University of Southampton

iSolutions

SSH key – Generate a new key, link a key to your account, and connect to SSH Gateway externally

This article explains how to generate an Secure Shell (SSH) Key-Pair, the requirements for connecting to a university-owned SSH Gateway server externally, and how to upload an SSH Key to your university account.

Overview of the changes

From the 23rd September 2024, remote access to University SSH Gateways will require an SSH Key for authentication (in addition to your university username / password)

---

Back to the top

 

Overview of SSH Keys

An SSH key is a secure access credential used in the Secure Shell (SSH) protocol.

To know more about SSH Keys and how they work, please read the article SSH Keys explained: generation, authentication, Key Pair info and more (external source).

---

Back to the top

 

Generating an SSH Key-Pair

The instructions below are intended to help you set one up:

Instructions for Linux, Apple macOS, and Windows

You can generate an SSH Key-Pair by running ssh-keygen -t ed25519 from a terminal on Linux, Mac and Windows.

This results in two files being created in your home directory (typically named id_ed25519 and id_ed25519.pub), as shown in the screenshot below:

""

* When run without the '-t ed25519' option, typically a 2048-bit RSA Key is generated - this is considered less modern / secure and should only be created if required for legacy support reasons.

We strongly recommend you supply a passphrase of 12 or more characters when prompted; this helps to keep your account secure if your SSH key ends up in the wrong hands, e.g. if your device is stolen.

 

Traditional configuration vs iSolutions' configuration

Traditionally, public keys (id_ed25519.pub/id_rsa.pub) are pasted into the AuthorizedKeys file in the .ssh directory in your userhome on a remote system you wish to access.

iSolutions systems, however, are configured to retrieve them from your university account instead. As such, you will need to upload your public key to your account using Subscribe Self-service - please read the section "Linking your public key to your university account".

It's important you keep your private key safe by:

  • Saving it in a folder only you have access to
  • Not sharing it with anyone 
  • Not storing it on shared systems.

Alternative Windows Instructions

If using an older version of Windows without the ssh-keygen tool, you can install the Putty program for creating your keypair.

You can download it

Instructions:

1. Check the EdDSA Key-Type 

2. Select the Ed25519 (255 bits) option from the drop-down menu

3. Select Generate, and move the mouse around as instructed:

""

4. Enter a passphrase (at least 12 characters recommended)

5. Enter the passphrase again in the confirm passphrase box

6. Optional: Enter a comment, typically <your username>@<your device-name>

7. Save both your private and public key files:

Putty key generator window. The buttons "Generate" is outlined with an orange line. The radio button "EdDSA" is checked and the drop-down menu below shows the option "Ed25519 (255 bits)"

It's important you keep your private key safe by:

  • Saving it in a folder only you have access to
  • Not sharing it with anyone
  • Not storing it on shared systems.

What to do in case of a lost / leaked key

If you have any reason to believe you may have lost or leaked your private key, please remove the corresponding public key from your account in Subscribe or contact ServiceLine for assistance.

---

Back to the top

 

Linking your public key to your university account

1. You can upload an SSH Key to your university account through Subscribe as follow:

2. You will then be presented with the following screen, where you can upload your public SSH Key: 

Subscribe window asking to add a public key

3. Once uploaded, your public key will appear on this page with the option of adding additional keys (most people will only require one however):

Subscribe window showing the key entered during the previous step. Close to the key field there's the "Remove" button

---

Back to the top

 

Connecting to SSH Gateway Servers Externally

Overview

To access one You will need to authenticate with an SSH Key in addition to entering your username and password when connecting directly to university SSH Gateway servers from outside the university network.

Connecting from inside the university network (or when connected to the university Virtual Private Network) will continue to behave in the usual way, accepting either:

  • A Username + SSH Key
    or
  • Username + Password

This change is being made to bring the SSH Gateway servers in line with other external university systems, already requiring MFA to log in.

If you believe this could disrupt your workflow, please contact ServiceLine for assistance.

Affected Systems

•    ssh.soton.ac.uk
•    stafflogin.ecs.soton.ac.uk
•    uglogin.ecs.soton.ac.uk 

---

Back to the top


Related content

Subscribe Self-service

How to download software

How to set up the Virtual Private Network (VPN) via GlobalProtect

Attached files:

Was this article helpful?

If you have any further comments, please put them below.

Please note that feedback is anonymous - if you require a reply or assistance, please raise a ticket via ServiceLine.


Thank you for your feedback, it is much appreciated.

Tweet This Article

Back to List

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×