Advanced SSH-ing
These instructions will cover the following topics:
- Connecting to Discovery using
ssh - Connecting to Discovery using
sshwithout a password ssh-ing using an alias
This tutorial assumes you are familiar with using terminal - see also instructions for installing iTerm
Below, if I want you to execute a terminal command, I’ll preface the command with “do” - eg “do ls”.
To connect to Discovery, and most servers used in academia, we can use a Secure SHell (ssh) that will allow our computer to plug in our monitor to the server. Just like our home monitors show what’s going on ‘inside’ our computer, the ssh tunnel allows us to use the server like we would use our own computer.
I’m assuming everyone has the credentials on the IT side of things to be able to connect to discovery. Ask Katie if this is not the case.
Before actually getting into doing the ‘connecting’, we should cover some basic commands to navigate in terminal, where we’ll eventually execute the ssh command. If you are not familiar with basic terminal commands, see the lab protocols page here. Generally the types of ‘native’ commands used will be BASH - BAsic SHell; think of BASH like a computer language and the terminal as a session of BASH). The BASH commands from this protocol that we’ll need immediately are cd and ls . Read those sections then come back here and continue.
The following instructions cover connecting “Computer A” (e.g., your laptop) to “Server B” (e.g., Discovery). But if you wanted to connect to another server from Discovery, you would follow these steps for creating and editing files on Discovery - in other words, Discovery would now be “Computer A” and the new server would be “Server B”.
1. Connecting to Discovery using ssh
Once you have your discovery credentials, you should be able to ssh to discovery like this: ssh your_login@login.discovery.neu.edu. It will then prompt you for a password. You can keep entering a password every time you log in (which can get annoying, if the long login isn’t annoying enough) or we can create a file (see next step) that will tell Discovery that you’re really you and you won’t have to enter a password afterward.
2. ssh-ing to Discovery without a password
Setting up your ssh folder
Before we can ssh without a password, we need to create a folder on your laptop.
On mac and linux, the short cut to your “home” directory is ~. So if you had a folder called ‘documents’ in your home directory, you could access that file path with ~/documents. On a mac, that path is something like /Users/yourusername. You can also ask BASH to tell you your username with echo $USER. Or you can ask for the actual home path echo $HOME. If you’re using a PC, we’ll need to replace the home path ~ with the actual path - ask Katie for help if needed.
To connect to Discovery with ssh we’re going to need a place to put files. That place by default is in a hidden folder called .ssh in your home directory on your laptop (note the .). So let’s first change directories to the home directory on your laptop (do cd ~) and see if you have it (to do this step you should not be ssh-ed to Discovery yet). Normally to see files you would use ls but to see hidden files (those that start with .) you need to add -a to the command - let’s get the long form list of all files (do ls -la).
If you don’t see .ssh, make the directory - do mkdir .ssh.
then do cd .ssh
Create RSA key for passwordless ssh
The file that Discovery uses to ‘trust’ us is called an RSA key (abbr is creators names Rivest–Shamir–Adleman). To create that key, make sure you ARE NOT ssh-ed to discovery (ie you are in your laptop’s filesystem in the ~/.ssh folder) and execute this command ssh-keygen -t rsa. - Executing this command should ask you to create the file id_rsa in your $HOME/.ssh folder; agree. - When it asks you for a password, just hit the return key (and again for the confirmation). In other words, don’t enter a password.
You should now see the id_rsa file (and maybe a couple others with that prefix) if you do ls -l.
Send RSA key to Discovery
Okay, we’ve created the key for Discovery, but now we have to give that key to discovery.
Before we send the file, we’ll need a destination (directory) to send it to on Discovery. do ssh your_login@login.discovery.neu.edu mkdir -p .ssh - you’ll get a password prompt since we haven’t completed the setup yet. This command first logs in to Discovery then makes the hidden directory called .ssh in your Discovery home directory. In the screenshot I make a directory I’ll delete later.
The key Discovery will use to authenticate us is actually the content within the file called id_rsa.pub. To send this key to Discovery, we’re going to use a command called cat which basically prints the content of a file (try doing cat id_rsa.pub by itself). We’re also going to use a pipe | (on keyboard above return key; use shift) - the pipe let’s you take standardout (like something that’s printed) and pass it to another command. So we could print the rsa key and pass it to a command to send it to discovery like so: do cat .ssh/id_rsa.pub | ssh your_login@login.discovery.neu.edu 'cat >> .ssh/authorized_keys'. You’ll be prompted for your login password again. If it works, there won’t be any fanfare - it will just give you a new prompt for your local filesystem (it makes a connection, sends the info, then ends the connection).
The command prints the file contents (cat id_rsa.pub) then sends that printout to an ssh connection | ssh me@domain then after connecting uses another cat command ('cat) to send the contents of the original file on our laptop to a discovery file >> .ssh/authorized_keys'. The command executed after connection is surrounded by single quotes: ' . Note that we used >> to append to the discovery file. Had we used just > it would have overwritten/created the file with just the new content. We’ll often have multiple computers that we use to ssh (eg a different server connecting to discovery) so we may have many keys in this authorized key file (which is why we append the new content with >>).
You should now be able to ssh without a password: do ssh your_login@login.discovery.neu.edu.
3. ssh-ing using an alias
If you’ve followed the steps above you can now connect to Discovery without a password (or another server by following the same steps), but each time you want to ssh to the server you’ll still have to type out a long command: ssh user@login.yadayada.domain. If you ever want to transfer files to/from the server you’ll also need to use the long-form user/domain: eg scp localfile.txt user@login.yadayada.domain:/path/to/transfer_location.
With an alias, you can replace the user@login with a nickname for the server and make ssh-ing much easier: eg ssh discovery. Or for transferring files: scp localfile.txt discovery:/path/to/transfer_location.
In Step 2 we created the ~/.ssh directory on our laptops. We can customize the way ssh connections “work” by using a config file (ie a ‘configuration’ file). I’m not sure if you’ll have one, but try doing: ls ~/.ssh/config. If you don’t have it, we’ll be creating it using vim below.
We’ll be using vim to add our ssh aliases to the config file. vim is basically a terminal text editor that you can view and edit the contents of files. It is actually pretty powerful, but I only use its basic parts. If you try and vim a file that doesn’t exist, one is created and you’ll see blank content.
So we want to edit the config file. Using terminal that is within your laptop’s filesystem (i.e., not ssh-ed to discovery) do vim ~/.ssh/config.
To use vim, we use the keyboard keys instead of drop down menus. To begin editing, hit the i key (for “insert”). Paste the following at the top of the file (the normal way with command+v). The first bit will apply to all hosts (*) and do a couple other things that you can look up later (this is not the alias part).
``` {style="background-color: gainsboro"}
Host *
Protocol 2
TCPKeepAlive yes
ServerAliveInterval 300
```To create aliases to servers, we provide our nickname for that host, our user name for that host, and the domain for that host (the bits after the @ of our login). The following will allow me to ssh discovery without typing out the long-form user@ domain (just change the user). Note I’ve kept the text from above for context, it should only appear once in the file.
``` {style="background-color: gainsboro"}
Host *
Protocol 2
TCPKeepAlive yes
ServerAliveInterval 300
Host discovery
User b.lind
HostName login.discovery.neu.edu
```To save the file, we’re going to tell vim to “write then quit”. To do this first hit the esc key, then type :wq (note colon) then hit enter. If you ever make a mistake while editing, or vim a non-existent file you don’t want to create, you tell vim to quit but ignore any warnings about quitting using an exclamation: :q! (note we wouldn’t tell vim to write to the file using w).
You can do this for any host. For instance here are a couple canadian servers I have configured like so:
``` {style="background-color: gainsboro"}
Host yeaman02
User brandon.lind
HostName itbioyeaman02.ucalgary.ca
Host yeaman01
User brandon.lind
HostName itbioyeaman.ucalgary.ca
Host yeaman03
User brandon.lind
HostName itbioyeaman03.ucalgary.ca
```
After successfully saving (you can always cat ~/.ssh/config to print the file), and using the correct username, you should be able to do ssh discovery (from a non ssh-ed terminal window).
As a note, you can use whatever nickname you want, really. but “discovery” is probably easiest to remember. For example, if you wanted to be able to ssh hogwarts to connect to the Discovery server you could use this in your config file instead of what we used above:
``` {style="background-color: gainsboro"}
Host hogwarts
User b.lind
HostName login.discovery.neu.edu
```