Difference between revisions of "Secure Shell"

From Wiki | LUG@UCLA
Jump to: navigation, search
(36 intermediate revisions by 8 users not shown)
Line 1: Line 1:
 +
>>> '''ssh.linux.ucla.edu''' <<<
 +
 +
'''Secure Shell (SSH)''' is an Internet communication protocol used to exchange data between two computers using a secure channel.
 +
 
Members can access their LUG account remotely via SSH.
 
Members can access their LUG account remotely via SSH.
  
== Connecting ==
+
== Connecting to LUG servers ==
  
{{Note|in the following examples, remember to replace "'''user'''" with your actual LUG username.}}
+
{{Note|in the following examples, remember to replace "''user''" with your actual LUG username.}}
  
 
=== From the terminal ===
 
=== From the terminal ===
  
To initiate a normal SSH session:
+
To initiate a normal SSH session from your laptop:
  
  $ ssh user@linux.ucla.edu
+
$ ssh user@ssh.linux.ucla.edu
  
or if you want X forwarding:
+
or if you want X11 forwarding (to run graphical applications such as QtOctave):
  
  $ ssh -X user@linux.ucla.edu
+
$ ssh -X user@ssh.linux.ucla.edu
 +
$ qtoctave
  
To transfer files, use <code>scp</code>:
+
To change your LUG password, ssh into the server and run kpasswd:
  
  $ scp user@linux.ucla.edu:'''homework1.txt''' ~/Documents
+
$ ssh user@ssh.linux.ucla.edu
  $ ls ~/Documents
+
$ kpasswd
  ... '''homework1.txt''' ...
+
 
 +
To transfer files and directories, use Secure Copy: <code>scp <from> <to></code>.
 +
 
 +
e.g. <code>scp</code> from remote to local (i.e. server to laptop):
 +
 
 +
$ scp user@ssh.linux.ucla.edu:'''~/homework1.txt''' ~/Documents
 +
$ ls ~/Documents
 +
... '''homework1.txt''' ...
 +
 
 +
or <code>scp</code> from local to remote (i.e. laptop to server):
 +
 
 +
$ scp ~/Documents/'''lug.jpg''' user@ssh.linux.ucla.edu:~/
 +
$ ssh user@ssh.linux.ucla.edu ls ~/
 +
... '''lug.jpg''' ...
 +
 
 +
Type <code>man ssh</code> or <code>man scp</code> to see the complete manuals for these tools.
  
 
=== From the GUI ===
 
=== From the GUI ===
Line 27: Line 47:
 
!GNOME (Linux)
 
!GNOME (Linux)
 
!Windows
 
!Windows
!Macintosh
+
!Mac
 
|-
 
|-
|
+
|valign="top"|
 
# open Dolphin
 
# open Dolphin
 
# Add Entry to Places panel
 
# Add Entry to Places panel
 
#: [[File:Kde_dolphin1.png|100px|caption]]
 
#: [[File:Kde_dolphin1.png|100px|caption]]
# in "Location" enter: <code>'''fish://user@linux.ucla.edu'''</code>
+
# in "Location" enter: <code>'''fish://user@ssh.linux.ucla.edu'''</code>
 
#: [[File:Kde_dolphin2.png|250px|caption]]
 
#: [[File:Kde_dolphin2.png|250px|caption]]
 
+
|valign="top"|
|
+
 
# open File Manager
 
# open File Manager
 
# click "Connect to Server"
 
# click "Connect to Server"
 
#: [[File:GNOME_filemanager1.png|100px|caption]]
 
#: [[File:GNOME_filemanager1.png|100px|caption]]
# enter: <code>'''sftp://user@linux.ucla.edu'''</code>
+
# enter: <code>'''sftp://user@ssh.linux.ucla.edu'''</code>
 
#: [[File:GNOME_filemanager2.png|150px|caption]]
 
#: [[File:GNOME_filemanager2.png|150px|caption]]
 
# optionally bookmark the server
 
# optionally bookmark the server
 
#: [[File:GNOME_filemanager3.png|150px|caption]]
 
#: [[File:GNOME_filemanager3.png|150px|caption]]
|install [http://winscp.net/eng/index.php WinSCP]
+
|valign="top"|
|???
+
* install [http://winscp.net/eng/index.php WinSCP]
 +
|valign="top"|
 +
* ???
 
|}
 
|}
 +
 +
=== Using SSH keys ===
 +
Instead of using a password, you can use SSH keys to authenticate with your account.
 +
 +
Run the following interactive command to generate an SSH key pair:
 +
 +
$ ssh-keygen
 +
 +
Generating public/private rsa key pair.
 +
Enter file in which to save the key (/home/user/.ssh/id_rsa): '''<just hit enter>'''
 +
Enter passphrase (empty for no passphrase): '''<use a non-empty pass''phrase''>'''
 +
Enter same passphrase again:
 +
Your identification has been saved in /home/user/.ssh/id_rsa.
 +
Your public key has been saved in /home/user/.ssh/id_rsa.pub.
 +
The key fingerprint is:
 +
7a:15:03:8c:e6:0e:ae:06:c2:e1:8d:0a:11:b6:7e:5e user@hostname
 +
The key's randomart image is:
 +
+--[ RSA 2048]----+
 +
|      o.        |
 +
|..    o ..      |
 +
|...  o    o      |
 +
|.o  . .    o    |
 +
|+.+. o  S .      |
 +
|+= o.E.. .      |
 +
|+.o.. . .        |
 +
|. o.  .        |
 +
| .              |
 +
+-----------------+
 +
 +
{{Note | use a passphrase for your key, not a password. It should contain ''multiple words'' (i.e. a phrase). [https://en.wikipedia.org/wiki/Passphrase#Compared_to_passwords Learn more about passphrases]. ([http://xkcd.com/936/ relevant xkcd comic])}}
 +
 +
{{Note | generate your SSH keys on ''your'' personal computer. Your private key does not belong to anybody but yourself.}}
 +
 +
Now you should have two keys: a public key at <code>~/.ssh/id_rsa.pub</code> and a corresponding private key at <code>~/.ssh/id_rsa</code>. Do not share your private key with anybody. Your public key can be copied to any remote account that supports SSH and you will be able to use your private key to authenticate with it.
 +
 +
E.g. copy your public key to your LUG@UCLA account:
 +
 +
$ ssh-copy-id user@ssh.linux.ucla.edu
 +
 +
Consider using <code>ssh-agent</code> so you don't have to type your passphrase every time you use your private key. In most modern desktop environments (e.g. GNOME, KDE) this is handled in a GUI pop-up when you first use your private key.
 +
 +
Type <code>man ssh-keygen</code>, <code>man ssh-copy-id</code>, or <code>man ssh-agent</code> to see the complete manuals for these tools.
  
 
== Available software ==
 
== Available software ==
 +
 +
The LUG@UCLA SSH endpoint has the following software installed:
  
 
=== Operating System ===
 
=== Operating System ===
Line 61: Line 126:
 
|[http://gcc.gnu.org/ GCC] || <code>gcc</code> ||
 
|[http://gcc.gnu.org/ GCC] || <code>gcc</code> ||
 
|-
 
|-
|[http://www.python.org/ Python] || <code>python</code>||
+
|[http://www.python.org/ Python] || <code>python</code>, <code>python2.7</code>, <code>python3</code>||
 
|-
 
|-
|[http://openjdk.java.net/ OpenJDK] || <code>java</code> || version 6
+
|[http://openjdk.java.net/ OpenJDK] || <code>java</code>, <code>javac</code> || version 6 ''and'' 7
 
|-
 
|-
 
|[http://ocaml.org/ OCaml] || <code>ocaml</code> ||
 
|[http://ocaml.org/ OCaml] || <code>ocaml</code> ||
Line 75: Line 140:
 
|[http://www.gnu.org/software/octave/ GNU Octave] || <code>octave</code> || a full-featured alternative to MatLab
 
|[http://www.gnu.org/software/octave/ GNU Octave] || <code>octave</code> || a full-featured alternative to MatLab
 
|-
 
|-
|[http://www.latex-project.org/ LaTeX] || <code>latex</code>, <code>pdflatex</code> || document creation ''done right''
+
|[http://www.latex-project.org/ LaTeX] || <code>latex</code>, <code>pdflatex</code> ||
 
|-
 
|-
|[http://www.vim.org/ Vim] || <code>vim</code> || the ''most'' powerful text editor
+
|[http://www.vim.org/ Vim] || <code>vim</code> ||
 
|-
 
|-
|[http://www.gnu.org/software/emacs/ Emacs] || <code>emacs</code> || the ''most'' powerful text editor
+
|[http://www.gnu.org/software/emacs/ GNU Emacs] || <code>emacs</code> ||
 
|-
 
|-
 
|[http://git-scm.com/ Git] || <code>git</code> ||
 
|[http://git-scm.com/ Git] || <code>git</code> ||

Revision as of 23:57, 17 November 2013

>>> ssh.linux.ucla.edu <<<

Secure Shell (SSH) is an Internet communication protocol used to exchange data between two computers using a secure channel.

Members can access their LUG account remotely via SSH.

Connecting to LUG servers

Note Note: in the following examples, remember to replace "user" with your actual LUG username.

From the terminal

To initiate a normal SSH session from your laptop:

$ ssh user@ssh.linux.ucla.edu

or if you want X11 forwarding (to run graphical applications such as QtOctave):

$ ssh -X user@ssh.linux.ucla.edu
$ qtoctave

To change your LUG password, ssh into the server and run kpasswd:

$ ssh user@ssh.linux.ucla.edu
$ kpasswd

To transfer files and directories, use Secure Copy: scp <from> <to>.

e.g. scp from remote to local (i.e. server to laptop):

$ scp user@ssh.linux.ucla.edu:~/homework1.txt ~/Documents
$ ls ~/Documents
... homework1.txt ...

or scp from local to remote (i.e. laptop to server):

$ scp ~/Documents/lug.jpg user@ssh.linux.ucla.edu:~/
$ ssh user@ssh.linux.ucla.edu ls ~/
... lug.jpg ...

Type man ssh or man scp to see the complete manuals for these tools.

From the GUI

KDE (Linux) GNOME (Linux) Windows Mac
  1. open Dolphin
  2. Add Entry to Places panel
    caption
  3. in "Location" enter: fish://user@ssh.linux.ucla.edu
    caption
  1. open File Manager
  2. click "Connect to Server"
    caption
  3. enter: sftp://user@ssh.linux.ucla.edu
    caption
  4. optionally bookmark the server
    caption
  •  ???

Using SSH keys

Instead of using a password, you can use SSH keys to authenticate with your account.

Run the following interactive command to generate an SSH key pair:

$ ssh-keygen

Generating public/private rsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_rsa): <just hit enter>
Enter passphrase (empty for no passphrase): <use a non-empty passphrase>
Enter same passphrase again:
Your identification has been saved in /home/user/.ssh/id_rsa.
Your public key has been saved in /home/user/.ssh/id_rsa.pub.
The key fingerprint is:
7a:15:03:8c:e6:0e:ae:06:c2:e1:8d:0a:11:b6:7e:5e user@hostname
The key's randomart image is:
+--[ RSA 2048]----+
|       o.        |
|..    o ..       |
|...  o    o      |
|.o  . .    o     |
|+.+. o  S .      |
|+= o.E.. .       |
|+.o.. . .        |
|. o.   .         |
| .               |
+-----------------+

Note Note: use a passphrase for your key, not a password. It should contain multiple words (i.e. a phrase). Learn more about passphrases. (relevant xkcd comic)

Note Note: generate your SSH keys on your personal computer. Your private key does not belong to anybody but yourself.

Now you should have two keys: a public key at ~/.ssh/id_rsa.pub and a corresponding private key at ~/.ssh/id_rsa. Do not share your private key with anybody. Your public key can be copied to any remote account that supports SSH and you will be able to use your private key to authenticate with it.

E.g. copy your public key to your LUG@UCLA account:

$ ssh-copy-id user@ssh.linux.ucla.edu

Consider using ssh-agent so you don't have to type your passphrase every time you use your private key. In most modern desktop environments (e.g. GNOME, KDE) this is handled in a GUI pop-up when you first use your private key.

Type man ssh-keygen, man ssh-copy-id, or man ssh-agent to see the complete manuals for these tools.

Available software

The LUG@UCLA SSH endpoint has the following software installed:

Operating System

Debian stable

Installed Packages

Name Executable Notes
GCC gcc
Python python, python2.7, python3
OpenJDK java, javac version 6 and 7
OCaml ocaml
GNU Prolog gprolog
Racket racket for programming in Scheme
CLISP clisp for programming in Common Lisp
GNU Octave octave a full-featured alternative to MatLab
LaTeX latex, pdflatex
Vim vim
GNU Emacs emacs
Git git
Mercurial hg