Logging in to Otax

The user must have the private key on the computer, which is attempting the connection, and the equivalent public key must be found in the file  ~/.ssh/authorized_keys  in the association’s home directory on the Otax server. Users have to create the keys by themselves. The easiest way is to create the keys on the computer which is intended to manage Otax, so the key files do not have to be copied.

The minimum strength for the keys is 2048 bits for RSA.

Creating the key pair with Linux server

You can create the key on Aalto’s general servers, for example, with the command:

ssh-keygen -t rsa –b 2048

The command will ask you where you wish to save the key. The default location ( ~/.ssh ) is good, so just press enter.

Next, ssh-keygen asks for a passphrase, which is entered when using the key. The password should under no circumstances be left blank!

Now the sub-directory of your home directory .ssh should have the files id_rsa.pub (public key) and id_rsa (private key).

Creating the key pair on a home computer (Windows)

These instructions apply to PuTTYgen software. Equivalent features can also be found in other ssh software.

WARNING! Do not create RSA key pair on public computers!

Step 1: Open PuTTYgen.

Step 2: Make sure you select ’SSH-2 RSA’ under the section ”Parameters” and specify the number of bits as 2048. Then press ”Generate”.

Step 3: Set a passphrase for the key in the ”Key passphrase” field.

Step 4: Save the public and the private key with ”Save public key” ja ”Save private key” options. Name your key in such a way that it shows your name.

After creating a key pair, you can submit the public part of the key to the administrator of your Otax domain if your association’s Otax domain already has a person in charge. Otherwise, please send the public part of the key by e-mail to the address tietotekniikka@ayy.fi and ask us to copy the key to your Otax domain.

A key created with the command ssh-keygen– on Unix server works as such. A public key created with PuTTYgen programme requires modification. On Linux servers, you can print the right kind of a key with the command:

ssh-keygen –i –f name_public_key

When editing manually, it is often enough to delete comments from the beginning and add  “ssh-rsa”, unless it is already at the beginning of the line.

The key in the correct form looks as follows:

ssh-rsa AAAA….

Please note that the whole key must be on one line, otherwise the key will not work.

When the key is in the correct form, it can be added to the association’s Otax domain by modifying

the authorized_keys file of the domain located in .ssh directory.

The lines beginning with the hash tag (#) are comments and the lines beginning with “ssh-rsa” are the public parts of RSA keys. Each ssh-rsa line should be preceded by a comment line that shows at least the following information:

• the date when the key was added to the file (yyyy-mm-dd)
• the key owner’s email address
• the key owner’s name

Therefore, the contents of the ~/.ssh/authorized_keys file can look like this (RSA keys have been shortened in this example)

#2012-12-01;aino.aaltolainen@aalto.fi;Aaltolainen;Aino;
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC99lv5GmA5GN…
#2012-12-01;pekka.perus@jotain.fi;Perus;Pekka;
ssh-rsa AAAAB3NzaC1kc3MAAAEBANk/J8dkfAWw4VXVCFniVC…

With PuTTY (or a similar SSH programme), you can contact Otax by using the private key.

Step 1: Open PuTTY.

Step 2: Choose ”Connection -> SSH -> Auth” in the left tree menu.

Step 3: Click  ”Browse” on the right side of the ”Private key file for authentication” field and select the private section of your public key pair on Otax.

Step 4: In the menu, choose the top entry ”Session”

Step 5: Enter ’otax.ayy.fi’ to ”Host Name” field and add a name for Otax connection to ”Saved Sessions” field. Select ”Save” and after this ”Open”.

Finally, Putty will ask for your username and a password (passphrase). The username is your association’s Otax username and the password is the passphrase that you entered when creating the key pair.