Creating SSH keys

Public key authentication (SSH Key) is a more secure alternative to password authentication that allows users to avoid entering or storing a password, or sending it over the network. Public key authentication uses the client computer to generate the key pair (a public key and a private key). The public key is then provided to the remote computer's administrator to be installed on that machine.

To log in into other Aspera servers with public key authentication, you need to generate a key pair for the selected user account, as follows:

  1. Create a .ssh directory in your home directory if it does not exist:
    $ mkdir /home/username/.ssh

    Go to the .ssh folder:

    $ cd /home/username/.ssh
  2. Generate an SSH key pair.
    In the .ssh folder, use the ssh-keygen command to create a key pair.
    # ssh-keygen -m key_format -t key_type
    • For key_format, specify a format that is supported by the SSH server.
    • For key_type, specify either RSA (rsa) or ECDSA (ecdsa).
    At the prompt that appears for the key pair's file name, press ENTER to use the default name id_rsa or id_ecdsa, or enter a different name, such as your username. For a passphrase, either enter a password, or press return twice to leave it blank.
    Note: When you run ascp in FIPS mode (<fips_enabled> is set to true in aspera.conf), and you use passphrase-protected SSH keys, you must either:
    1. Use keys that are generated by running ssh-keygen in a FIPS enabled system. Or,
    2. Convert existing keys to a FIPS compatible format by using a command such as:
    # openssl pkcs8 -topk8 -v2 aes128 -in id_rsa -out new-id_rsa
  3. As the root user, make sure that the SSH key is owned by the transfer user and that proper restrictive permissions are set. SSH keys must be readable only by the key owner.
    Use the following command syntax, where username is the transfer username and id_rsa is the key pair's file name.
    chown username /home/username/.ssh/id_rsa
    chmod 600 /home/username/.ssh/id_rsa
  4. Retrieve the public key file.
    The key pair is generated to your home directory's .ssh folder.
    For example, assuming you generated the key with the default name id_rsa:

    /home/username/.ssh/id_rsa.pub

    Provide the public key file (for example, id_rsa.pub) to your server administrator so that it can be set up for your server connection. The instructions for installing the public key on the server can be found in the Setting up a user's public key on the server, however, the server might be installed on an operating system that is different from the one where your client was installed.

  5. Start a transfer by using public key authentication with the ascp command.
    To transfer files by using public key authentication on the command line, use the option -i private_key_file.
    For example,
    $ ascp -T -l 10M -m 1M  -i ~/.ssh/id_rsa  myfile.txt  jane@10.0.0.2:/space

    In this example, you are connecting to the server (10.0.0.2, directory /space) with the user account jane and the private key ~/.ssh/id_rsa.