Difference between revisions of "Secure Shell"

From Wiki | LUG@UCLA
Jump to: navigation, search
(add xkcd comic about passphrases)
(7 intermediate revisions by 4 users not shown)
Line 1: Line 1:
 +
>>> '''ssh.linux.ucla.edu''' <<<
 +
 
'''Secure Shell (SSH)''' is an Internet communication protocol used to exchange data between two computers using a secure channel.
 
'''Secure Shell (SSH)''' is an Internet communication protocol used to exchange data between two computers using a secure channel.
  
 
Members can access their LUG account remotely via SSH.
 
Members can access their LUG account remotely via SSH.
  
== Connecting ==
+
== Connecting to LUG servers ==
  
 
{{Note|in the following examples, remember to replace "''user''" with your actual LUG username.}}
 
{{Note|in the following examples, remember to replace "''user''" with your actual LUG username.}}
Line 11: Line 13:
 
To initiate a normal SSH session from your laptop:
 
To initiate a normal SSH session from your laptop:
  
  $ ssh user@linux.ucla.edu
+
$ ssh user@ssh.linux.ucla.edu
 +
 
 +
or if you want X11 forwarding (to run graphical applications such as QtOctave):
 +
 
 +
$ ssh -X user@ssh.linux.ucla.edu
 +
$ qtoctave
  
or if you want X11 forwarding:
+
To change your LUG password, ssh into the server and run kpasswd:
  
  $ ssh -X user@linux.ucla.edu
+
$ ssh user@ssh.linux.ucla.edu
 +
$ kpasswd
  
 
To transfer files and directories, use Secure Copy: <code>scp <from> <to></code>.
 
To transfer files and directories, use Secure Copy: <code>scp <from> <to></code>.
  
scp from remote to local (i.e. server to laptop):
+
e.g. <code>scp</code> from remote to local (i.e. server to laptop):
  
  $ scp user@linux.ucla.edu:'''~/homework1.txt''' ~/Documents
+
$ scp user@ssh.linux.ucla.edu:'''~/homework1.txt''' ~/Documents
  $ ls ~/Documents
+
$ ls ~/Documents
  ... '''homework1.txt''' ...
+
... '''homework1.txt''' ...
  
scp from local to remote (i.e. laptop to server):
+
or <code>scp</code> from local to remote (i.e. laptop to server):
  
  $ scp ~/Documents/'''lug.jpg''' user@linux.ucla.edu:~/
+
$ scp ~/Documents/'''lug.jpg''' user@ssh.linux.ucla.edu:~/
  $ ssh user@linux.ucla.edu ls ~/
+
$ ssh user@ssh.linux.ucla.edu ls ~/
  ... '''lug.jpg''' ...
+
... '''lug.jpg''' ...
  
 
Type <code>man ssh</code> or <code>man scp</code> to see the complete manuals for these tools.
 
Type <code>man ssh</code> or <code>man scp</code> to see the complete manuals for these tools.
Line 45: Line 53:
 
# Add Entry to Places panel
 
# Add Entry to Places panel
 
#: [[File:Kde_dolphin1.png|100px|caption]]
 
#: [[File:Kde_dolphin1.png|100px|caption]]
# in "Location" enter: <code>'''fish://user@linux.ucla.edu'''</code>
+
# in "Location" enter: <code>'''fish://user@ssh.linux.ucla.edu'''</code>
 
#: [[File:Kde_dolphin2.png|250px|caption]]
 
#: [[File:Kde_dolphin2.png|250px|caption]]
 
|valign="top"|
 
|valign="top"|
Line 51: Line 59:
 
# click "Connect to Server"
 
# click "Connect to Server"
 
#: [[File:GNOME_filemanager1.png|100px|caption]]
 
#: [[File:GNOME_filemanager1.png|100px|caption]]
# enter: <code>'''sftp://user@linux.ucla.edu'''</code>
+
# enter: <code>'''sftp://user@ssh.linux.ucla.edu'''</code>
 
#: [[File:GNOME_filemanager2.png|150px|caption]]
 
#: [[File:GNOME_filemanager2.png|150px|caption]]
 
# optionally bookmark the server
 
# optionally bookmark the server
Line 89: Line 97:
 
  +-----------------+
 
  +-----------------+
  
{{Note | use a passphrase for your key, not a password. It should be ''multiple words'' (i.e. a phrase). [https://en.wikipedia.org/wiki/Passphrase#Compared_to_passwords Learn more about passphrases]. ([http://xkcd.com/936/ relevant xkcd comic])}}
+
{{Note | use a passphrase for your key, not a password. It should contain ''multiple words'' (i.e. a phrase). [https://en.wikipedia.org/wiki/Passphrase#Compared_to_passwords Learn more about passphrases]. ([http://xkcd.com/936/ relevant xkcd comic])}}
  
 
{{Note | generate your SSH keys on ''your'' personal computer. Your private key does not belong to anybody but yourself.}}
 
{{Note | generate your SSH keys on ''your'' personal computer. Your private key does not belong to anybody but yourself.}}
Line 97: Line 105:
 
E.g. copy your public key to your LUG@UCLA account:
 
E.g. copy your public key to your LUG@UCLA account:
  
  $ ssh-copy-id user@linux.ucla.edu
+
  $ ssh-copy-id user@ssh.linux.ucla.edu
  
 
Consider using <code>ssh-agent</code> so you don't have to type your passphrase every time you use your private key. In most modern desktop environments (e.g. GNOME, KDE) this is handled in a GUI pop-up when you first use your private key.
 
Consider using <code>ssh-agent</code> so you don't have to type your passphrase every time you use your private key. In most modern desktop environments (e.g. GNOME, KDE) this is handled in a GUI pop-up when you first use your private key.
Line 118: Line 126:
 
|[http://gcc.gnu.org/ GCC] || <code>gcc</code> ||
 
|[http://gcc.gnu.org/ GCC] || <code>gcc</code> ||
 
|-
 
|-
|[http://www.python.org/ Python] || <code>python</code>||
+
|[http://www.python.org/ Python] || <code>python</code>, <code>python2.7</code>, <code>python3</code>||
 
|-
 
|-
 
|[http://openjdk.java.net/ OpenJDK] || <code>java</code>, <code>javac</code> || version 6 ''and'' 7
 
|[http://openjdk.java.net/ OpenJDK] || <code>java</code>, <code>javac</code> || version 6 ''and'' 7

Revision as of 22:57, 17 November 2013

>>> ssh.linux.ucla.edu <<<

Secure Shell (SSH) is an Internet communication protocol used to exchange data between two computers using a secure channel.

Members can access their LUG account remotely via SSH.

Connecting to LUG servers

Note Note: in the following examples, remember to replace "user" with your actual LUG username.

From the terminal

To initiate a normal SSH session from your laptop:

$ ssh user@ssh.linux.ucla.edu

or if you want X11 forwarding (to run graphical applications such as QtOctave):

$ ssh -X user@ssh.linux.ucla.edu
$ qtoctave

To change your LUG password, ssh into the server and run kpasswd:

$ ssh user@ssh.linux.ucla.edu
$ kpasswd

To transfer files and directories, use Secure Copy: scp <from> <to>.

e.g. scp from remote to local (i.e. server to laptop):

$ scp user@ssh.linux.ucla.edu:~/homework1.txt ~/Documents
$ ls ~/Documents
... homework1.txt ...

or scp from local to remote (i.e. laptop to server):

$ scp ~/Documents/lug.jpg user@ssh.linux.ucla.edu:~/
$ ssh user@ssh.linux.ucla.edu ls ~/
... lug.jpg ...

Type man ssh or man scp to see the complete manuals for these tools.

From the GUI

KDE (Linux) GNOME (Linux) Windows Mac
  1. open Dolphin
  2. Add Entry to Places panel
    caption
  3. in "Location" enter: fish://user@ssh.linux.ucla.edu
    caption
  1. open File Manager
  2. click "Connect to Server"
    caption
  3. enter: sftp://user@ssh.linux.ucla.edu
    caption
  4. optionally bookmark the server
    caption
  •  ???

Using SSH keys

Instead of using a password, you can use SSH keys to authenticate with your account.

Run the following interactive command to generate an SSH key pair:

$ ssh-keygen

Generating public/private rsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_rsa): <just hit enter>
Enter passphrase (empty for no passphrase): <use a non-empty passphrase>
Enter same passphrase again:
Your identification has been saved in /home/user/.ssh/id_rsa.
Your public key has been saved in /home/user/.ssh/id_rsa.pub.
The key fingerprint is:
7a:15:03:8c:e6:0e:ae:06:c2:e1:8d:0a:11:b6:7e:5e user@hostname
The key's randomart image is:
+--[ RSA 2048]----+
|       o.        |
|..    o ..       |
|...  o    o      |
|.o  . .    o     |
|+.+. o  S .      |
|+= o.E.. .       |
|+.o.. . .        |
|. o.   .         |
| .               |
+-----------------+

Note Note: use a passphrase for your key, not a password. It should contain multiple words (i.e. a phrase). Learn more about passphrases. (relevant xkcd comic)

Note Note: generate your SSH keys on your personal computer. Your private key does not belong to anybody but yourself.

Now you should have two keys: a public key at ~/.ssh/id_rsa.pub and a corresponding private key at ~/.ssh/id_rsa. Do not share your private key with anybody. Your public key can be copied to any remote account that supports SSH and you will be able to use your private key to authenticate with it.

E.g. copy your public key to your LUG@UCLA account:

$ ssh-copy-id user@ssh.linux.ucla.edu

Consider using ssh-agent so you don't have to type your passphrase every time you use your private key. In most modern desktop environments (e.g. GNOME, KDE) this is handled in a GUI pop-up when you first use your private key.

Type man ssh-keygen, man ssh-copy-id, or man ssh-agent to see the complete manuals for these tools.

Available software

The LUG@UCLA SSH endpoint has the following software installed:

Operating System

Debian stable

Installed Packages

Name Executable Notes
GCC gcc
Python python, python2.7, python3
OpenJDK java, javac version 6 and 7
OCaml ocaml
GNU Prolog gprolog
Racket racket for programming in Scheme
CLISP clisp for programming in Common Lisp
GNU Octave octave a full-featured alternative to MatLab
LaTeX latex, pdflatex
Vim vim
GNU Emacs emacs
Git git
Mercurial hg