NMT CSE Wiki

Dept. of Computer Science & Engineering

User Tools

Site Tools


commons:ssh

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
commons:ssh [2015/08/18 18:58]
ljencka
commons:ssh [2019/02/24 17:20] (current)
hashfastr [Dynamic Forwarding]
Line 1: Line 1:
 ====== SSH ====== ====== SSH ======
-Anyone with a CSE account ​can ssh into ''​login.cs.nmt.edu''​.+SSH stands for Secure Shell. It is an encrypted protocol which you can use to securely access a remote computer over the network. The CS department has a login server, ​''​login.cs.nmt.edu'' ​or ''​lovecraft.cs.nmt.edu'',​ which anyone with a [[commons:​accounts|CSE account]] can access via SSH. This allows you to work in a Linux environment from your home or laptop, which gives you access to the programming environment and tools that many of the courses in our curriculum expect you to use. 
 + 
 +When you log in via SSH, you may be shown a key fingerprint. ​ If you are, make sure it matches the ones listed below: 
 +<​code>​ 
 +lovecraft (login/​ada): ​ ECDSA: ​  ​ysSn6JRXvNBDL0J11T5UtAOhIF+pg2NrKCrx/​5p6WEE 
 +                        RSA:     ​kxF3cGAcHHtVlDPCEeM0FVnpf5hVFDLMz7Q4sSlbLBQ 
 +                        DSA:     ​EcyZqJDX8GISs3inOxxlyY5Z6lJdfkbQ9bENo6zF1L4 
 +                        ED25519: nzI/​QPxCyL5+7cplAg46DqSmID/​69icupCfWxIYBxwQ 
 +                         
 +edison ​   (hpc1): ​      ​b4:​92:​c1:​34:​3d:​ce:​f8:​d0:​e4:​ae:​74:​aa:​32:​37:​30:​96 
 +tesla     ​(hpc2): ​      ​db:​51:​d5:​39:​9a:​be:​22:​55:​51:​b8:​d7:​ca:​56:​a3:​50:​09 
 +</​code>​ 
 +**If a key does not match, inform a system administrator immediately,​ and do NOT enter your password!**
  
 On Linux or OS X you would type the following into a terminal: On Linux or OS X you would type the following into a terminal:
-<​code>​ssh ​USERNAME@login.cs.nmt.edu</​code>​+<​code ​bash>​ssh ​username@login.cs.nmt.edu</​code>​ 
 + 
 +If you're a Windows user then you can download a tool called [[http://​www.putty.org/​|putty]] with the same functionality that the command line ssh program has. 
 + 
 +If you're working on a laptop, you may also be interested in [[https://​mosh.mit.edu/​|mosh]] - Mobile Shell. It's similar to ssh in functionality,​ but is able to maintain your connection even after disconnecting from the network for a long time or reconnecting to a different network than you used to login - which happens all the time when you're on the go. 
 + 
 +==== Passwordless login using RSA Keys ==== 
 + 
 +It is also possible to use ssh to generate an RSA keypair so you can cryptographically authenticate yourself to a server without using a password. To generate ssh keys on Linux or OSX you can enter the following command: 
 +<code bash>​ssh-keygen -t rsa -b 4096 -C "​your_email@example.com"</​code>​ 
 + 
 +This will prompt you to enter a passphrase. This isn't the password to your CS account, but a cryptographic passphrase used to encrypt your key. It's possible to leave it blank for convenience,​ but better security practice to come up with a new secure password so that you need to unlock the key to use it. As long as you have your //private// key, any computer with access to your //public// key can prove that you are you and that you're are signing in from your computer. 
 + 
 +After generating keys, you can then copy your public key to your home directory with the following command: 
 +<code bash>​ssh-copy-id username@login.cs.nmt.edu</​code>​ 
 + 
 +All this does is copy the public key on your computer (stored in ''​~/​.ssh/​id_rsa.pub''​) to the login server, and adds it to the end of ''​~/​.ssh/​authorized_keys''​. If ''​ssh-copy-id''​ is not available on your system, then you can do the same thing manually: 
 + 
 +<code bash>cat ~/​.ssh/​id_rsa.pub | ssh username@login.cs.nmt.edu tee -a ~/​.ssh/​authorized_keys</​code>​ 
 + 
 +To append your key to the end of the file. 
 + 
 +==== Dynamic Forwarding ==== 
 + 
 +You can also configure ssh to use any computer you login to as a SOCKS proxy. You can use this to forward your network traffic so that it appears to be coming from the remote machine you're logged into instead of your personal computer. To do that, you can edit or create the file ''​~/​.ssh/​config''​ and add something like this: 
 + 
 +    Host cs 
 +        HostName login.cs.nmt.edu 
 +        User username 
 +        DynamicForward 5050 
 +         
 +The first three lines add a host alias for you so that you can login with ''​ssh cs''​ instead of ''​ssh username@login.cs.nmt.edu'',​ which is a lot easier to type! The last line creates a tunnel on port 5050 which you can use to redirect traffic through the computer you're signed into (our login server, in this case). What port you use doesn'​t matter, 5050 is just an example. Now you can configure a proxy on your operating system, or in your web browser ([[https://​addons.mozilla.org/​en-us/​firefox/​addon/​foxyproxy-standard/​|Foxy Proxy]] is a good tool for Firefox, [[https://​chrome.google.com/​webstore/​detail/​proxy-switchysharp/​dpplabbmogkhghncfbfdeeokoefdjegm|Proxy Switchy]] for Chrome). 
 + 
 +Regardless of the tool you're setting this up with, all you need to know is: 
 + 
 +  - The Proxy type is SOCKSv5 
 +  - The Proxy Host is ''​127.0.0.1''​ or ''​localhost'',​ which is a loopback address referring to your computer. 
 +  - The port is 5050, or any other port number as long as it matches the ''​DynamicForward''​ option in your ssh config.
  
-On Windows you can use a tool called [[http://​www.putty.org/​|putty]].+This won't be incredibly useful for most users, but it's good general information to know about how ssh works and what it can do.
commons/ssh.1439945910.txt.gz · Last modified: 2018/07/16 15:33 (external edit)