NMT CSE Wiki

Dept. of Computer Science & Engineering

User Tools

Site Tools


commons:ssh

This is an old revision of the document!


SSH

SSH stands for Secure Shell. It is an encrypted protocol which you can use to securely access a remote computer over the network. The CS department has a login server, login.cs.nmt.edu or lovecraft.cs.nmt.edu, which anyone with a CSE account can access via SSH. This allows you to work in a Linux environment from your home or laptop, which gives you access to the programming environment and tools that many of the courses in our curriculum expect you to use.

When you log in via SSH, you may be shown a key fingerprint. If you are, make sure it matches the ones listed below:

lovecraft (login/ada):  ECDSA:   ysSn6JRXvNBDL0J11T5UtAOhIF+pg2NrKCrx/5p6WEE
                        RSA:     kxF3cGAcHHtVlDPCEeM0FVnpf5hVFDLMz7Q4sSlbLBQ
                        DSA:     EcyZqJDX8GISs3inOxxlyY5Z6lJdfkbQ9bENo6zF1L4
                        ED25519: nzI/QPxCyL5+7cplAg46DqSmID/69icupCfWxIYBxwQ
                        
edison    (hpc1):       b4:92:c1:34:3d:ce:f8:d0:e4:ae:74:aa:32:37:30:96
tesla     (hpc2):       db:51:d5:39:9a:be:22:55:51:b8:d7:ca:56:a3:50:09

If a key does not match, inform a system administrator immediately, and do NOT enter your password!

On Linux or OS X you would type the following into a terminal:

ssh username@login.cs.nmt.edu

If you're a Windows user then you can download a tool called putty with the same functionality that the command line ssh program has.

If you're working on a laptop, you may also be interested in mosh - Mobile Shell. It's similar to ssh in functionality, but is able to maintain your connection even after disconnecting from the network for a long time or reconnecting to a different network than you used to login - which happens all the time when you're on the go.

Passwordless login using RSA Keys

It is also possible to use ssh to generate an RSA keypair so you can cryptographically authenticate yourself to a server without using a password. To generate ssh keys on Linux or OSX you can enter the following command:

ssh-keygen -t rsa -b 4096 -C "your_email@example.com"

This will prompt you to enter a passphrase. This isn't the password to your CS account, but a cryptographic passphrase used to encrypt your key. It's possible to leave it blank for convenience, but better security practice to come up with a new secure password so that you need to unlock the key to use it. As long as you have your private key, any computer with access to your public key can prove that you are you and that you're are signing in from your computer.

After generating keys, you can then copy your public key to your home directory with the following command:

ssh-copy-id username@login.cs.nmt.edu

All this does is copy the public key on your computer (stored in ~/.ssh/id_rsa.pub) to the login server, and adds it to the end of ~/.ssh/authorized_keys. If ssh-copy-id is not available on your system, then you can do the same thing manually:

cat ~/.ssh/id_rsa.pub | ssh username@login.cs.nmt.edu tee -a ~/.ssh/authorized_keys

To append your key to the end of the file.

Dynamic Forwarding

You can also configure ssh to use any computer you login to as a SOCKS proxy. You can use this to forward your network traffic so that it appears to be coming from the remote machine you're logged into instead of your personal computer. To do that, you can edit or create the file ~/.ssh/config and add something like this:

  Host cs
      HostName ada.cs.nmt.edu
      User username
      DynamicForward 5050
      

The first three lines add a host alias for you so that you can login with ssh cs instead of ssh username@ada.cs.nmt.edu, which is a lot easier to type! The last line creates a tunnel on port 5050 which you can use to redirect traffic through the computer you're signed into (our login server, in this case). What port you use doesn't matter, 5050 is just an example. Now you can configure a proxy on your operating system, or in your web browser (Foxy Proxy is a good tool for Firefox, Proxy Switchy for Chrome).

Regardless of the tool you're setting this up with, all you need to know is:

  1. The Proxy type is SOCKSv5
  2. The Proxy Host is 127.0.0.1 or localhost, which is a loopback address referring to your computer.
  3. The port is 5050, or any other port number as long as it matches the DynamicForward option in your ssh config.

This won't be incredibly useful for most users, but it's good general information to know about how ssh works and what it can do.

commons/ssh.1537674752.txt.gz · Last modified: 2018/09/22 21:52 by tristan