The first time you connect to one of the KPH ssh gateways, you will be asked to accept a key fingerprint. Use this page to verify the host keys. Continue reading "ssh server authentication"
Update: May 15, 2020 - Due to a serious security incident on the university's HPC systems, all SSH keys used so far lose their validity with immediate effect.
If you need access to the computer network of the Institute of Nuclear Physics, please generate a *new* SSH key pair. Use a particularly good passphrase, your email address (Uni-Mainz or home institute) as comment.
Under no circumstances should you omit the passphrase. As you can see, one single careless person is enough to cause inconvenience to the whole university. Do not be that person!
If possible, create an ed25519 key:
ssh-keygen -t ed25519
Two files are created:
- Your public key ~/.ssh/id_ed25519.pub should be sent to email@example.com, with the request to add you to the ssh gateway.
- Your private key ~/.ssh/id_ed25519 will be activated with your passphrase. Passphrase and private key are to be kept secret and must not be given to anyone - not even to us.
Alternatively, you can also generate rsa keys. However, this is only useful if you need access to older systems. The key length should be at least 3072 bits, but not more than 4096 bits. It does not make sense to increase the rsa key length further. The gain in security is minimal, the handling is very difficult and the algorithm becomes even slower. If you have security concerns, use the ed25519 keys.
If you yourself have access to a machine for which you want to set up remote access, you can also add the public key yourself to the ~/.ssh/authorized_keys file.
Alternative for older Windows versions:
Please follow our instructions for generating SSH keys with PuTTY.
How to access and register at the ssh-gateway.