Öffnet in neuem Fenster Opens in a new window Öffnet externe Seite Opens an external site Öffnet externe Seite in neuem Fenster Opens an external site in a new window

Generate ssh key pair for ssh authentication

Windows

PuTTYgen

When you install PuTTY from the Softwarecenter the tool to generate SSH Keys, PuTTYgen, will be installed alongside automatically.

To improve the security of your connections we recommend creating keys of the type ED25519. You can choose the key type on the bottom of the program’s user interface.

After clicking on “Generate” you will need to move your mouse in the grey area on the upper part of the window. This movement will be used to improve randomization of the key.

You can optionally add a custom comment after creating the key. This may be helpful to identify it at a later point in time. A password for the key helps keeping it secure in case of theft of your private key. Setting a password is optional.

If you ever lose your private key, the generation of a new key pair is mandatory, even if it is protected by a password!

Save your private key at a secure location. Your HZB MyDrive is a good place for this.

Public key for aditum.helmholtz-berlin.de

To upload your public key you need to save it in a file. If you did not just create a new private key and still have the PuTTYgen window open, start the program PuTTYgen and load your existing private key.

To save the public key in the proper format, do NOT use the button “Save public key” but instead copy the text from the window on the top of the user interface and paste it into a new file of the .txt format. To do this you can use a tool like “Editor”.

You can then upload this file on https://www.helmholtz-berlin.de/bin/extern-access.

Linux/macOS

Command line tool ssh-keygen

Note: Usually you will already have an existing SSH key pair in /net/home/UID/.ssh/. (Plese replace UID with your HZB user ID)  You may use existing keys from within this directory.

To improve the security of your connections we recommend using keys of the type ED25519. To avoid having to use the option ssh -i id_ed25519 on every SSH connection you can create the file ~/.ssh/config with the following content:

Host *
 IdentityFile ~/.ssh/id_ed25519

Instead of using the wildcard statement Host *, which will result in the stated key being used for all connections, you can also specify different keys for different purposes, as shown in the example:

Host aditum.helmholtz-berlin.de
 IdentityFile ~/.ssh/id_ed25519_ADITUM
Host gitlab.helmholtz-berlin.de
 User git
 IdentityFile ~/.ssh/id_ed25519_GITLAB

The tool ssh-keygen is already installed on all conventional Linux hosts. To save your private key in a secure location we recommend using a host which hast your central home directory /net/home/UID mounted. If you do not have access to a personal Linux client for which this is the case, you may also use one of the central dinux hosts. The currently available dinux hosts can be seen here

To create the SSH key pair, execute the following command, replacing UID with your HZB user ID:

ssh-keygen -t ed25519 -f /net/home/UID/.ssh/id_ed25519

Using the additional option -c "COMMENT" you can add a custom comment to the key, which may be useful to identify the key at a later point in time.

Setting a password for the key helps keeping it secure in case of theft of your private key. Setting a password is optional.

Note: If you ever lose your private key, the generation of a new key pair is mandatory, even if it is protected by a password!

Public key for aditum.helmholtz-berlin.de

You can upload your public key file (e.g. id_ed25519.pub) on https://www.helmholtz-berlin.de/bin/extern-access.