NMT CSE Wiki

Dept. of Computer Science & Engineering

User Tools

Site Tools


commons:ssh

SSH

SSH stands for Secure Shell. It is an encrypted protocol which you can use to securely access a remote computer over the network. The CS department has a login server, login.cs.nmt.edu or lovecraft.cs.nmt.edu, which anyone with a CSE account can access via SSH. This allows you to work in a Linux environment from your home or laptop, which gives you access to the programming environment and tools that many of the courses in our curriculum expect you to use.

When you log in via SSH, you may be shown a key fingerprint. If you are, make sure it matches the ones listed below:

lovecraft (login/ada):  ECDSA:   ysSn6JRXvNBDL0J11T5UtAOhIF+pg2NrKCrx/5p6WEE
                        RSA:     kxF3cGAcHHtVlDPCEeM0FVnpf5hVFDLMz7Q4sSlbLBQ
                        DSA:     EcyZqJDX8GISs3inOxxlyY5Z6lJdfkbQ9bENo6zF1L4
                        ED25519: nzI/QPxCyL5+7cplAg46DqSmID/69icupCfWxIYBxwQ
                        
                        ####################### md5 ########################
                        
                        ECDSA:   2d:a7:36:0d:7f:6e:32:05:91:92:13:43:f1:5d:c1:0a
                        RSA:     63:65:13:95:a9:d7:3d:ad:7f:5d:4c:c7:d6:fe:45:2f
                        DSA:     21:f4:54:2b:71:ce:a0:9d:ad:fd:49:1b:ad:84:14:35
                        ED25519: 50:13:c8:5f:fd:f9:f3:f2:9c:42:6c:81:65:ef:e2:54                        
                        
edison    (hpc1):       b4:92:c1:34:3d:ce:f8:d0:e4:ae:74:aa:32:37:30:96
tesla     (hpc2):       db:51:d5:39:9a:be:22:55:51:b8:d7:ca:56:a3:50:09

If a key does not match, inform a system administrator immediately, and do NOT enter your password!

On Linux or OS X you would type the following into a terminal:

ssh username@login.cs.nmt.edu

If you're a Windows user then you can download a tool called putty with the same functionality that the command line ssh program has.

If you're working on a laptop, you may also be interested in mosh - Mobile Shell. It's similar to ssh in functionality, but is able to maintain your connection even after disconnecting from the network for a long time or reconnecting to a different network than you used to login - which happens all the time when you're on the go.

Passwordless login using RSA Keys

It is also possible to use ssh to generate an RSA keypair so you can cryptographically authenticate yourself to a server without using a password. To generate ssh keys on Linux or OSX you can enter the following command:

ssh-keygen -t rsa -b 4096 -C "your_email@example.com"

This will prompt you to enter a passphrase. This isn't the password to your CS account, but a cryptographic passphrase used to encrypt your key. It's possible to leave it blank for convenience, but better security practice to come up with a new secure password so that you need to unlock the key to use it. As long as you have your private key, any computer with access to your public key can prove that you are you and that you're are signing in from your computer.

After generating keys, you can then copy your public key to your home directory with the following command:

ssh-copy-id username@login.cs.nmt.edu

All this does is copy the public key on your computer (stored in ~/.ssh/id_rsa.pub) to the login server, and adds it to the end of ~/.ssh/authorized_keys. If ssh-copy-id is not available on your system, then you can do the same thing manually:

cat ~/.ssh/id_rsa.pub | ssh username@login.cs.nmt.edu tee -a ~/.ssh/authorized_keys

To append your key to the end of the file.

Dynamic Forwarding

You can also configure ssh to use any computer you login to as a SOCKS proxy. You can use this to forward your network traffic so that it appears to be coming from the remote machine you're logged into instead of your personal computer. To do that, you can run the following command:

ssh -D 1337 -q -C -N username@login.cs.nmt.edu

The command will hang (not show any output and not quit), so just minimize the terminal or move it to another workspace. Then you can configure your browser to use the SOCKS proxy by configuring the networking settings as such:

  1. Proxy type: SOCKSv5
  2. Proxy Host: 127.0.0.1 or localhost
  3. Proxy port: 1337

If need be you can change the port number by replacing the number following the -D flag to another number.

For example, on Firefox go to preferences → network settings and select manual proxy configuration and put HTTP Proxy as localhost port 1337, and the same for the SOCKS host.

This won't be incredibly useful for most users, but it's good general information to know about how ssh works and what it can do.

commons/ssh.txt · Last modified: 2021/01/08 19:27 by hashfastr