JSC provides thorough [instructions](https://apps.fz-juelich.de/jsc/hps/jureca/access.html#openssh-key-generation) on how to generate and upload the SSH keys. For convenience, below you will find a quick recipe to achieve this.
Logging in to our systems is usually done through the Secure Shell (SSH) mechanism, although there are alternatives such as UNICORE and JupyterLab. Our SSH configuration uses an authentication mechanism based on public and private keys rather than passwords. A pair of public and private keys has to be generated on your personal computer. The private key has to be protected by a passphrase. The public key is then registered for access to the system through JuDoor.
**Note: Never share your private key!**
Several software packages can be used for logging in through SSH. In the following sections you can find the steps how to log in with OpenSSH and PuTTY:
-[OpenSSH](https://www.openssh.com/) - a popular choice on GNU/Linux, macOS, and other Unix-like operating systems
-[PuTTY](https://www.putty.org/) - a popular choice on Windows
### 1.1. Generating a key pair with OpenSSH
First, open a terminal e.g. by pressing the `ctrl`\+`alt`\+`t` keys.
Then, run the following command:
`ssh-keygen -a 100 -t ed25519 -f ~/.ssh/id_ed25519`
This will require a **passphrase** to be created. This is your passphrase to log in to JURECA-DC. This passphrase is associated with the key you have created (i.e., it allows for the key to be used).
If the designated output file (~/.ssh/id_ed25519) already exists, the program asks to overwrite it. This is probably not what you want, since you might be using the key contained therein. Change the output name by using the arguments `-f ~/.ssh/id_ed25519_jsc` instead of `-f ~/.ssh/id_ed25519`. If you do so, keep in mind that your keys are in a non-default location for the remainder of the course.
Print the contents of the public key to the terminal by entering:
and copy it to the clipboard. **Do not copy the key above!** This is only an example. The one you have generated will be different.
Next, go to the section “2. Uploading the public key to JuDoor”
### 1.2 Generating a key pair with PuTTY
Open `puttygen.exe` to generate a key pair. Select `_Ed25519_` as the key type then click `_Generate_` and follow the instructions of the program. Once the key has been generated, enter a strong passphrase that cannot be guessed easily. This passphrase is used to encrypt the key while it is stored on disk so that it cannot be used if it is stolen.
Click `_Save private key_` to save the private key to a `.ppk` file.
Now, copy the contents of the field `_Public key for pasting into OpenSSH authorized_keys file_` to the clipboard.
Next, go to the section “2. Uploading the public key to JuDoor”
## 2. Uploading the public key pair to JuDoor
Log in to [JuDoor account](https://judoor.fz-juelich.de/login) with your JSC account.
Navigate to JuDoor and click on "_Manage SSH-keys_" next to the entry for the system you want to use under the Systems heading. For this workshop, we will use “**jureca**”. If you are not able to see **jureca**, it means you still have not requested (or been granted) access to this system.
Paste the public key into the form in the field labeled _Your public key and options string_, but do not submit yet. As a further security measure, you have to specify the systems that your log in attempts will come from. This is done via an additional `from-clause` on your public key, which can contain single IP-addresses, address ranges, as well as host names, and even wildcard patterns based on either of these.
Specifying a from-clause is relatively easy if you have access to a system with a fixed IP-address or an IP-address that changes dynamically. For example, systems connected to the network of Forschungszentrum Jülich will be assigned an IP-address from the range `134.94.0.0/16`, so a valid from-clause would be `from="134.94.0.0/16"`. Other institutions will use different address ranges; you should find out the IP-address from your institution's network operations center.
Sometimes, patterns based on host names will work better than those based on IP-addresses. For example, Forschungszentrum Jülich assigns hostnames that end in either `fz-juelich.de` or `kfa-juelich.de`, so a valid `from-clause` could also be `from="*.fz-juelich.de,*.kfa-juelich.de"`
Now, add your `from-clause` in front of the public key you already pasted into the form. The result should be something like:
It will take some time for the key to be synched to the actual system. Eventually, though, you will be able to log in. Once again, we have instructions for OpenSSH (section 2.2) and PuTTY (section 2.3).
