Docs
Generate an SSH key pair
How to create an SSH key pair for logging in to JASMIN
These instructions are intended for users setting up an SSH connection to JASMIN for the first time, or on a new device.
If you could previously connect with your existing key on the same device and now can’t, generating a new key pair is unlikely to solve the problem, and may make it more difficult to troubleshoot.
If you are having problems connecting to JASMIN via SSH, please see Login problems. If you are still unable to solve the problem, please contact the JASMIN Helpdesk before attempting to update your key.
SSH client and terminal
When you create an account on the JASMIN Accounts Portal (step 2 of Get Started with JASMIN), you will be asked to upload the public key of an SSH key pair you have generated.
Generating an SSH key pair requires an SSH client, usually an application which functions as a terminal: a text-based environment where you type commands to make things happen. Linux and Mac users can use a standard terminal which is very likely to have SSH installed. Windows users are advised to find a suitable SSH client to use or install on their machine. Suggestions are:
- Windows OpenSSH client an optional feature in Windows 10 or 11, but usually installed by default.
- PuTTY set of SSH tools (includes PuTTYgen GUI tool for generating keys, and Pageant ssh-agent)
- MobaXterm (requires license), provides a Linux-style terminal with all the relevant command-line and some GUI utilities included.
There are many more, but if you stick to one of these three, which are known to us, then potentially we can help you if you run into difficulties.
Using ssh-keygen to create an SSH key pair
The Linux command ssh-keygen should be used to generate your SSH key pair.
Open a terminal and generate your public and private key, as follows, replacing the e-mail address with your own:
ssh-keygen -m PEM -t ecdsa -b 521 -C "me@somewhere.ac.uk" -f ~/.ssh/id_ecdsa_jasmin(Here, ~/ or $HOME both mean “your home directory”. The equivalent on Windows is %USERPROFILE%)
The equivalent using the graphical PuTTYgen or MobaKeyGen tools is with these settings: choose these before clicking “Generate”.
The output from the command-line tools will look something like this:
Generating public/private ecdsa key pair.
Enter passphrase (empty for no passphrase): <ADD PASSPHRASE HERE>
Enter same passphrase again: <REPEAT PASSPHRASE HERE>
Your identification has been saved in /home/users/meuser/.ssh/id_ecdsa_jasmin.
Your public key has been saved in /home/users/meuser/.ssh/id_ecdsa_jasmin.pub.
The key fingerprint is:
74:14:95:8a:31:73:cc:5c:af:be:91:04:01:c2:39:0b me@somewhere.ac.ukRunning ssh-keygen will generate two files in your $HOME/.ssh/ directory:
id_ecdsa_jasmin.pub- public key fileid_ecdsa_jasmin- private key file (which should have permission “600”, i.e. read/write only by you)
The public key file is the part that you need to share in order to access
JASMIN. Windows may mistakenly associated the *.pub file with Microsoft Publisher so don’t try to double-click it. When you need to copy & paste its contents to upload to your JASMIN profile, use a simple text editor (like Notepad).
- If you are updating an existing key, please follow the instructions in Update a JASMIN account to upload it to your profile.
Make sure both key files are stored in a directory called .ssh in your home directory (~/.ssh, $HOME/.ssh or %USERPROFILE%\.ssh on Windows, or ${env:UserProfile}\.ssh in PowerShell). Storing them elsewhere sometimes causes problems with permissions, but it’s also good to keep keys in one place so that they can be kept securely.
- Once you have created your SSH key pair, please follow the instructions on Present your SSH key in order to connect to JASMIN.