SSH
SSH,
Secure Shell, is the most important command/protocol there is, for securely connecting to and running commands on a remote server, anywhere on the Internet. It is our first tool of choice when we want to log in to a server and start a job or just check something. SSH has been available for decades on Linux and Mac, but until recently, we needed third party programs to make it work on MS Windows. But not anymore, with Windows >= 10, MS has finally managed to include it as standard.
Security
Before using SSH, we need to know about an important SSH security feature, and a little about user verification. Read this:
SSH login
Things you should know
- Be careful when typing user name and password, too many failures might block your IP address …
- While typing password, when doing a ssh command line log in, please be aware that nothing will be printed on screen, no * (this is standard behavior and is supposed to stop a bad guy behind you counting the number of characters in your password).
- If you need help, send an email to help at ux.uis.no, and please include:
- your Unix user name (account name)
- the server you are using or tried to log in to
- how you log in, e.g. ssh, NX, SFTP
- the time of day
- where you log in from, your IP address https://minip.ux.uis.no/
Login
Log in with SSH is easy, all we have to do is to start a terminal window (command or power-shell on Windows) and run the
ssh command like this (On a Linux or Mac, you can use
ssh -X ... enable X11 forwarding):
ssh USER@ssh1.ux.uis.no
If you
understood server fingerprint verification, go ahead and try the ssh command above. Switch out the word "USER", with your own Unix-user account name. See the email you got when your account was created, it contains your Unix-user account name, a password and a OTP.
- Always make sure you type the password exactly as shown in the email, you may copy&paste it.
- If you are doing this from home, you will need the user-name, password and the OTP (the second factor).
- If you are on campus, you probably only need the user-name and password.
- Add your Unix-account to your Authenticator App the first time you log in!
Log out
When loging out, its important to first quit all your processes. If you just close the Windows/Mac/Linux terminal windows you logged in from, there is a chance that some of your processes might be left running, consuming/locking resources and wasting energy. When you want to logout:
- run the command logout, exit or press Ctrl-d, then you will be warned about processes still running.
- only when disconnected from the SSH server, is it safe to close the terminal window.
Login servers
SSH log in from Internet is limited to a few log in servers:
- ssh1.ux.uis.no - require password and OTP/TOTP
- ssh2.ux.uis.no - require password and OTP/TOTP
- ssh3.ux.uis.no - require SSH key and OTP/TOTP
- ssh4.ux.uis.no - require SSH key and OTP/TOTP
(These are just login servers, please do not run jobs on them.)
Running jobs
Things you should know
- always use your bhome as working directory for all jobs
- your home are normally backed up every day.
- bhome is NOT backed up, copy your work/code to your home to get it backed up, but do NOT copy generated data from bhome to home.
- all your bhome files will be deleted no later than 30 days after your expire date!
- run uenv avail to list program packages, or just uenv for help
Log in with SSH into one of the login servers, then use SSH again to get a terminal window on the server you want to run commands on. Jobs should be run on gorina1-4,6 or on the cluster (gorina11).
Changing password
Can only be done on the server
pw.ux.uis.no. When running the command
passwd, you will be asked for your current password, and then twice for the new password, nothing will be printed to screen during password typing. If the new password is accepted, wait 10 minutes for it to become active on all servers. Please do not use the server pw for anything else.
- Minimum length is 16 characters.
- Must include uppercase and lowercase letters
- SSH into one of the login servers
- SSH into pw with the command: ssh pw
- Set new password with the command: passwd
- Log out from pw
- Wait 10 minutes for it to become active on all servers.
SSH client
If your Windows version < 10 or for some reason is missing SSH, download, install and use
PuTTY.
PuTTY - a free SSH client for Windows users. To create a server connection do:
- Start PuTTY (not PuTTYgen or PSFTP)
- Session Host Name (or IP address): ssh1.ux.uis.no (or choose another log in server from the list above)
- Port number: 22
- Default Settings Save
- Open
- Now STOP and verify the fingerprint VerifyServerFingerprint - do not connect if they are different!
- Only if fingerprint matches Accept
- login as: add you Unix account name
- Password:
- Verification code: enter your TOTP 2FA code
SSH copy
Things you should know
- directory = folder = mappe
- Avoid space in file names, it complicates tings…
- . is the current directory
- .. is the parent directory
- use your bhome directory for all data upload
Copy files
For copying files over the network, SSH provide the efficient
Secure copy protocol - SCP and the more modern
SSH File Transfer Protocol - SFTP. The command line tool
scp are great when we just want to copy a few files, or for use in a
Bash shell script. For copying a whole directory tree or synchronize directories,
rsync is the tool to use. But if we want to browse the directory structure and get a better overview, a graphical SFTP client is a better choice, clients like
WinSCP and
FileZilla.
Graphical SFTP clients
If the command line is not your thing, try WinSCP or FileZilla.
WinSCP - recommended open source SFTP client for Windows users. To create a server connection do:
- Click Session New Session… New Site
- File protocol: SFTP
- Host name: ssh2.ux.uis.no (choose a username and password log in server for the list above)
- Port number: 22
- User name: add you Unix account name
- Password:
- Save OK
- Login
- STOP and verify the fingerprint VerifyServerFingerprint - do not connect if they are different!
- Verification code: enter your TOTP 2FA code
FileZilla - SFTP client. When setting up a server connection do:
- Click File Site Manager… New site
- General (tab)
- Protocol: SFTP - SSH File Transfer Protocol
- Host: ssh2.ux.uis.no (choose a username and password log in server for the list above)
- Port: 22
- Logon Type: Interactive
- User: enter your Unix account name
- Connect
- STOP and verify the fingerprint VerifyServerFingerprint - do not connect if they are different!
- When asked for password: type your Unix account password
- When asked for verification code: enter your TOTP 2FA code
Command - scp
No need to install anything, if you have the
ssh command in your terminal window, you also have the
scp command.
When running the following
scp command, if you are informed that the authenticity of the server (host) can't be established
verify the server fingerprint - abort the command (press CTRL-c) if the fingerprint are different!
To copy from local PC
Unix account, e.g. to copy the file
data.zip from local PC to the "bhome/" directory on the Unix account
scp data.zip USER@ssh2.ux.uis.no:bhome/
To copy from Server
local PC, e.g. to copy the file "results.dat" from a directory "bhome/temp" on the Unix account, to the current directory on local PC, run:
scp USER@ssh2.ux.uis.no:bhome/temp/results.dat .
Command - rsync
The command
rsync is a powerful tool, but it is easy to make a mistake. Therefore,
always do a
test run first, use the "-n" test parameter, that way
rsync shows what the command will do, but no files will be copied. Only when you are sure your command is correct, run it again without the "-n" parameter. Another
important thing
to know about
rsync, is that if you specify the source directory like "/the/source" the "source" directory itself, will be copied. But if you specify the source like "/the/source/", only the files within the "source" directory will be copied. This has the
potential to create a
big mess if we are not careful. Always to a
test run!
When running the following
rsync command, if you are informed that the authenticity of the server (host) can't be established
verify the server fingerprint - abort the command (press CTRL-c) if the fingerprint are different!
To copy from local PC
Unix account, e.g. to copy the directory
TestData, and all sub directories, from local PC into the "bhome" directory on the Unix account.
rsync -rvn TestData USER@ssh2.ux.uis.no:bhome/
To copy from local PC
Unix account, e.g. to just copy all the files in the directory
TestData from local PC to the "bhome/TestData" directory on the Unix account.
rsync -vn TestData/ USER@ssh2.ux.uis.no:bhome/TestData
To copy from Server
local PC, e.g. to copy the directory "bhome/TestData" on the Unix account, to the local sub directory
project on local PC, run:
rsync -rvn USER@ssh2.ux.uis.no:bhome/TestData project
All
rsync examples above runs in testing mode, because of the included "n" parameter, to run the copying, just remove it and run the command again.
SSH mount
Things you should know
- If mounting /home/... don't work, try with /nfs/...
Mount directory
Wouldn't it be nice if you could sit comfortably with your PC and work on your Unix account files with your own favorite editor, without having to download them first, without the hazel of uploading them later to keep both places synchronized? With
SSHFS you can! SSHFS makes an account on a SSH server behave like a local
FileSystem. With SSHFS you mount an server directory as a local drive, and then forget about where those files really are, you just use it as if it was a local disk.
SSHFS on Linux
SSHFS is available in all GNU/Linux distributions. Installing and using SSHFS on GNU/Linux is very easy.
When running the following
sshfs command, if you are informed that the authenticity of the server (host) can't be established
verify the server fingerprint - abort the command (press CTRL-c) if the fingerprint are different!
In Ubuntu, install sshfs
sudo apt-get install sshfs
To mount a server directory, e.g. to mount USER HOME on a local directory
ux
cd ; mkdir ux ; sshfs -o follow_symlinks USER@ssh1.ux.uis.no:/home/stud/USER ux
That's it, now USER's Unix-account files are locally accessible in the
ux directory
To unmount, just do:
cd ; fusermount -u ux
If you get an error message like
fusermount: failed to open current directory: Permission denied try setting,
temporarily, a more relaxed file permission on you HOME:
cd ; chmod g+rx . ; fusermount -u ux ; chmod g-rx .
SSHFS on Mac
Install latest stable version of
FUSE and
SSHFS see
https://osxfuse.github.io. When installed, mount and unmount as described for Linux.
SSHFS on Windows
The best known option for a SSHFS solution on Windows is SFTP Drive, it supports 2FA and is free for personal use (require registration), check it out on:
https://www.nsoftware.com/sftp/drive/
Install and add your Unix account:
- start SFTP Drive
- click New...
- Drive Name: Unix-home (just give the connection a name)
- Drive Letter: U: (choose any free drive letter)
- Remote Host: ssh1.ux.uis.no (choose ssh1 or ssh2)
- Remote Port: 22
- Authentication Type: Multi-factor
- Username: put your Unix-account user name here
- Password: put your Unix-account password here
- Remote Folder: User's home folder (if you want to mount another folder/directory, select Specified folder instead and enter it in the field below)
- Test SSH Connection
- STOP and verify the fingerprint VerifyServerFingerprint - do not connect if they are different!
- If fingerprint matches Connect and enjoy easy file access