Secure Shell

From Wiki | LUG@UCLA
(Redirected from SSH)
Jump to: navigation, search

>>> <<<

Secure Shell (SSH) is an Internet communication protocol used to exchange data between two computers using a secure channel.

Members can access their LUG account remotely via SSH.

Connecting to LUG servers[edit]

Note Note: in the following examples, remember to replace "user" with your actual LUG username.

From Linux[edit]

To initiate a normal SSH session from your terminal:

$ ssh

or if you want X11 forwarding (to run graphical applications such as QtOctave):

$ ssh -X
$ qtoctave

To change your LUG password, ssh into the server and run kpasswd:

$ ssh
$ passwd

To transfer files and directories, use Secure Copy: scp <from> <to>.

e.g. scp from remote to local (i.e. server to laptop):

$ scp ~/Documents
$ ls ~/Documents
... homework1.txt ...

or scp from local to remote (i.e. laptop to server):

$ scp ~/Documents/lug.jpg
$ ssh ls ~/
... lug.jpg ...

Type man ssh or man scp to see the complete manuals for these tools.

From Windows[edit]

Download the PuTTY SSH client and run it.

In the Host Name field, enter "". Now you can connect by clicking Open.

If you want to save the connection settings including the host name, you can enter "LUG" below "Saved Sessions" and click Save. Then next time you can simply double-click on LUG to connect.


If you want to change your LUG password, make sure you've SSH'd into the server, and run:

$ passwd

To transfer files from the server to your local computer or vice versa, see the section below for Windows.

GUI file management/transfer[edit]

KDE (Linux) GNOME (Linux) Windows
  1. open Dolphin
  2. Add Entry to Places panel
  3. in "Location" enter: fish://
  1. open File Manager
  2. click "Connect to Server"
  3. enter: s
  4. optionally bookmark the server
  1. Install WinSCP
  2. Type "" into "Host name"
  3. Enter your LUG username into the username field.
  4. You can choose to enter your password in the password field, or you can simply click Login and type your password inside the prompt.
    Winscp password.png

Other uses[edit]

SSH can be used to tunnel traffic for specific applications to a proxy. In particular, people often use it as a SOCKS proxy for their browser. To do that, have SSH forward a port locally:

ssh -D 12345

(In Windows, use putty to set it up from Connection->SSH->Tunnels)

Then, configure your browser to use localhost and 12345 as the SOCKS host and port.

In the extreme case, you can use SSH to simulate a VPN by routing all traffic through the SSH tunnel. sshuttle is one software that enables you to do that. For long term usage however, it's better to use an actual Virtual private network.

Authenticating using SSH keys[edit]

Instead of using a password, you can use SSH keys to authenticate with your account. This is generally more secure as long as you guard your keys well.

From Linux[edit]

Run the following interactive command to generate an SSH key pair:

$ ssh-keygen

Generating public/private rsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_rsa): <just hit enter>
Enter passphrase (empty for no passphrase): <use a non-empty passphrase>
Enter same passphrase again:
Your identification has been saved in /home/user/.ssh/id_rsa.
Your public key has been saved in /home/user/.ssh/
The key fingerprint is:
7a:15:03:8c:e6:0e:ae:06:c2:e1:8d:0a:11:b6:7e:5e user@hostname
The key's randomart image is:
+--[ RSA 2048]----+
|       o.        |
|..    o ..       |
|...  o    o      |
|.o  . .    o     |
|+.+. o  S .      |
|+= o.E.. .       |
|+.o.. . .        |
|. o.   .         |
| .               |

Note Note: use a passphrase for your key, not a password. It should contain multiple words (i.e. a phrase). Learn more about passphrases. (relevant xkcd comic)

Note Note: generate your SSH keys on your personal computer. Your private key does not belong to anybody but yourself.

Now you should have two keys: a public key at ~/.ssh/ and a corresponding private key at ~/.ssh/id_rsa. Do not share your private key with anybody. Your public key can be copied to any remote account that supports SSH and you will be able to use your private key to authenticate with it.

E.g. copy your public key to your LUG@UCLA account:

$ ssh-copy-id

Consider using ssh-agent so you don't have to type your passphrase every time you use your private key. In most modern desktop environments (e.g. GNOME, KDE) this is handled in a GUI pop-up when you first use your private key.

Type man ssh-keygen, man ssh-copy-id, or man ssh-agent to see the complete manuals for these tools.

Available software[edit]

The LUG@UCLA SSH endpoint has the following software installed:

Operating System[edit]

Debian stable

Installed Packages[edit]

Name Executable Notes
GCC gcc
Python python, python2.7, python3
OpenJDK java, javac version 6 and 7
OCaml ocaml
GNU Prolog gprolog
Racket racket for programming in Scheme
CLISP clisp for programming in Common Lisp
GNU Octave octave a full-featured alternative to MatLab
LaTeX latex, pdflatex
Vim vim
GNU Emacs emacs
Git git
Mercurial hg