SSH (standing for "Secure Shell") is a program used to remotely connect to servers. It can be used wherever there is an internet connection, and there are clients available for pretty much every device under the sun. This is one of the easiest ways to connect to UCC's servers. == Servers == There are several servers that you can connect to remotely from outside UCC. The main servers for this are: || '''Server''' || '''Port''' || '''Comments''' || || ssh.ucc.asn.au || Any || Connects you to [[Motsugo]] || || motsugo.ucc.asn.au || 22 || [[Motsugo]] is the main user server || || mussel.ucc.asn.au || 22 || [[Mussel]] is the secondary user server || From these servers you can then access services on the internal UCC network (or by proxy jumping via one of these servers). = How to SSH = == Windows == 1. Download and install an SSH client: * PuTTy - http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html * KiTTY - http://www.9bis.net/kitty/?page=Download 2. Enter the details for a server into your client: * Host name should be the address of the server. See above for some common UCC servers that you can connect to. * The port will default to 22. * You can give the session a name and click save to make connecting easier in future. * If you don't want to enter your username every time, you can enter this under "Connection - Data". * You can change it so that right click on the mouse doesn't paste text under "Window - Selection". 3. If prompted, agree to add UCC's server to known_hosts, assuming you trust us. 4. Enter your UCC username and password. * You are now connected to a UCC server. == Linux/MacOS == 1. Most Linux distributions come with a SSH client pre-packaged. Install a SSH client, such as OpenSSH, if your OS doesn't come packaged with one. 2. Type the following command into a terminal window: * {{{ssh [username]@[server] -p [port]}}} * Replace {{{[username]}}} with your UCC username and {{{[server]}}} with the address of the server you are connecting to. * If you are connecting to port 22, you can omit {{{-p [port]}}}, otherwise enter the port you want to connect to. * If the username you are using on your current machine matches your UCC username, you can omit {{{[username]@}}} * ie: From a linux machine in the clubroom, you can just type {{{ssh ssh}}} 3. If prompted, agree to add UCC's server to {{{known_hosts}}}, assuming you trust us. * '''Note:''' You should only do this if it is the first time you have seen the prompt for that server. 4. Enter your UCC password. * You are now connected to a UCC server. == Web == UCC has configured a web interface that allows remote login to several UCC machines (Windows, MacOS and Linux) without needing to install anything on your device. All that is required is a web browser (and internet connection). The login portal is located at https://login.ucc.asn.au/. For more details, check out [[HowToUCC/RemoteLogin]]. = Useful Tips = == SSH Keys == It is best practice to set up and use an [[https://wiki.archlinux.org/title/SSH_keys|SSH keypair]] rather than relying on password authentication. An SSH keypair consists of a linked public and private key. The private key resides on your personal device and must be kept secret (and is usually encrypted with a password), while the public key is distributed to hosts that you want to connect to. When you wish to connect to such a host, you tell your SSH client to use the respective private key to connect and if your public key is authorized by the server, then it will allow you to connect. Connecting to a server using an SSH keypair is more secure than using password authentication as it requires a potential attacker to have access to your private key, which only resides on your device (and is hopefully password encrypted on top of that!). In the context of UCC systems using an SSH key also has the added benefit of not triggering [[Fail2Ban]] upon repeated authentication failures. Setting up an SSH keypair depends on the SSH client you are using, however for OpenSSH the procedure involves running the {{{ssh-keygen}}} command. Once you have set up a keypair, SSH to {{{ssh.ucc.asn.au}}} (using password authentication for now) and then copy the contents of your public key to the file {{{~/.ssh/authorized_keys}}}. If this file does not exist, or if the {{{.ssh}}} folder does not exist, create them. Once you've copied your public key over, congratulations, you should be able to SSH to UCC using your key! Exit your existing SSH session and try. If you've set everything up correctly, then when you attempt to SSH you should be prompted for the password to your private key, rather than the password to your UCC account. == OpenSSH Config == If you are using OpenSSH as your SSH client, then you can additionally set up a user config file at {{{~/.ssh/config}}}. This file allows you to change the default settings of SSH when connecting to particular hosts. In practice this means that you have to type less to SSH, e.g. {{{ssh motsugo}}} instead of {{{ssh -i /path/to/keyfile user@motsugo.ucc.asn.au}}}. The config file consists of {{{Host}}} blocks specifying directives to use when connecting to particular hosts. To achieve the example just given, your SSH config might look as follows: {{{ Host motsugo User username Hostname motsugo.ucc.asn.au IdentityFile /path/to/keyfile }}} The {{{man}}} page for {{{ssh_config(5)}}} contains more information about specific directives that can be used.