SSH Keypairs

These are instructions for initializing your cse125.ucsd.edu and B220 accounts with ssh keypairs to streamline using git and subversion. It may look daunting, but it is actually relatively straightforward to set up. And once you start doing many edits, you will not miss having to type in your password repeatedly.

Steps 1 and 2 only need to be done once. Step 3 needs to be done on each login.

1. Generate keypair, initialize pisa account

Login to your account on pisa, prep the .ssh directory:

% mkdir ~/.ssh
% chmod 700 ~/.ssh
% cd ~/.ssh

Generate a keypair, initialize ssh files:

% ssh-keygen -t rsa
(accept file default)
(enter a passphrase, don't forget it!)
% cat id_rsa.pub >> ~/.ssh/authorized_keys
% chmod 600 ~/.ssh/authorized_keys

2. Initialize your ACS Windows account with the private key

Login to a B220 machine and remote copy (e.g., using the SSH Secure File Transfer app) your ~/.ssh/id_rsa private key file on pisa to your ACS home directory mounted under Windows. Let's say it is H:\docs\id_rsa.

Convert the private key into a format that the putty suite of programs can work with:

• Run Putty → Puttygen (Putty Key Generator) from the Start menu
• Invoke Conversions → Import in the menu
• Load the id_rsa private key file you copied from pisa (e.g., H:\docs\id_rsa)

Puttygen will prompt you for the passphrase you entered when creating the keypair, enter it.

Once your key is loaded, click on the "Save private key" button and save the private key somewhere, e.g., H:\docs\cse125-private.ppk.

3. Load the private key into an agent

• Run Putty → Pageant from the Start menu

In the bottom right of the Windows toolbar there will be an icon with a little blue terminal wearing a hat at an angle (you might have to click on the up-arrow button near the time/date info to see it).

• Right click on this icon.
• Select "Add Key".
• In the file dialog, load the private key you saved from puttygen (e.g., H:\docs\cse125-private.ppk).
• Enter the passphrase you used to create the key. The dialog will disappear.

Now pageant has your passphrase saved away. When you want to ssh (or when you use svn+ssh), pageant will provide your password on your behalf every time it is needed.

For example, if you use putty to ssh into pisa.sysnet.ucsd.edu, when you enter your login it should not prompt for a password.

4. Use with TortoiseSVN

• In an Explorer window, right click and select "SVN Checkout".
• Specify the URL to your repository, e.g., something like:

  svn+ssh://cs125s@pisa.sysnet.ucsd.edu/var/www/html/class/cse125/svn/...
  

  (be sure to specify your group svn directory)
• Specify a checkout directory.
• Click "OK".

TortoiseSVN will then check out your repository without prompting for passwords. When you do other svn commands, you should not have to specify passwords for those commands either (pageant is doing the password work for you).

5. On every login

Each time you login to a B220 machine, you have to run pageant and "Add key" your private key (this can be automated somewhat, but if you forget then when svn prompts you for a password you will immediately remember). Otherwise, svn and ssh will revert back to prompting for passwords.

Whenever ssh connects to a host for the first time (e.g., pisa), it will pop-up a dialog saying that it has never seen the host before. Click "Yes" to say that you trust it.