Install faythe ssh signed-key framework on windows
For access to linux servers, we require that you use a signed SSH key. A signed key may also be used with the ssh gateway, sftp and the RunDMC module.
Initial setup and configuration
This guide assumes that you already have SSH on your target client. This comes pre-installed on Linux/Mac and is available on Windows via OpenSSH from https://github.com/PowerShell/Win32-OpenSSH/releases/latest (note this is pre-installed on University SWAE laptops)
Initial setup and configuration
Windows
We recommend that you install OpenSSH from https://github.com/PowerShell/Win32-OpenSSH/releases/latest and also that you use Windows Terminal from Microsoft.
We also recommend Powershell 7, but this will also install fine with Powershell 5.1.
Mac/Linux
These already have everything you need.
Downloading and running the installer
1. Download the faythe installer
Note, you only need do this once per-machine.
To install on windows using the standard Microsoft OpenSSH from powershell:
invoke-webrequest -uri https://www1.essex.ac.uk/it/dev/finstall.ps1 -outfile finstall.ps1
To install on Linux/Mac/Mobaxterm/WSL
wget -O finstall.sh https://www1.essex.ac.uk/it/dev/finstall.sh
2. Run the faythe installer
On windows with powershell
.\finstall.ps1
On Linux/Mac/Mobaxterm/WSL
Note, you need to do this on each machine you use, but see below about copying your keys to the second or subsequent machine before running the installer on those.
The prompts are similar for both the powershell and posix sh versions - an example windows powershell setup is shown below.
Notes:
If you are prompted about enabling ssh-agent on windows, follow what is said and then try again.
Line 6: Provide your login name (not email alias) without the @essex.ac.uk.
Lines 8 & 9: Provide and confirm a passphrase for your newly generated SSH key. You should use something secure and ensure that you keep a record of this.
Line 11: Provide your new passphrase again to add the new key to your SSH agent.
Line 19: Provide your University of Essex password.
Line 20: Provide the MFA code from the Azure authenticator for your account.
When finished, close the window and open a new one. Check that this has worked by running
If no matching alias is found, seek assistance.
Checking it is working
To check it worked, the simplest thing is to try the following in a new terminal window
This shows that you successfully got your key signed and it was used to login to mdrive.essex.ac.uk. Note that if you don’t see line 5, seek advice. Second and subsequent connections during the signed key lifetime won’t prompt for your password or Microsoft verification code.
Other information…
Moving your enrolled key to a new client device
If you get another client device, you need to copy three files from ${HOME}/.ssh to the new the same location on the new device - these are
id_ed25519_essex.ac.uk
your private key - you’ll need to know the associated passphrase - see below for lost passphrase…id_ed25519_essex.ac.uk.pub
your public keyconfig
any locally changes you might have made to your ssh configuration
Once you have these on the new device, download the appropriate script (step 1 above) and run it. You should be prompted just for your login name and key passphrase. Once complete, open a new window to use a faythe enhanced ssh configuration.
Lost ssh key passphrase when moving to a new client device
If you have lost your ssh key passphrase, ask us to delete your current enrolled key, then run the following
Then download the appropriate script (step 1 above) and run it. Once complete, open a new window to use a faythe enhanced ssh configuration.
Finally, if you used this key-pair on any other devices, copy the files ${HOME}/.ssh/id_ed25519_essex.ac.uk* back to the other devices where you use faythe. On these devices run
and give your new passphrase. They should then work fine.