This shows you the differences between two versions of the page.
Next revision | Previous revision Next revision Both sides next revision | ||
other:ssh [2020/07/08 10:28] jypeter created |
other:ssh [2020/07/08 21:56] jypeter [Configuration files] |
||
---|---|---|---|
Line 13: | Line 13: | ||
* More precisely ''ssh'' is an //SSH client// using the //SSH protocol// | * More precisely ''ssh'' is an //SSH client// using the //SSH protocol// | ||
- | * We assume below that you have a ''my_login'' account on the remote ''some_server'' computer, and you know your password | + | * We assume below that you have a ''my_login'' account on the remote ''remote_server'' computer, and you know your password |
* This page will also show some examples using the LSCE and IPSL (ciclad) servers | * This page will also show some examples using the LSCE and IPSL (ciclad) servers | ||
Line 20: | Line 20: | ||
* Many programs are said to //work over ssh// when they implicitly use the //ssh protocol// to securely transfer their data from one server to another: ''scp'' (copy remote directories and files), ''rsync'' (synchronize remote directories and files), ... | * Many programs are said to //work over ssh// when they implicitly use the //ssh protocol// to securely transfer their data from one server to another: ''scp'' (copy remote directories and files), ''rsync'' (synchronize remote directories and files), ... | ||
- | * Before you were born, and the word and internet were a safer place, people used less secure programs like ''telnet'', ''rlogin'', ''rsh'', ''ftp'', ... | + | * Some history: before you were born, and the world and internet were a safer place, people used less secure programs like ''telnet'', ''rlogin'', ''rsh'', ''ftp'', ... |
===== Using ssh ===== | ===== Using ssh ===== | ||
- | ==== On a Linux computer ==== | + | ==== Standard usage ==== |
+ | <WRAP center round tip 60%> | ||
+ | Note: the following will work in a **Linux** terminal, but can also work in a //terminal// on a **Mac** or on a **Windows 10** computer (''ssh'' is directly available in ''Windows Powershell'', ''Windows Terminal'' or the old ''cmd'', but it is not the best way to use ''ssh'' on Windows) | ||
+ | </WRAP> | ||
+ | |||
+ | * ''ssh [options] [my_login@]remote_server'' | ||
+ | * If your login is the same on the local and remote computer, you can omit the optional ''my_login@'': e.g. just use ''ssh ssh1.lsce.ipsl.fr'' | ||
+ | |||
+ | * Most common options: | ||
+ | * ''-X'': Enable X11 forwarding. This option will allow you to start graphical programs on the remote server | ||
+ | * If ''-X'' does not work, use ''-Y'' instead (Enable //trusted// X11 forwarding) | ||
+ | * Using the ''-X''/''-Y'' option will automatically define the ''DISPLAY'' environment variable that is required by graphical programs on the remote server. Otherwise, ''DISPLAY'' will not be defined\\ <code>jypeter@lsce5203:~$ echo $DISPLAY | ||
+ | localhost:0.0 | ||
+ | jypeter@lsce5203:~$ ssh ssh1.lsce.ipsl.fr | ||
+ | Last login: Wed Jul 8 14:45:31 2020 from 176-142-31-75.abo.bbox.fr | ||
+ | [jypeter@ssh1 ~]$ echo $DISPLAY | ||
+ | DISPLAY: Undefined variable. | ||
+ | [jypeter@ssh1 ~]$ logout | ||
+ | Connection to ssh1.lsce.ipsl.fr closed. | ||
+ | jypeter@lsce5203:~$ ssh -X ssh1.lsce.ipsl.fr | ||
+ | [jypeter@ssh1 ~]$ echo $DISPLAY | ||
+ | localhost:43.0</code> | ||
+ | * In order to display graphical windows, you also need to have a local //X server// running! | ||
+ | * Linux computer: nothing to do, an X server is already running | ||
+ | * Windows: [[other:win10wsl#installing_an_x_server|install, configure and launch VcXsrv]] | ||
+ | * Mac: FIXME | ||
+ | * ''-A'': enable agent forwarding. This is useful when you use //ssh keys//, and an //ssh agent// | ||
+ | * ''-t command'': this option allows you to execute a command on the remote server (without displaying the output of the initial ''ssh''). We use this mostly to //chain ssh connections//, when we want to automatically go through a specific //gateway// server to access another server\\ e.g. ''ssh -A -X my_login@ssh1.lsce.ipsl.fr -t ssh -A -X obelix'' | ||
+ | * ''-v'': verbose mode. Use this option only when you can't connect, or things don't seem to work correctly. Analyzing the verbose output when you start ''ssh'' should allow you, or the [[other:newppl:starting#getting_help_from_the_lsce_system_administrators|system administrators]], to find out what is wrong | ||
+ | |||
+ | ==== Useful aliases ==== | ||
+ | |||
+ | If you want to easily use ''ssh'' (with the appropriate options), you should define the following aliases in your ''~/.bashrc'' configuration file | ||
+ | |||
+ | <code> | ||
+ | alias obelix='ssh -A -X my_LSCE_login@ssh1.lsce.ipsl.fr -t ssh -A -X obelix' | ||
+ | |||
+ | alias ciclad='ssh -A -X my_ciclad_login@ciclad.ipsl.jussieu.fr' | ||
+ | </code> | ||
+ | |||
+ | ==== Configuration files ==== | ||
+ | |||
+ | ''ssh'' will store all its configuration files in the ''~/.ssh/'' directory (''C:\Users\your_windows_login\.ssh'' on Windows 10) | ||
+ | |||
+ | * ''known_hosts'': the first time you connect to a new server, ''ssh'' will ask if you are sure of what you are doing, and then store some unique information about the remote server in the ''known_hosts'' file. It will check this information (without asking you) the next time you connect to the same server, and warn you if something seems wrong\\ <code>PS C:\Users\jypeter> ssh ssh1.lsce.ipsl.fr | ||
+ | The authenticity of host 'ssh1.lsce.ipsl.fr (157.136.66.99)' can't be established. | ||
+ | ECDSA key fingerprint is SHA256:vMAvkidEg0EukP/RZwPAVuo5+TBegQFx1v8WN9pZLXg. | ||
+ | Are you sure you want to continue connecting (yes/no)? yes | ||
+ | Warning: Permanently added 'ssh1.lsce.ipsl.fr,157.136.66.99' (ECDSA) to the list of known hosts. | ||
+ | jypeter@ssh1.lsce.ipsl.fr's password:</code> | ||
+ | |||
+ | * ''config'': an optional configuration file | ||
+ | |||
+ | * ''authorized_keys'', and possibly your private and public //ssh keys// | ||
==== A recommended ssh client for Windows ==== | ==== A recommended ssh client for Windows ==== |