Generate an SSH key pair

This article explains how to create an SSH key pair for logging in to JASMIN.

You can also use this procedure to update an existing SSH key pair for JASMIN. However, if you are experiencing problems logging in to JASMIN you are advised to first check Login problems before changing your key. Once you have created your SSH key pair, the public key will need to be uploaded to your JASMIN profile  . If this is the first time you have created a key pair then this will be done when you create an account on the accounts portal (Step 2 of Get Started with JASMIN).

SSH client and terminal  

Generating an SSH key pair requires an SSH client, usually an application which functions as a terminal: a text-based environment where you type commands to make things happen. Linux and Mac users can use a standard terminal which is very likely to have SSH installed. Windows users are advised to find a suitable SSH client to use or install on their machine. Suggestions are:

• MobaXterm (requires license), provides a Linux-style terminal with all the relevant command-line and some GUI utilities included. Figures 1 and 2, below, show example terminal windows on a Mac, and Windows (using MobaXterm).
• Windows OpenSSH client  an optional feature in Windows 10 or 11, but usually installed by default.
• PuTTY  set of SSH tools (includes PuTTYgen GUI tool for generating keys, and Pageant ssh-agent)

There are many more, but if you stick to one of these three, which are known to us, then potentially we can help you if you run into difficulties.

Using ssh-keygen to create an SSH key pair  

The Linux command ssh-keygen should be used to generate your SSH key pair. Open a terminal and generate your public and private key, as follows, replacing the e-mail address with your own:

ssh-keygen -m PEM -t ecdsa -b 521 -C "me@somewhere.ac.uk" -f ~/.ssh/id_ecdsa_jasmin

(Here, ~/ or $HOME both mean “your home directory”. The equivalent on Windows is %USERPROFILE%)

The equivalent using the graphical PuTTYgen or MobaKeyGen tools is with these settings: choose these before clicking “Generate”

The output from the command-line tools will look something like this:

Generating public/private ecdsa key pair.
Enter passphrase (empty for no passphrase): <ADD PASSPHRASE HERE>
Enter same passphrase again: <REPEAT PASSPHRASE HERE>
Your identification has been saved in /home/users/meuser/.ssh/id_ecdsa_jasmin.
Your public key has been saved in /home/users/meuser/.ssh/id_ecdsa_jasmin.pub.
The key fingerprint is:
74:14:95:8a:31:73:cc:5c:af:be:91:04:01:c2:39:0b me@somewhere.ac.uk

Running ssh-keygen will generate two files in your $HOME/.ssh/ directory:

• id_ecdsa_jasmin - private key file (which should have permission “600”, i.e. read/write only by you)
• id_ecdsa_jasmin.pub - public key file

The public key file is the part that you need to share in order to access JASMIN. Windows may mistakenly associated the *.pub file with Microsoft Publisher so don’t try to double-click it. When you need to copy & paste its contents to upload to your JASMIN profile, use a simple text editor (like Notepad).

Make sure the file is stored in a directory called .ssh in your home directory (~/.ssh, $HOME/.ssh or %USERPROFILE%\.ssh on Windows, or ${env:UserProfile}\.ssh in PowerShell). Storing it elsewhere sometimes causes problems with permissions, but it’s also good to keep keys in one place so that they can be kept securely.