This article summarizes how to set up a convenient and secure access to ACCC managed servers.
For convenient and secure access to ACCC managed servers, we support using SSH key pairs to access these services. An SSH public/private key pair acts like a lock and key both customized for your access. When you register an SSH public key it will be uploaded to all ACCC managed servers on which you have an account on within an hour. You will then be able to use your private key to access the server. The same public/private key pair is used for all systems, though you can upload multiple public keys if you like.
We encourage the use of SSH keys for a few reasons: First, it prevents password guessing attacks on servers that are configured to not accept any passwords. Second, it prevents a potential attacker from stealing a password that may also be used for other university resources. Having no password means there is no password to steal. Finally, SSH keys are convenient, especially if you wish to set up programs that interact with your virtual machines such as to run commands as well as uploading and downloading files.
Whatever SSH program you use, it should provide a way to generate an SSH public/private key pair. Below we provide instructions on how to do it with a few popular SSH programs. Once you've generated you keys, upload your public key, do NOT upload your private key. You must keep your private key secure, you may also wish to encrypt it for added security.
SecureCRT and SecureFX are commercial Windows SSH and SFTP programs provided free of charge to UIC users through the Webstore.
Use the SSH Keys form to upload your new public key. This is the file of type "PUB" and with the file extension ".pub". It may take up to an hour for your new public key to be active on your virtual servers. After an hour, you should be able to connect with your new private key.
PuTTY is a popular free SSH client for Microsoft Windows. To download PuTTY, visit The PuTTY Download Page. To use PuTTY with public/private key authentication, you'll need both putty.exe and puttygen.exe. These are simple programs and do not use an installer. Install the executables wherever you find convenient.
OpenSSH is the most popular SSH command line tool set. If you have Mac OS X, Linux or any UNIX variant, then you already have the OpenSSH command line tools installed.
To generate a key pair, at a command prompt run:
ssh-keygen -t dsa
It will prompt you as to where to store the key, this is your private key. By default it will select to save the key in your home directory under a sub directory called .ssh in a file calledid_dsa. This is a good default, as this will also make your SSH key the default used when using ssh to connect to your virtual server. If you already have a key pair and wish to generate a separate one, then pick a different file name.
ssh-keygen will also prompt you for a passphrase. This is a string of characters used to encrypt your private key. If you simply hit enter, without typing a passphrase, then your private key will not be encrypted.
Your public key will be named the same as your private key with .pub appended to the end of the file name. So the default is id_dsa.pub.
To upload your public key, use the SSH Keys form above to select your pubilc key file. It will be in a directory named .ssh in your home directory. On OSX this is found at/Users/YourUserName/.ssh and on Linux and UNIX type systems this is typically /home/YourUserName/.ssh. Note that ".ssh" is considered a "hidden" folder and may not be shown by your web browser when you upload your key. If it is not shown, you may type out the ".ssh" location and it should then show the directory contents. Anternatively you may wish to copy your private key out of the ".ssh" directory before uploading. When you upload your private Make certain your select the ".pub" file and do not upload your private key!
Once your public key is uploaded, it should be listed above. It can take up to an hour for your key to be deployed to all of your virtual servers. To use your public key, simply use the ssh command at the command line. If you specified a different key file location from the id_dsa default, then you'll need to specify the "-i" option and a path to tell ssh where to find your private key. If you specified a passphrase to encrypt your key, you'll be prompted for that as well. The virtual server will not prompt you for a password. If you do get prompted for a password from the server then something has gone wrong, do not provide a password! Finally, the first time you connect to a server you'll be asked to accept the server's identity. Subsequent contact with your server will check the fingerprint against the fingerprint you get this first time.
Fetch is a popular SFTP client for Mac OS X.