Using and Configuring ssh


Stat Sci accounts

New accounts

If you didn’t have an account before you should now, the accounts have temporary passwords which you should change the first time you login using the passwd command.

$ passwd
Changing password for cr173.
(current) UNIX password:
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully

On to ssh

Secure shell (ssh)

  • A secure tool for connecting and interacting with remote systems
  • Uses public key encryption
  • Run a single command or work interactively
  • Lots of other neat tricks (proxy, port forwarding, many more)

Connecting to saxon

  • Everyone should have a visitor account of the stats servers now
  • Try to connect to make sure everything is working…
$ ssh cr173@saxon.stat.duke.edu
The authenticity of host 'saxon.stat.duke.edu (152.3.7.55)' can't be established
.
RSA key fingerprint is 74:30:5a:d0:cd:a8:d2:6f:a6:e9:c6:80:bb:eb:b4:ba.
Are you sure you want to continue connecting (yes/no)?yes
cr173@saxon.stat.duke.edu's password:
[cr173@saxon ~]$

Working remotely

You should now be able to run commands remotely on saxon. We can interactively run commands on the remote system. Try lscpu to see the cpu configuration on server.

[cr173@saxon ~]$ lscpu
Architecture:          x86_64
CPU op-mode(s):        32-bit, 64-bit
Byte Order:            Little Endian
CPU(s):                24
On-line CPU(s) list:   0-23
Thread(s) per core:    2
Core(s) per socket:    6
Socket(s):             2
NUMA node(s):          2
Vendor ID:             GenuineIntel
CPU family:            6
Model:                 62
Stepping:              4
CPU MHz:               1200.000
BogoMIPS:              4199.43
Virtualization:        VT-x
L1d cache:             32K
L1i cache:             32K
L2 cache:              256K
L3 cache:              15360K
NUMA node0 CPU(s):     0-5,12-17
NUMA node1 CPU(s):     6-11,18-23

Finishing up

Once you are done on the server you can exit by:

  • Running exit
  • Ctrl-D
  • Wait long enough (connection will time out)

One off commands

If you want to just run one command on the remote system

$ ssh cr173@saxon.stat.duke.edu traceroute google.com
traceroute to google.com (74.125.21.100), 30 hops max, 60 byte packets
 1  152.3.7.126 (152.3.7.126)  49.697 ms  49.721 ms  49.789 ms
 2  tel1-u_10_136_105_81_Po10-38.netcom.duke.edu (10.136.105.81)  0.937 ms  0.935 ms  0.981 ms
 3  10.136.105.82 (10.136.105.82)  1.031 ms  1.066 ms  0.990 ms
 4  tel-edge-gw1-t0-0-0-1.netcom.duke.edu (10.236.254.102)  1.753 ms  1.898 ms  1.706 ms
 5  rlgh7600-gw-to-duke7600-gw.ncren.net (128.109.70.17)  1.948 ms  2.109 ms  2.183 ms
 6  rtp-crs-gw-to-rlgh7600-gw.ncren.net (128.109.9.5)  6.315 ms  5.438 ms  5.391 ms
 7  wscrs-gw-to-rtpcrs-gw.ncren.net (128.109.212.10)  6.668 ms  6.618 ms  6.631 ms
 8  72.14.196.245 (72.14.196.245)  16.882 ms  16.814 ms  16.780 ms
 9  72.14.233.54 (72.14.233.54)  17.030 ms  16.933 ms  17.042 ms
10  66.249.94.6 (66.249.94.6)  17.257 ms 66.249.94.24 (66.249.94.24)  19.129 ms  19.014 ms
11  64.233.175.15 (64.233.175.15)  19.940 ms 209.85.248.57 (209.85.248.57)  19.233 ms  19.234 ms
12  * * *
13  yv-in-f100.1e100.net (74.125.21.100)  17.507 ms  17.355 ms  17.345 ms

$ traceroute google.com
traceroute: Warning: google.com has multiple addresses; using 74.125.196.101
traceroute to google.com (74.125.196.101), 64 hops max, 52 byte packets
 1  10.0.1.1 (10.0.1.1)  3.201 ms  1.752 ms  1.535 ms
 2  * * *
 3  xe-10-2-1.2185.rlghnca-rtr2.nc.rr.com (66.26.47.166)  17.119 ms  16.860 ms  11.795 ms
 4  ae19.chrlncpop-rtr1.southeast.rr.com (24.93.64.2)  31.230 ms  17.191 ms  20.466 ms
 5  bu-ether44.atlngamq46w-bcr00.tbone.rr.com (107.14.19.46)  33.966 ms
    bu-ether34.atlngamq46w-bcr00.tbone.rr.com (107.14.19.48)  37.203 ms
    bu-ether24.atlngamq46w-bcr00.tbone.rr.com (107.14.19.18)  37.560 ms
 6  ae-1-0.pr0.atl20.tbone.rr.com (66.109.6.177)  27.589 ms
    107.14.19.99 (107.14.19.99)  25.065 ms
    107.14.19.11 (107.14.19.11)  34.266 ms
 7  72.14.219.56 (72.14.219.56)  24.451 ms  39.234 ms  34.869 ms
 8  64.233.174.2 (64.233.174.2)  49.994 ms
    72.14.239.100 (72.14.239.100)  25.388 ms
    72.14.233.56 (72.14.233.56)  47.003 ms
 9  66.249.94.20 (66.249.94.20)  27.253 ms
    66.249.94.6 (66.249.94.6)  23.964 ms  38.942 ms
10  * 209.85.244.238 (209.85.244.238)  23.409 ms
    209.85.242.136 (209.85.242.136)  24.692 ms
11  * * *
12  yk-in-f101.1e100.net (74.125.196.101)  30.140 ms  20.395 ms  30.106 ms

Running more than one command

$ ssh cr173@saxon.stat.duke.edu "pwd;echo "";cd data;pwd;echo "";ls -l"
/home/vis/cr173

/home/vis/cr173/data

total 2
drwxr-xr-x+ 3 cr173 visitor 3 Dec  9  2013 epa_data

Secure copy (scp)

Uses ssh to copy a file between systems

$ ls -la
total 0
drwxr-xr-x   2 rundel  staff    68 Aug 28 21:51 .
drwxr-xr-x  98 rundel  staff  3332 Aug 28 21:51 ..
$ touch file
$ ls -la
total 0
drwxr-xr-x   3 rundel  staff   102 Aug 28 21:52 .
drwxr-xr-x  98 rundel  staff  3332 Aug 28 21:51 ..
-rw-r--r--   1 rundel  staff     0 Aug 28 21:52 file

Now we can upload the empty file

$ ssh cr173@saxon.stat.duke.edu "ls -la file*"
ls: No match.
$ scp file cr173@saxon.stat.duke.edu:~/
file                                                   100%    0     0.0KB/s   00:00
$ ssh cr173@saxon.stat.duke.edu "ls -la file*"
-rw-r--r--+ 1 cr173 visitor 0 Aug 28 21:55 file

Similarly if we change the file on the server, we can then download it locally as well:

$ ssh cr173@saxon.stat.duke.edu "echo Hello! > file"
$ ssh cr173@saxon.stat.duke.edu cat file
Hello!
$ scp cr173@saxon.stat.duke.edu:~/file ./
file                                                   100%    7     0.0KB/s   00:00 
$ cat file
Hello!

Avoiding passwords

You may have noticed that in most of the examples above I didn’t have to type in my password. This is possible through public key cryptography for authentication. You keep the private key and put the public key on the server.

To check if you have a key pair already you can run:

ls -al ~/.ssh

If you have files named either id_rsa.pub or id_dsa.pub then the public key already exists.

Creating a key pair

If the key pair does not exist you can create it using:

$ ssh-keygen -t rsa -C "rundel@gmail.com"
Generating public/private rsa key pair.
Enter file in which to save the key (/c/Users/rundel/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /c/Users/rundel/.ssh/id_rsa.
Your public key has been saved in /c/Users/rundel/.ssh/id_rsa.pub.
The key fingerprint is:
45:8a:9b:53:c8:02:ee:4b:89:21:ae:d4:a6:ca:bf:0f rundel@gmail.com
The key's randomart image is:
+--[ RSA 2048]----+
|  .       .      |
| . . . o o       |
|o . . + o .      |
|o+.. . + .       |
|.o+o  + S        |
|o.o.   .         |
|...E             |
|o   .            |
|...oo.           |
+-----------------+

Sharing the public key

We now need to get the public key on saxon so that the server can authenticate us.

$ scp ~/.ssh/id_rsa.pub cr173@saxon.stat.duke.edu:~/

$ scp ~/.ssh/id_rsa.pub cr173@saxon.stat.duke.edu:~/
cr173@saxon.stat.duke.edu's password:
id_rsa.pub                                    100%  407     0.4KB/s   00:00
$ ssh cr173@saxon.stat.duke.edu
cr173@saxon.stat.duke.edu's password:
Last login: Thu Aug 28 21:31:10 2014 from cpe-075-189-196-062.nc.res.rr.com
[cr173@saxon ~]$ ls -la .ssh/
total 24
drwxr-xr-x+  2 cr173 visitor     6 Dec  2  2013 .
drwxr-xr-x+ 46 cr173 visitor    82 Aug 28 22:17 ..
-rw-r--r--+  1 cr173 visitor   805 Dec  2  2013 authorized_keys
-rw-------+  1 cr173 visitor  1675 Dec  2  2013 id_rsa
-rw-r--r--+  1 cr173 visitor   407 Dec  2  2013 id_rsa.pub
-rw-r--r--+  1 cr173 visitor 12803 Aug 28 21:30 known_hosts
[cr173@saxon ~]$ cat id_rsa.pub >> .ssh/authorized_keys
[cr173@saxon ~]$ rm id_rsa.pub
[cr173@saxon ~]$ exit

Did that really solve the problem?

$ ssh cr173@saxon.stat.duke.edu
Enter passphrase for key '/c/Users/rundel/.ssh/id_rsa':

I don’t need my netid password anymore, but I do still need to enter the passphrase every time.

Github’s guide for Mac

Github’s guide for PC

Exercise - A step further

We will be using this public key authentication with github, so we need to give github a copy of our public key(s).

Windows - Adding keys to Github (See step 3) Mac OSX - Adding keys to Github (See step 3)

The pair we just generated will only work for the system you are currently using (e.g. your laptop), you will also need to do this procedure for any other system you will be working on (e.g. saxon).

In the time we have remaining go through the same procedure to create a key pair on saxon and copy that public key to your github account as well. Make sure to test that everything is working!.

Acknowledgments

Above materials are derived in part from the following sources: