This article explains how to generate an Secure Shell (SSH) Key-Pair, the requirements for connecting to a university-owned SSH Gateway server externally, and how to upload an SSH Key to your university account.
From the 23rd September 2024, remote access to University SSH Gateways will require an SSH Key for authentication (in addition to your university username / password)
---
An SSH key is a secure access credential used in the Secure Shell (SSH) protocol.
To know more about SSH Keys and how they work, please read the article SSH Keys explained: generation, authentication, Key Pair info and more (external source).
---
The instructions below are intended to help you set one up:
You can generate an SSH Key-Pair by running ssh-keygen -t ed25519 from a terminal on Linux, Mac and Windows.
This results in two files being created in your home directory (typically named id_ed25519 and id_ed25519.pub), as shown in the screenshot below:
* When run without the '-t ed25519' option, typically a 2048-bit RSA Key is generated - this is considered less modern / secure and should only be created if required for legacy support reasons.
We strongly recommend you supply a passphrase of 12 or more characters when prompted; this helps to keep your account secure if your SSH key ends up in the wrong hands, e.g. if your device is stolen.
Traditionally, public keys (id_ed25519.pub/id_rsa.pub) are pasted into the AuthorizedKeys file in the .ssh directory in your userhome on a remote system you wish to access.
iSolutions systems, however, are configured to retrieve them from your university account instead. As such, you will need to upload your public key to your account using Subscribe Self-service - please read the section "Linking your public key to your university account".
It's important you keep your private key safe by:
If using an older version of Windows without the ssh-keygen tool, you can install the Putty program for creating your keypair.
You can download it
Instructions:
1. Check the EdDSA Key-Type
2. Select the Ed25519 (255 bits) option from the drop-down menu
3. Select Generate, and move the mouse around as instructed:
4. Enter a passphrase (at least 12 characters recommended)
5. Enter the passphrase again in the confirm passphrase box
6. Optional: Enter a comment, typically <your username>@<your device-name>
7. Save both your private and public key files:
It's important you keep your private key safe by:
If you have any reason to believe you may have lost or leaked your private key, please remove the corresponding public key from your account in Subscribe or contact ServiceLine for assistance.
---
1. You can upload an SSH Key to your university account through Subscribe as follow:
2. You will then be presented with the following screen, where you can upload your public SSH Key:
3. Once uploaded, your public key will appear on this page with the option of adding additional keys (most people will only require one however):
---
To access one You will need to authenticate with an SSH Key in addition to entering your username and password when connecting directly to university SSH Gateway servers from outside the university network.
Connecting from inside the university network (or when connected to the university Virtual Private Network) will continue to behave in the usual way, accepting either:
This change is being made to bring the SSH Gateway servers in line with other external university systems, already requiring MFA to log in.
If you believe this could disrupt your workflow, please contact ServiceLine for assistance.
• ssh.soton.ac.uk
• stafflogin.ecs.soton.ac.uk
• uglogin.ecs.soton.ac.uk
Was this article helpful?
If you have any further comments, please put them below.
Please note that feedback is anonymous - if you require a reply or assistance, please raise a ticket via ServiceLine.
Thank you for your feedback, it is much appreciated.