts, you may want to log in using an SSH key instead of a password, as outlined below:

Instructions for SSH Key Generation

  1. First, you will generate a key.

    Open a terminal window or command prompt on your personal computer or Raspberry Pi.

    Then, enter the hidden .ssh directory:
    cd .ssh

    Now, generate a key using:
    ssh-keygen -f your-key-name

    Replace your-key-name with a unique name for your key. We recommend something containing your username, like key_username.

    Now, enter a passphrase for your key. You can use your WUSTL Key password, or another password of your choice. Keep in mind that this passphrase is bound to this SSH key; it will not change when your WUSTL Key password changes.

    Your key now exists locally on your machine in two files: your public key exists in the file your-key-name.pub. This half of your SSH key is public information, and you can freely give it to anyone you need to communicate securely with.

    Your private key exists in the file your-key-name. This is like your password. You should never give this file to anyone! Anyone with your private key can impersonate you and successfully interact with anyone who has your public key.

  2. Now, install the key on the school's server by issuing the following command:
    ssh-copy-id -i your-key-name your-username@shell.cec.wustl.edu

    This will instruct the server to associate the key you just created with your user account. You will be prompted to enter your password. This is your WUSTL Key password, not your SSH key passphrase!

    Note for Windows Users

    If you are using Windows, the ssh-copy-id command may not be recognized.

    In this case, use sftp to copy your key files (public and private) from your local .ssh directory to your .ssh directory on shell.cec.wustl.edu:
    cd .ssh
    put your-key-name*

    Then, ssh into the server with your WUSTL Key and password, and enter the hidden .ssh directory:
    cd .ssh

    Now, install the key using the ssh-copy-id command as outlined above.

    At this point, if you like, you may delete the private key file from the server.

  3. Finally, your computer's ssh client will need to be configured to use your key.

    If it does not alreday exist, create a file called config in your local .ssh directory. Inside the file, add the following 3 lines:

    Host a-nickname-for-the-server
    	HostName shell.cec.wustl.edu
    	IdentityFile ~/.ssh/your-key-name

    In the above, a-nickname-for-the-server is a short nickname you would like to use to access the server. We chose "shell".

    The text after IdentityFile should be the path to your private key.

    You can now connect to shell.cec.wustl.edu with your key, without providing your WUSTL Key username or password. Simply use either:

    ssh a-nickname-for-the-server (in our case ssh shell)
    sftp a-nickname-for-the-server (in our case sftp shell)

    You will be prompted for the passphrase you assigned to the key. Enter the passphrase, press enter, and you're in!