1 / 25

SSH Basics: Simplified Guide for Secure and Efficient Remote Access

Learn how SSH works, solve common problems, and utilize keypairs for secure remote login and automation jobs. Discover SSH forwarding benefits and utilize NX for graphical display management.

myriamw
Download Presentation

SSH Basics: Simplified Guide for Secure and Efficient Remote Access

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SSH • SSH is “Secure SHell” • Secure, compressed, widely supported, fast • Allows both users to get jobs done, and also allows system administrators to sleep at night • Clients for every platform

  2. What SSH can do • Allows you to remotely log into systems and run commands • Forward traffic over the SSH link (tunnel) • Copy files • Run commands without logging in

  3. SSH basics

  4. SSH basics

  5. SSH basics

  6. Problems already • Always have to type my username in • Always have to type in full hostname • Always have to type in my password

  7. Problems already • Default behaviour • Tries to connect to remote server using the username of your current logged in user • This can be problematic, especially for Macs • Uses the domain name of your local machine (so can’t ssh ui from everywhere in world)

  8. Problem solved You can override default behaviour by using a config file in your home directory • location is ~/.ssh/config

  9. Problem solved • Username

  10. Problem solved • Username Helps because Physics blocks/bans your IP address if you try connecting incorrectly more than 5 times • common cause of this is wrong username

  11. Problem solved 2. Full hostname

  12. Problem solved 3. Password

  13. Problem solved 5. • Create private/public key pair (ssh-keygen) • Upload public key to remote server (ssh-copy-id) • Unlock private key (ssh-add) • SSH using keypair • Perfect for automated jobs and scripts! • Won’t work with lxplus • Make sure you password protect your SSH private key • Keep private key secure!

  14. Other config options • Wildcards and regex is allowed • e.g. Host * and Host *.ph.unimelb.edu.au will both work • Note that it reads the file from top down, and stops at the first entry that matches

  15. Background of network in Physics • ui.atlas.unimelb.edu.au -> Tier 3 log in node • restricted to hosts on AARNet network (uni’s) • baker.ph.unimelb.edu.au -> School of Physics SSH gateway • accessible anywhere • All other hosts • firewalled (inaccessible) • May think that this restricts you....

  16. SSH forwarding • When you ssh, it opens a persistent connection with SSH server • We can use this connection to make other traffic travel “through” it • e.g. VNC, NX, SSH, web, files • SSH will secure this traffic too! (basis for things like TOR and VPN)

  17. SSH forwarding ssh –L localport:otherhost:otherhostport username@server

  18. SSH forwarding

  19. SSH forwarding • Connections to local port 2222 get redirected over SSH to remote ssh server, which then redirects to port 22 on ui.atlas.unimelb.edu.au • perfect for SSH’ing “directly” to UI, or for copying files from “non-Uni” places

  20. SSH forwarding

  21. SSH forwarding • Original connection must be still open! (i.e. can’t close window or disconnect) • Can do funky stuff, like be a “catch all” forwarder, for things like web (investigate the –D option in ssh and SOCKS proxy)

  22. NX • X is the graphical display manager in Linux • It is bulky, and insecure over network • Can forward this display using NX (NoMachine) • Heavily compresses data, making it easier to display overseas/at home

  23. NX • For Melbourne, baker[1-6] have NX servers • From home, port forward to port 22 on baker[1-6] through baker.ph.unimelb.edu.au • Use NX client (http://www.nomachine.com/) to connect to forwarded port

More Related