SSH

SSH, Secure Shell, is the most important command/protocol there is, for securely connecting to and running commands on a remote server, anywhere on the Internet. It is our first tool of choice when we want to log in to a server and start a job or just check something. SSH has been available for decades on Linux and Mac, but until recently, we needed third party programs to make it work on MS Windows. But not anymore, with Windows >= 10, MS has finally managed to include it as standard.

Security

Before using SSH, we need to know about an important SSH security feature, and a little about user verification. Read this:

• VerifyServerFingerprint
• TwoFactorAuthentication

SSH login

Things you should know

• Be careful when typing user name and password, too many failures might block your IP address …
• While typing password, when doing a ssh command line log in, please be aware that nothing will be printed on screen, no * (this is standard behavior and is supposed to stop a bad guy behind you counting the number of characters in your password).
• If you need help, send an email to help at ux.uis.no, and please include:
  • your Unix user name (account name)
  • the server you are using or tried to log in to
  • how you log in, e.g. ssh, NX, SFTP
  • the time of day
  • where you log in from, your IP address https://minip.ux.uis.no/

Login

Log in with SSH is easy, all we have to do is to start a terminal window (command or power-shell on Windows) and run the ssh command like this (On a Linux or Mac, you can use ssh -X ... enable X11 forwarding):

ssh USER@ssh1.ux.uis.no

If you understood server fingerprint verification, go ahead and try the ssh command above. Switch out the word "USER", with your own Unix-user account name. See the email you got when your account was created, it contains your Unix-user account name, a password and a OTP.

• Always make sure you type the password exactly as shown in the email, you may copy&paste it.
• If you are doing this from home, you will need the user-name, password and the OTP (the second factor).
• If you are on campus, you probably only need the user-name and password.
• Add your Unix-account to your Authenticator App the first time you log in!

Log out

When loging out, its important to first quit all your processes. If you just close the Windows/Mac/Linux terminal windows you logged in from, there is a chance that some of your processes might be left running, consuming/locking resources and wasting energy. When you want to logout:

1. run the command logout, exit or press Ctrl-d, then you will be warned about processes still running.
2. only when disconnected from the SSH server, is it safe to close the terminal window.

Login servers

SSH log in from Internet is limited to a few log in servers:

• ssh1.ux.uis.no - require password and OTP/TOTP
• ssh2.ux.uis.no - require password and OTP/TOTP
• ssh3.ux.uis.no - require SSH key and OTP/TOTP
• ssh4.ux.uis.no - require SSH key and OTP/TOTP

(These are just login servers, please do not run jobs on them.)

Running jobs

Things you should know

• always use your bhome as working directory for all jobs
• your home are normally backed up every day.
• bhome is NOT backed up, copy your work/code to your home to get it backed up, but do NOT copy generated data from bhome to home.
• all your bhome files will be deleted no later than 30 days after your expire date!
• run uenv avail to list program packages, or just uenv for help

Log in with SSH into one of the login servers, then use SSH again to get a terminal window on the server you want to run commands on. Jobs should be run on gorina1-4,6 or on the cluster (gorina11).

Changing password

Can only be done on the server pw.ux.uis.no. When running the command passwd, you will be asked for your current password, and then twice for the new password, nothing will be printed to screen during password typing. If the new password is accepted, wait 10 minutes for it to become active on all servers. Please do not use the server pw for anything else.

• Minimum length is 16 characters.
• Must include uppercase and lowercase letters

1. SSH into one of the login servers
2. SSH into pw with the command: ssh pw
3. Set new password with the command: passwd
4. Log out from pw
5. Wait 10 minutes for it to become active on all servers.

SSH client

If your Windows version < 10 or for some reason is missing SSH, download, install and use PuTTY.

PuTTY - a free SSH client for Windows users. To create a server connection do:

• Start PuTTY (not PuTTYgen or PSFTP)
• Session Host Name (or IP address): ssh1.ux.uis.no (or choose another log in server from the list above)
• Port number: 22
• Default Settings Save
• Open
• Now STOP and verify the fingerprint VerifyServerFingerprint - do not connect if they are different!
• Only if fingerprint matches Accept
• login as: add you Unix account name
• Password:
• Verification code: enter your TOTP 2FA code

SSH copy

Things you should know

• directory = folder = mappe
• Avoid space in file names, it complicates tings…
• . is the current directory
• .. is the parent directory
• use your bhome directory for all data upload

Copy files

For copying files over the network, SSH provide the efficient Secure copy protocol - SCP and the more modern SSH File Transfer Protocol - SFTP. The command line tool scp are great when we just want to copy a few files, or for use in a Bash shell script. For copying a whole directory tree or synchronize directories, rsync is the tool to use. But if we want to browse the directory structure and get a better overview, a graphical SFTP client is a better choice, clients like WinSCP and FileZilla.

Graphical SFTP clients

If the command line is not your thing, try WinSCP or FileZilla.

WinSCP - recommended open source SFTP client for Windows users. To create a server connection do:

• Click Session New Session… New Site
• File protocol: SFTP
• Host name: ssh2.ux.uis.no (choose a username and password log in server for the list above)
• Port number: 22
• User name: add you Unix account name
• Password:
• Save OK
• Login
• STOP and verify the fingerprint VerifyServerFingerprint - do not connect if they are different!
• Verification code: enter your TOTP 2FA code

FileZilla - SFTP client. When setting up a server connection do:

• Click File Site Manager… New site
• General (tab)
• Protocol: SFTP - SSH File Transfer Protocol
• Host: ssh2.ux.uis.no (choose a username and password log in server for the list above)
• Port: 22
• Logon Type: Interactive
• User: enter your Unix account name
• Connect
• STOP and verify the fingerprint VerifyServerFingerprint - do not connect if they are different!
• When asked for password: type your Unix account password
• When asked for verification code: enter your TOTP 2FA code

Command - scp

No need to install anything, if you have the ssh command in your terminal window, you also have the scp command.

When running the following scp command, if you are informed that the authenticity of the server (host) can't be established verify the server fingerprint - abort the command (press CTRL-c) if the fingerprint are different!

To copy from local PC Unix account, e.g. to copy the file data.zip from local PC to the "bhome/" directory on the Unix account

scp data.zip USER@ssh2.ux.uis.no:bhome/

To copy from Server local PC, e.g. to copy the file "results.dat" from a directory "bhome/temp" on the Unix account, to the current directory on local PC, run:

scp USER@ssh2.ux.uis.no:bhome/temp/results.dat .

Command - rsync

The command rsync is a powerful tool, but it is easy to make a mistake. Therefore, always do a test run first, use the "-n" test parameter, that way rsync shows what the command will do, but no files will be copied. Only when you are sure your command is correct, run it again without the "-n" parameter. Another important thing to know about rsync, is that if you specify the source directory like "/the/source" the "source" directory itself, will be copied. But if you specify the source like "/the/source/", only the files within the "source" directory will be copied. This has the potential to create a big mess if we are not careful. Always to a test run!

When running the following rsync command, if you are informed that the authenticity of the server (host) can't be established verify the server fingerprint - abort the command (press CTRL-c) if the fingerprint are different!

To copy from local PC Unix account, e.g. to copy the directory TestData, and all sub directories, from local PC into the "bhome" directory on the Unix account.

rsync -rvn TestData USER@ssh2.ux.uis.no:bhome/

To copy from local PC Unix account, e.g. to just copy all the files in the directory TestData from local PC to the "bhome/TestData" directory on the Unix account.

rsync -vn TestData/ USER@ssh2.ux.uis.no:bhome/TestData

To copy from Server local PC, e.g. to copy the directory "bhome/TestData" on the Unix account, to the local sub directory project on local PC, run:

rsync -rvn USER@ssh2.ux.uis.no:bhome/TestData project

All rsync examples above runs in testing mode, because of the included "n" parameter, to run the copying, just remove it and run the command again.

SSH mount

Things you should know

• If mounting /home/... don't work, try with /nfs/...

Mount directory

Wouldn't it be nice if you could sit comfortably with your PC and work on your Unix account files with your own favorite editor, without having to download them first, without the hazel of uploading them later to keep both places synchronized? With SSHFS you can! SSHFS makes an account on a SSH server behave like a local FileSystem. With SSHFS you mount an server directory as a local drive, and then forget about where those files really are, you just use it as if it was a local disk.

SSHFS on Linux

SSHFS is available in all GNU/Linux distributions. Installing and using SSHFS on GNU/Linux is very easy.

When running the following sshfs command, if you are informed that the authenticity of the server (host) can't be established verify the server fingerprint - abort the command (press CTRL-c) if the fingerprint are different!

In Ubuntu, install sshfs

sudo apt-get install sshfs

To mount a server directory, e.g. to mount USER HOME on a local directory ux

cd ; mkdir ux ; sshfs -o follow_symlinks USER@ssh1.ux.uis.no:/home/stud/USER ux

That's it, now USER's Unix-account files are locally accessible in the ux directory

To unmount, just do:

cd ; fusermount -u ux

If you get an error message like fusermount: failed to open current directory: Permission denied try setting, temporarily, a more relaxed file permission on you HOME:

cd ; chmod g+rx . ; fusermount -u ux ; chmod g-rx .

SSHFS on Mac

Install latest stable version of FUSE and SSHFS see https://osxfuse.github.io. When installed, mount and unmount as described for Linux.

SSHFS on Windows

The best known option for a SSHFS solution on Windows is SFTP Drive, it supports 2FA and is free for personal use (require registration), check it out on: https://www.nsoftware.com/sftp/drive/

Install and add your Unix account:

1. start SFTP Drive
2. click New...
3. Drive Name: Unix-home (just give the connection a name)
4. Drive Letter: U: (choose any free drive letter)
5. Remote Host: ssh1.ux.uis.no (choose ssh1 or ssh2)
6. Remote Port: 22
7. Authentication Type: Multi-factor
8. Username: put your Unix-account user name here
9. Password: put your Unix-account password here
10. Remote Folder: User's home folder (if you want to mount another folder/directory, select Specified folder instead and enter it in the field below)
11. Test SSH Connection
12. STOP and verify the fingerprint VerifyServerFingerprint - do not connect if they are different!
13. If fingerprint matches Connect and enjoy easy file access