This is an old revision of the document!
Everything you always wanted to know about ssh, ssh keys, the passphrase and ssh agent, but were afraid to ask
At least everything you need to know, without getting bored to death
ssh
is a program for logging securely into a remote machine and for executing commands on a remote machinessh
is an SSH client using the SSH protocolmy_login
account on the remote remote_server
computer, and you know your passwordscp
(copy remote directories and files), rsync
(synchronize remote directories and files), …telnet
, rlogin
, rsh
, ftp
, …
Note: the following will work in a Linux terminal, but can also work in a terminal on a Mac or on a Windows 10 computer (ssh
is directly available in Windows Powershell
, Windows Terminal
or the old cmd
, but it is not the most user-friendly way to use ssh
on Windows)
If you have a Windows computer, it is much easier to use PuTTY for creating an ssh
connection
ssh [options] [my_login@]remote_server
my_login@
part:ssh ssh1.lsce.ipsl.fr
ssh
will ask if you are sure of what you are doing, and then store some unique information about the remote server in the known_hosts
file (details). ssh
will check this security information (without asking you) each time you connect to the same server, and warn you if something seems wrongPS C:\Users\my_login> ssh ssh1.lsce.ipsl.fr The authenticity of host 'ssh1.lsce.ipsl.fr (157.136.66.99)' can't be established. ECDSA key fingerprint is SHA256:vMAvkidEg0EukP/RZwPAVuo5+TBegQFx1v8WN9pZLXg. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'ssh1.lsce.ipsl.fr,157.136.66.99' (ECDSA) to the list of known hosts. my_login@ssh1.lsce.ipsl.fr's password:
-X
: Enable X11 forwarding. This option will allow you to start graphical programs on the remote server-X
does not work, use -Y
instead (Enable trusted X11 forwarding)-X
/-Y
option will automatically define the DISPLAY
environment variable that is required by graphical programs on the remote server. Otherwise, DISPLAY
will not be definedmy_login@lsce5203:~$ echo $DISPLAY localhost:0.0 my_login@lsce5203:~$ ssh ssh1.lsce.ipsl.fr Last login: Wed Jul 8 14:45:31 2020 from 176-142-31-75.abo.bbox.fr [my_login@ssh1 ~]$ echo $DISPLAY DISPLAY: Undefined variable. [my_login@ssh1 ~]$ logout Connection to ssh1.lsce.ipsl.fr closed. my_login@lsce5203:~$ ssh -X ssh1.lsce.ipsl.fr [my_login@ssh1 ~]$ echo $DISPLAY localhost:43.0
-A
: enable agent forwarding. This is useful when you use ssh keys, and an ssh agent-t command
: this option allows you to execute a command on the remote server (without displaying the output of the initial ssh
). We use this mostly to chain ssh connections, when we want to automatically go through a specific gateway server to access another serverssh -A -X my_login@ssh1.lsce.ipsl.fr -t ssh -A -X obelix
-v
: verbose mode. Use this option only when you can't connect, or things don't seem to work correctly. Analyzing the verbose output when you start ssh
should allow you, or the system administrators, to find out what is wrong
If you want to easily use ssh
(with the appropriate options), you should define the following aliases in your ~/.bashrc
configuration file
# Connecting to LSCE from outside the LSCE network alias sobelix='ssh -A -X my_LSCE_login@ssh1.lsce.ipsl.fr -t ssh -A -X obelix' # Connecting to LSCE from a computer on the LSCE network alias obelix='ssh -A -X my_LSCE_login@obelix' # Connecting to ciclad @ IPSL alias ciclad='ssh -A -X my_ciclad_login@ciclad.ipsl.jussieu.fr'
ssh
will store all its configuration text files in the ~/.ssh/
directory (C:\Users\your_windows_login\.ssh
on Windows 10)
known_hosts
: the file were ssh
stores security information about all the servers you have connected to (from the local computer)config
: an optional configuration fileauthorized_keys
, and possibly your private and public ssh keysPuTTY is a convenient and user-friendly ssh client for Windows
Sometimes you just need to copy files from one remote server (or your desktop) to the other. The files can be securely copied over ssh with the scp
command
Note: if you work with big data files, you should keep the files were they are instead of duplicating them, and move the data processing (your scripts, etc…) to the server where the files are located (e.g. the ciclad
server at IPSL)
Note: the following will work in a Linux terminal, but can also work in a terminal on a Mac or on a Windows 10 computer (scp
is directly available in Windows Powershell
, Windows Terminal
or the old cmd
, but it is not the most user-friendly way to use ssh
on Windows)
If you have a Windows computer, it is much easier to use WinSCP for copying files
scp [options] local_path_or_file [my_login@]remote_server:remote_path
scp [options] [my_login@]remote_server:remote_path_or_file local_path
my_login@
part-p
: preserves modification times, access times, and modes from the original file.-r
: recursively copy entire directories.scp -r
will copy the complete content of the directory (including sub-directories)WinSCP is a convenient and user-friendly scp client for Windows
In some cases, you may want to synchronize the content of directories:
In that case, you should use the rsync
command, that will only copy files that are not already in the destination (and that have not changed since the previous copy).
rsync
has lots of complex options and rules, and should be used carefully if you do not want to lose files. This page does not cover this topic. Use man rsync
or ask somebody
man ssh
[ PMIP3 Wiki Home ] - [ Help! ] - [ Wiki syntax ]