ssh ssh is “secure shell” secure, compressed, widely supported, fast allows both users to get...
TRANSCRIPT
![Page 1: SSH SSH is “Secure SHell” Secure, compressed, widely supported, fast Allows both users to get jobs done, and also allows system administrators to sleep](https://reader035.vdocuments.net/reader035/viewer/2022062312/551ad1db55034656628b616e/html5/thumbnails/1.jpg)
SSH
• SSH is “Secure SHell”• Secure, compressed, widely supported, fast• Allows both users to get jobs done, and also
allows system administrators to sleep at night• Clients for every platform
![Page 2: SSH SSH is “Secure SHell” Secure, compressed, widely supported, fast Allows both users to get jobs done, and also allows system administrators to sleep](https://reader035.vdocuments.net/reader035/viewer/2022062312/551ad1db55034656628b616e/html5/thumbnails/2.jpg)
What SSH can do
• Allows you to remotely log into systems and run commands
• Forward traffic over the SSH link (tunnel)• Copy files• Run commands without logging in
![Page 3: SSH SSH is “Secure SHell” Secure, compressed, widely supported, fast Allows both users to get jobs done, and also allows system administrators to sleep](https://reader035.vdocuments.net/reader035/viewer/2022062312/551ad1db55034656628b616e/html5/thumbnails/3.jpg)
SSH basics
![Page 4: SSH SSH is “Secure SHell” Secure, compressed, widely supported, fast Allows both users to get jobs done, and also allows system administrators to sleep](https://reader035.vdocuments.net/reader035/viewer/2022062312/551ad1db55034656628b616e/html5/thumbnails/4.jpg)
SSH basics
![Page 5: SSH SSH is “Secure SHell” Secure, compressed, widely supported, fast Allows both users to get jobs done, and also allows system administrators to sleep](https://reader035.vdocuments.net/reader035/viewer/2022062312/551ad1db55034656628b616e/html5/thumbnails/5.jpg)
SSH basics
![Page 6: SSH SSH is “Secure SHell” Secure, compressed, widely supported, fast Allows both users to get jobs done, and also allows system administrators to sleep](https://reader035.vdocuments.net/reader035/viewer/2022062312/551ad1db55034656628b616e/html5/thumbnails/6.jpg)
Problems already
1. Always have to type my username in2. Always have to type in full hostname3. Always have to type in my password
![Page 7: SSH SSH is “Secure SHell” Secure, compressed, widely supported, fast Allows both users to get jobs done, and also allows system administrators to sleep](https://reader035.vdocuments.net/reader035/viewer/2022062312/551ad1db55034656628b616e/html5/thumbnails/7.jpg)
Problems already
• Default behaviour– Tries to connect to remote server using the
username of your current logged in user– This can be problematic, especially for Macs– Uses the domain name of your local machine (so
can’t ssh ui from everywhere in world)
![Page 8: SSH SSH is “Secure SHell” Secure, compressed, widely supported, fast Allows both users to get jobs done, and also allows system administrators to sleep](https://reader035.vdocuments.net/reader035/viewer/2022062312/551ad1db55034656628b616e/html5/thumbnails/8.jpg)
Problem solved
You can override default behaviour by using a config file in your home directory– location is ~/.ssh/config
![Page 9: SSH SSH is “Secure SHell” Secure, compressed, widely supported, fast Allows both users to get jobs done, and also allows system administrators to sleep](https://reader035.vdocuments.net/reader035/viewer/2022062312/551ad1db55034656628b616e/html5/thumbnails/9.jpg)
Problem solved
1. Username
![Page 10: SSH SSH is “Secure SHell” Secure, compressed, widely supported, fast Allows both users to get jobs done, and also allows system administrators to sleep](https://reader035.vdocuments.net/reader035/viewer/2022062312/551ad1db55034656628b616e/html5/thumbnails/10.jpg)
Problem solved
1. Username
Helps because Physics blocks/bans your IP address if you try connecting incorrectly more than 5 times
• common cause of this is wrong username
![Page 11: SSH SSH is “Secure SHell” Secure, compressed, widely supported, fast Allows both users to get jobs done, and also allows system administrators to sleep](https://reader035.vdocuments.net/reader035/viewer/2022062312/551ad1db55034656628b616e/html5/thumbnails/11.jpg)
Problem solved
2. Full hostname
![Page 12: SSH SSH is “Secure SHell” Secure, compressed, widely supported, fast Allows both users to get jobs done, and also allows system administrators to sleep](https://reader035.vdocuments.net/reader035/viewer/2022062312/551ad1db55034656628b616e/html5/thumbnails/12.jpg)
Problem solved
3. Password
![Page 13: SSH SSH is “Secure SHell” Secure, compressed, widely supported, fast Allows both users to get jobs done, and also allows system administrators to sleep](https://reader035.vdocuments.net/reader035/viewer/2022062312/551ad1db55034656628b616e/html5/thumbnails/13.jpg)
![Page 14: SSH SSH is “Secure SHell” Secure, compressed, widely supported, fast Allows both users to get jobs done, and also allows system administrators to sleep](https://reader035.vdocuments.net/reader035/viewer/2022062312/551ad1db55034656628b616e/html5/thumbnails/14.jpg)
Problem solved
5.•Create private/public key pair (ssh-keygen)•Upload public key to remote server (ssh-copy-id)•Unlock private key (ssh-add)•SSH using keypair
– Perfect for automated jobs and scripts!– Won’t work with lxplus– Make sure you password protect your SSH private key– Keep private key secure!
![Page 15: SSH SSH is “Secure SHell” Secure, compressed, widely supported, fast Allows both users to get jobs done, and also allows system administrators to sleep](https://reader035.vdocuments.net/reader035/viewer/2022062312/551ad1db55034656628b616e/html5/thumbnails/15.jpg)
Other config options
• Wildcards and regex is allowed– e.g. Host * and Host *.ph.unimelb.edu.au will
both work– Note that it reads the file from top down, and
stops at the first entry that matches
![Page 16: SSH SSH is “Secure SHell” Secure, compressed, widely supported, fast Allows both users to get jobs done, and also allows system administrators to sleep](https://reader035.vdocuments.net/reader035/viewer/2022062312/551ad1db55034656628b616e/html5/thumbnails/16.jpg)
Background of network in Physics
• ui.atlas.unimelb.edu.au -> Tier 3 log in node– restricted to hosts on AARNet network (uni’s)
• baker.ph.unimelb.edu.au -> School of Physics SSH gateway– accessible anywhere
• All other hosts– firewalled (inaccessible)– May think that this restricts you....
![Page 17: SSH SSH is “Secure SHell” Secure, compressed, widely supported, fast Allows both users to get jobs done, and also allows system administrators to sleep](https://reader035.vdocuments.net/reader035/viewer/2022062312/551ad1db55034656628b616e/html5/thumbnails/17.jpg)
SSH forwarding
• When you ssh, it opens a persistent connection with SSH server
• We can use this connection to make other traffic travel “through” it– e.g. VNC, NX, SSH, web, files
• SSH will secure this traffic too! (basis for things like TOR and VPN)
![Page 18: SSH SSH is “Secure SHell” Secure, compressed, widely supported, fast Allows both users to get jobs done, and also allows system administrators to sleep](https://reader035.vdocuments.net/reader035/viewer/2022062312/551ad1db55034656628b616e/html5/thumbnails/18.jpg)
SSH forwarding
ssh –L localport:otherhost:otherhostport username@server
![Page 19: SSH SSH is “Secure SHell” Secure, compressed, widely supported, fast Allows both users to get jobs done, and also allows system administrators to sleep](https://reader035.vdocuments.net/reader035/viewer/2022062312/551ad1db55034656628b616e/html5/thumbnails/19.jpg)
SSH forwarding
![Page 20: SSH SSH is “Secure SHell” Secure, compressed, widely supported, fast Allows both users to get jobs done, and also allows system administrators to sleep](https://reader035.vdocuments.net/reader035/viewer/2022062312/551ad1db55034656628b616e/html5/thumbnails/20.jpg)
SSH forwarding
• Connections to local port 2222 get redirected over SSH to remote ssh server, which then redirects to port 22 on ui.atlas.unimelb.edu.au– perfect for SSH’ing “directly” to UI, or for copying
files from “non-Uni” places
![Page 21: SSH SSH is “Secure SHell” Secure, compressed, widely supported, fast Allows both users to get jobs done, and also allows system administrators to sleep](https://reader035.vdocuments.net/reader035/viewer/2022062312/551ad1db55034656628b616e/html5/thumbnails/21.jpg)
SSH forwarding
![Page 22: SSH SSH is “Secure SHell” Secure, compressed, widely supported, fast Allows both users to get jobs done, and also allows system administrators to sleep](https://reader035.vdocuments.net/reader035/viewer/2022062312/551ad1db55034656628b616e/html5/thumbnails/22.jpg)
SSH forwarding
• Original connection must be still open! (i.e. can’t close window or disconnect)
• Can do funky stuff, like be a “catch all” forwarder, for things like web
(investigate the –D option in ssh and SOCKS proxy)
![Page 23: SSH SSH is “Secure SHell” Secure, compressed, widely supported, fast Allows both users to get jobs done, and also allows system administrators to sleep](https://reader035.vdocuments.net/reader035/viewer/2022062312/551ad1db55034656628b616e/html5/thumbnails/23.jpg)
NX
• X is the graphical display manager in Linux• It is bulky, and insecure over network• Can forward this display using NX
(NoMachine)• Heavily compresses data, making it easier to
display overseas/at home
![Page 24: SSH SSH is “Secure SHell” Secure, compressed, widely supported, fast Allows both users to get jobs done, and also allows system administrators to sleep](https://reader035.vdocuments.net/reader035/viewer/2022062312/551ad1db55034656628b616e/html5/thumbnails/24.jpg)
NX
• For Melbourne, baker[1-6] have NX servers• From home, port forward to port 22 on
baker[1-6] through baker.ph.unimelb.edu.au• Use NX client (http://www.nomachine.com/)
to connect to forwarded port
![Page 25: SSH SSH is “Secure SHell” Secure, compressed, widely supported, fast Allows both users to get jobs done, and also allows system administrators to sleep](https://reader035.vdocuments.net/reader035/viewer/2022062312/551ad1db55034656628b616e/html5/thumbnails/25.jpg)