2210
Comment:
|
5566
Article clean-up, merged information from [[SSH]] and added some more useful information for new users
|
Deletions are marked like this. | Additions are marked like this. |
Line 1: | Line 1: |
SSH stands for "Secure Shell", it is one of the easier ways to connect to a machine at UCC, because physically standing up and going over to one is difficult. | SSH (standing for "Secure Shell") is a program used to remotely connect to servers. It can be used wherever there is an internet connection, and there are clients available for pretty much every device under the sun. This is one of the easiest ways to connect to UCC's servers. |
Line 4: | Line 4: |
There are several servers that you can connect to at UCC || Server || Port|| Comments || || ssh.ucc.asn.au || Any || Connects you to Motsugo || || motsugo.ucc.asn.au || 22 || This is the main user server || || mussel.ucc.asn.au || 22 || This is the secondary user server || |
There are several servers that you can connect to remotely from outside UCC. The main servers for this are: |
Line 10: | Line 6: |
= Windows = | || '''Server''' || '''Port''' || '''Comments''' || || ssh.ucc.asn.au || Any || Connects you to [[Motsugo]] || || motsugo.ucc.asn.au || 22 || [[Motsugo]] is the main user server || || mussel.ucc.asn.au || 22 || [[Mussel]] is the secondary user server || From these servers you can then access services on the internal UCC network (or by proxy jumping via one of these servers). = How to SSH = == Windows == |
Line 16: | Line 20: |
* Host name should be the address of the server. * The port will default to 22 * You can give the session an name and click save to make connectin easier in future. * If you don't want to enter your username every time, you can enter this under "Connection - Data" * You can change it so that right click on the mouse doesn't paste text under "Window - Selection" |
* Host name should be the address of the server. See above for some common UCC servers that you can connect to. * The port will default to 22. * You can give the session a name and click save to make connecting easier in future. * If you don't want to enter your username every time, you can enter this under "Connection - Data". * You can change it so that right click on the mouse doesn't paste text under "Window - Selection". |
Line 22: | Line 26: |
3. If prompted, agree to add UCC's server to know_hosts, assuming you trust us. | 3. If prompted, agree to add UCC's server to known_hosts, assuming you trust us. |
Line 27: | Line 31: |
= Linux = | == Linux == |
Line 29: | Line 33: |
1. Most Linux distributions come with a SSH client pre-packaged. Install a SSH client, such as OpenSSH, if your OS doesn't come packaged with one. Most Linux distributions come with a SSH client pre-packaged. Consult the manual if you need to install one. | 1. Most Linux distributions come with a SSH client pre-packaged. Install a SSH client, such as OpenSSH, if your OS doesn't come packaged with one. |
Line 32: | Line 36: |
* ssh [username]@[server] -p [port] * Replace [username] with your UCC username and [server] with the address of the server you are connecting to. * If you are connecting to port 22, you can omit "-p [port]", otherwise enter the port you want to connect to. * If the username you are using on your current machine matches your UCC username, you can omit "[username]@" |
* {{{ssh [username]@[server] -p [port]}}} * Replace {{{[username]}}} with your UCC username and {{{[server]}}} with the address of the server you are connecting to. * If you are connecting to port 22, you can omit {{{-p [port]}}}, otherwise enter the port you want to connect to. * If the username you are using on your current machine matches your UCC username, you can omit {{{[username]@}}} * ie: From a linux machine in the clubroom, you can just type {{{ssh ssh}}} |
Line 38: | Line 43: |
* 'Note:' You should only do this if it is the first time you have seen the prompt for that server. | * '''Note:''' You should only do this if it is the first time you have seen the prompt for that server. |
Line 42: | Line 47: |
== Web == UCC has configured a web interface that allows remote login to several UCC machines (Windows, MacOS and Linux) without needing to install anything on your device. All that is required is a web browser (and internet connection). The login portal is located at https://login.ucc.asn.au/. For more details, check out [[HowToUCC/RemoteLogin]]. = Useful Tips = == SSH Keys == It is best practice to set up and use an [[https://wiki.archlinux.org/title/SSH_keys|SSH keypair]] rather than relying on password authentication. An SSH keypair consists of a linked public and private key. The private key resides on your personal device and must be kept secret (and is usually encrypted with a password), while the public key is distributed to hosts that you wish to connect to. When you wish to connect to such a host, you tell your SSH client to use the respective private key to connect and if your public key is authorized by the server, then it will allow you to connect. Connecting to a server using an SSH keypair is more secure than using password authentication as it requires a potential attacker to have access to your private key, which only resides on your device (and is hopefully password encrypted on top of that!). In the context of UCC systems using an SSH key also has the added benefit of not triggering [[Fail2Ban]] upon repeated authentication failures. Setting up an SSH keypair depends on the SSH client you are using, however for OpenSSH the procedure involves running the {{{ssh-keygen}}} command. Once you have set up a keypair, SSH to {{{ssh.ucc.asn.au}}} (using password authentication for now) and then copy the contents of your public key to the file {{{~/.ssh/authorized_keys}}}. If this file does not exist, or if the {{{.ssh}}} folder does not exist, create them. Once you've copied your public key over, congratulations, you should be able to SSH to UCC using your key! Exit your existing SSH session and try. If you set everything up correctly, then when you attempt to SSH you should be prompted for the password to your private key, rather than the password to your UCC account. == OpenSSH Config == If you are using OpenSSH as your SSH client, then you can additionally set up a user config file at {{{~/.ssh/config}}}. This file allows you to change the default settings of SSH when connecting to particular hosts. In practice this means that you have to type less to SSH, e.g. {{{ssh motsugo}}} instead of {{{ssh -i /path/to/keyfile [email protected]}}}. The config file consists of {{{Host}}} blocks specifying directives to use when connecting to particular hosts. To achieve the example just given, your SSH config might look as follows: {{{ Host motsugo User username Hostname motsugo.ucc.asn.au IdentityFile /path/to/keyfile }}} The {{{man}}} page for {{{ssh_config(5)}}} contains more information about specific directives that can be used. |
SSH (standing for "Secure Shell") is a program used to remotely connect to servers. It can be used wherever there is an internet connection, and there are clients available for pretty much every device under the sun. This is one of the easiest ways to connect to UCC's servers.
Servers
There are several servers that you can connect to remotely from outside UCC. The main servers for this are:
Server |
Port |
Comments |
ssh.ucc.asn.au |
Any |
Connects you to Motsugo |
motsugo.ucc.asn.au |
22 |
Motsugo is the main user server |
mussel.ucc.asn.au |
22 |
Mussel is the secondary user server |
From these servers you can then access services on the internal UCC network (or by proxy jumping via one of these servers).
How to SSH
Windows
1. Download and install an SSH client:
2. Enter the details for a server into your client:
- Host name should be the address of the server. See above for some common UCC servers that you can connect to.
- The port will default to 22.
- You can give the session a name and click save to make connecting easier in future.
- If you don't want to enter your username every time, you can enter this under "Connection - Data".
- You can change it so that right click on the mouse doesn't paste text under "Window - Selection".
3. If prompted, agree to add UCC's server to known_hosts, assuming you trust us.
4. Enter your UCC username and password.
- You are now connected to a UCC server.
Linux
1. Most Linux distributions come with a SSH client pre-packaged. Install a SSH client, such as OpenSSH, if your OS doesn't come packaged with one.
2. Type the following command into a terminal window:
ssh [username]@[server] -p [port]
Replace [username] with your UCC username and [server] with the address of the server you are connecting to.
If you are connecting to port 22, you can omit -p [port], otherwise enter the port you want to connect to.
If the username you are using on your current machine matches your UCC username, you can omit [username]@
ie: From a linux machine in the clubroom, you can just type ssh ssh
3. If prompted, agree to add UCC's server to known_hosts, assuming you trust us.
Note: You should only do this if it is the first time you have seen the prompt for that server.
4. Enter your UCC password.
- You are now connected to a UCC server.
Web
UCC has configured a web interface that allows remote login to several UCC machines (Windows, MacOS and Linux) without needing to install anything on your device. All that is required is a web browser (and internet connection). The login portal is located at https://login.ucc.asn.au/. For more details, check out HowToUCC/RemoteLogin.
Useful Tips
SSH Keys
It is best practice to set up and use an SSH keypair rather than relying on password authentication. An SSH keypair consists of a linked public and private key. The private key resides on your personal device and must be kept secret (and is usually encrypted with a password), while the public key is distributed to hosts that you wish to connect to. When you wish to connect to such a host, you tell your SSH client to use the respective private key to connect and if your public key is authorized by the server, then it will allow you to connect.
Connecting to a server using an SSH keypair is more secure than using password authentication as it requires a potential attacker to have access to your private key, which only resides on your device (and is hopefully password encrypted on top of that!). In the context of UCC systems using an SSH key also has the added benefit of not triggering Fail2Ban upon repeated authentication failures.
Setting up an SSH keypair depends on the SSH client you are using, however for OpenSSH the procedure involves running the ssh-keygen command. Once you have set up a keypair, SSH to ssh.ucc.asn.au (using password authentication for now) and then copy the contents of your public key to the file ~/.ssh/authorized_keys. If this file does not exist, or if the .ssh folder does not exist, create them. Once you've copied your public key over, congratulations, you should be able to SSH to UCC using your key! Exit your existing SSH session and try. If you set everything up correctly, then when you attempt to SSH you should be prompted for the password to your private key, rather than the password to your UCC account.
OpenSSH Config
If you are using OpenSSH as your SSH client, then you can additionally set up a user config file at ~/.ssh/config. This file allows you to change the default settings of SSH when connecting to particular hosts. In practice this means that you have to type less to SSH, e.g. ssh motsugo instead of ssh -i /path/to/keyfile [email protected]. The config file consists of Host blocks specifying directives to use when connecting to particular hosts. To achieve the example just given, your SSH config might look as follows:
Host motsugo User username Hostname motsugo.ucc.asn.au IdentityFile /path/to/keyfile
The man page for ssh_config(5) contains more information about specific directives that can be used.