This is an old revision of the document!
SSH stands for Secure Shell. It is an encrypted protocol which you can use to securely access a remote computer over the network. The CS department has a login server,
lovecraft.cs.nmt.edu, which anyone with a CSE account can access via SSH. This allows you to work in a Linux environment from your home or laptop, which gives you access to the programming environment and tools that many of the courses in our curriculum expect you to use.
When you log in via SSH, you may be shown a key fingerprint. If you are, make sure it matches the ones listed below:
lovecraft (login/ada): 4c:c0:a4:00:68:e6:07:f2:3d:57:09:f5:20:1d:f7:e4 edison (hpc1): b4:92:c1:34:3d:ce:f8:d0:e4:ae:74:aa:32:37:30:96 tesla (hpc2): db:51:d5:39:9a:be:22:55:51:b8:d7:ca:56:a3:50:09
If a key does not match, please inform a system administrator immediately, and do NOT enter your password!
On Linux or OS X you would type the following into a terminal:
If you're a Windows user then you can download a tool called putty with the same functionality that the command line ssh program has.
If you're working on a laptop, you may also be interested in mosh - Mobile Shell. It's similar to ssh in functionality, but is able to maintain your connection even after disconnecting from the network for a long time or reconnecting to a different network than you used to login - which happens all the time when you're on the go.
It is also possible to use ssh to generate an RSA keypair so you can cryptographically authenticate yourself to a server without using a password. To generate ssh keys on Linux or OSX you can enter the following command:
ssh-keygen -t rsa -b 4096 -C "firstname.lastname@example.org"
This will prompt you to enter a passphrase. This isn't the password to your CS account, but a cryptographic passphrase used to encrypt your key. It's possible to leave it blank for convenience, but better security practice to come up with a new secure password so that you need to unlock the key to use it. As long as you have your private key, any computer with access to your public key can prove that you are you and that you're are signing in from your computer.
After generating keys, you can then copy your public key to your home directory with the following command:
All this does is copy the public key on your computer (stored in
~/.ssh/id_rsa.pub) to the login server, and adds it to the end of
ssh-copy-id is not available on your system, then you can do the same thing manually:
cat ~/.ssh/id_rsa.pub | ssh email@example.com tee -a ~/.ssh/authorized_keys
To append your key to the end of the file.
You can also configure ssh to use any computer you login to as a SOCKS proxy. You can use this to forward your network traffic so that it appears to be coming from the remote machine you're logged into instead of your personal computer. To do that, you can edit or create the file
~/.ssh/config and add something like this:
Host cs HostName ada.cs.nmt.edu User username DynamicForward 5050
The first three lines add a host alias for you so that you can login with
ssh cs instead of
ssh firstname.lastname@example.org, which is a lot easier to type! The last line creates a tunnel on port 5050 which you can use to redirect traffic through the computer you're signed into (our login server, in this case). What port you use doesn't matter, 5050 is just an example. Now you can configure a proxy on your operating system, or in your web browser (Foxy Proxy is a good tool for Firefox, Proxy Switchy for Chrome).
Regardless of the tool you're setting this up with, all you need to know is:
localhost, which is a loopback address referring to your computer.
DynamicForwardoption in your ssh config.
This won't be incredibly useful for most users, but it's good general information to know about how ssh works and what it can do.