PMIP3 wiki

User Tools

Site Tools

You are here: index » other » ssh
other:ssh

This is an old revision of the document!

Table of Contents

Understanding and using ssh correctly

Everything you always wanted to know about ssh, ssh keys, the passphrase and ssh agent, but were afraid to ask

At least everything you need to know, without getting bored to death

A quick introduction

  • ssh is a program for logging securely into a remote machine and for executing commands on a remote machine
    • More precisely ssh is an SSH client using the SSH protocol
  • We assume below that you have a my_login account on the remote remote_server computer, and you know your password
    • This page will also show some examples using the LSCE and IPSL (ciclad) servers
  • Instead of a password, you can also use a set of private and public keys and a passphrase
  • Many programs are said to work over ssh when they implicitly use the ssh protocol to securely transfer their data from one server to another: scp (copy remote directories and files), rsync (synchronize remote directories and files), …
  • Some history: before you were born, and the world and internet were a safer place, people used less secure programs like telnet, rlogin, rsh, ftp, …

Using ssh

Standard usage

Note: the following will work in a Linux terminal, but can also work in a terminal on a Mac or on a Windows 10 computer (ssh is directly available in Windows Powershell, Windows Terminal or the old cmd, but it is not the most user-friendly way to use ssh on Windows)

If you have a Windows computer, it is much easier to use Putty for creating an ssh connection

  • ssh [options] [my_login@]remote_server
    • If your login is the same on the local and remote computer, you can omit the optional my_login@ part:
      e.g. just use ssh ssh1.lsce.ipsl.fr
    • The first time you connect to a new server, ssh will ask if you are sure of what you are doing, and then store some unique information about the remote server in the known_hosts file (details). ssh will check this security information (without asking you) each time you connect to the same server, and warn you if something seems wrong
      PS C:\Users\my_login> ssh ssh1.lsce.ipsl.fr
The authenticity of host 'ssh1.lsce.ipsl.fr (157.136.66.99)' can't be established.
ECDSA key fingerprint is SHA256:vMAvkidEg0EukP/RZwPAVuo5+TBegQFx1v8WN9pZLXg.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'ssh1.lsce.ipsl.fr,157.136.66.99' (ECDSA) to the list of known hosts.
my_login@ssh1.lsce.ipsl.fr's password:
  • Most common options:
    • -X: Enable X11 forwarding. This option will allow you to start graphical programs on the remote server
      • If -X does not work, use -Y instead (Enable trusted X11 forwarding)
      • Using the -X/-Y option will automatically define the DISPLAY environment variable that is required by graphical programs on the remote server. Otherwise, DISPLAY will not be defined
        my_login@lsce5203:~$ echo $DISPLAY
localhost:0.0
my_login@lsce5203:~$ ssh ssh1.lsce.ipsl.fr
Last login: Wed Jul  8 14:45:31 2020 from 176-142-31-75.abo.bbox.fr
[my_login@ssh1 ~]$ echo $DISPLAY
DISPLAY: Undefined variable.
[my_login@ssh1 ~]$ logout
Connection to ssh1.lsce.ipsl.fr closed.
my_login@lsce5203:~$ ssh -X ssh1.lsce.ipsl.fr
[my_login@ssh1 ~]$ echo $DISPLAY
localhost:43.0
      • In order to display graphical windows, you also need to have a local X server running!
    • -A: enable agent forwarding. This is useful when you use ssh keys, and an ssh agent
    • -t command: this option allows you to execute a command on the remote server (without displaying the output of the initial ssh). We use this mostly to chain ssh connections, when we want to automatically go through a specific gateway server to access another server
      e.g. ssh -A -X my_login@ssh1.lsce.ipsl.fr -t ssh -A -X obelix
    • -v: verbose mode. Use this option only when you can't connect, or things don't seem to work correctly. Analyzing the verbose output when you start ssh should allow you, or the system administrators, to find out what is wrong

Useful aliases

If you want to easily use ssh (with the appropriate options), you should define the following aliases in your ~/.bashrc configuration file 

# Connecting to LSCE from outside the LSCE network
alias sobelix='ssh -A -X my_LSCE_login@ssh1.lsce.ipsl.fr -t ssh -A -X obelix'

# Connecting to LSCE from a computer on the LSCE network
alias obelix='ssh -A -X my_LSCE_login@obelix'

# Connecting to ciclad @ IPSL
alias ciclad='ssh -A -X my_ciclad_login@ciclad.ipsl.jussieu.fr'

Configuration files

ssh will store all its configuration text files in the ~/.ssh/ directory (C:\Users\your_windows_login\.ssh on Windows 10)

  • known_hosts: the file were ssh stores security information about all the servers you have connected to (from the local computer)
  • config: an optional configuration file
  • authorized_keys, and possibly your private and public ssh keys

Putty is a convenient and user-friendly ssh client for Windows

Just transferring files

Sometimes you just need to copy files from one server to the other. The files can be securely copied over ssh with the scp command

Note: if you work with big data files, you should keep the files were they are instead of duplicating them, and move the data processing (your scripts, etc…) to the server where the files are located (e.g. the ciclad server)

Using ssh keys

Using an ssh agent

More...

  • If you want to know more (options, etc…), check the man(ual) page on Linux: man ssh
  • emacs




[ PMIP3 Wiki Home ] - [ Help! ] - [ Wiki syntax ]

other/ssh.1594367517.txt.gz · Last modified: 2020/07/10 07:51 by jypeter

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki