This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
ssh [2017/01/27 09:56] – jansen | ssh [2017/05/19 20:42] – [Copy public key to server] deul | ||
---|---|---|---|
Line 5: | Line 5: | ||
If you do not have a personal machine you can use the '' | If you do not have a personal machine you can use the '' | ||
+ | |||
+ | === Special access === | ||
+ | Some places we visit (e.g. China or Iran) or some hotels abroad limit the internet access to web browsing only. Because you want more in such cases the ssh server of the Sterrewacht now also serves the ssh protocol on web ports 80 and 443. So you can now get access to the Sterrewacht computer systems from those limiting environments using | ||
+ | |||
+ | ssh ssh.strw.leidenuniv.nl -p 80 -l <your STRW accountname> | ||
+ | |||
+ | With this type of connectivity you can add the tunnelling options (as indicated below) to gain connectivity to a windows remote desktop or your Linux VNC environment. | ||
===== Instituut Lorentz ===== | ===== Instituut Lorentz ===== | ||
Line 15: | Line 22: | ||
--------- | --------- | ||
- | ====== SSH shell access ====== | ||
- | ====== SSH keys ====== | ||
- | ====== SFTP and SCP file access ====== | ||
====== SSH tunnels ====== | ====== SSH tunnels ====== | ||
+ | For the Mac and Linux commandline ssh client, setting up a tunnel is usually a matter of using the option \\ | ||
+ | '' | ||
+ | for forwarding a Windows remote desktop. More detail can be found in the [[vnc|vnc ssh tuning pages]]. | ||
+ | See [[linux: | ||
+ | ====== SSH client software ====== | ||
+ | Linux and macOS come with a commandline client for ssh. | ||
+ | For Windows, the recommended client is [[linux: | ||
+ | ====== SSH keys ====== | ||
+ | ====Create a key pair==== | ||
+ | To create the most simple key, with the default encryption, open up a console, and enter the following command: | ||
+ | $ ssh-keygen -t dsa | ||
+ | Generating public/ | ||
+ | Enter file in which to save the key (/ | ||
+ | Enter passphrase (empty for no passphrase): | ||
+ | Enter same passphrase again: | ||
+ | Your identification has been saved in / | ||
+ | Your public key has been saved in / | ||
+ | The key fingerprint is: | ||
+ | 7b: | ||
+ | |||
+ | When asked for a " | ||
+ | |||
+ | The ssh-keygen program will now generate both your public and your private key. For the sake of this first simple tutorial I will call these files by their default names " | ||
+ | |||
+ | Your keys are stored in the .ssh/ directory in your home directory, but you can store them where ever you'd like. | ||
+ | |||
+ | The file identity contains your private key. YOU SHOULD GUARD THIS KEY WITH YOUR LIFE! This key is used to gain access on systems which have your private key listed in their authorized keys file. I cannot stress this enough, dont have your keys drifting around. Also, make sure your private key always is chmod 600, so other users on the system won't have access to it. | ||
+ | |||
+ | The file identity.pub contains your public key, which can be added to other system' | ||
+ | |||
+ | ====Copy public key to server==== | ||
+ | To be able to log in to remote systems using your pair of keys, you will first have to add your public key on the remote server to the authorized_keys (for version 1) file, and the authorized_keys2 (for version2) file in the .ssh/ directory in your home directory on the remote machine. | ||
+ | |||
+ | In our example we will assume you don't have any keys in the authorized_keys files on the remote server. (Hint: If you do not have a remote shell, you can always use your own useraccount on your local machine as a remote shell (ssh localhost)) | ||
+ | |||
+ | First we will upload the public keys to the remote server: | ||
+ | $ cd .ssh/ | ||
+ | $ scp id_dsa.pub xxxx@zzzz: | ||
+ | id_dsa.pub | ||
+ | |||
+ | This will place your keys in your home directory on the remote server. After that we will login on the remote server using ssh or telnet the conventional way... with a password. | ||
+ | |||
+ | When you are logged in you should create a .ssh directory, and inside the .ssh/ directory create an authorized_keys and an authorized_keys2 file and add the keys to the files. Make sure the files are not readable for other users/ | ||
+ | |||
+ | Placing the key for version 2 works as follows: | ||
+ | |||
+ | $ cd .ssh | ||
+ | $ touch authorized_keys2 | ||
+ | $ chmod 600 authorized_keys2 | ||
+ | $ cat ../ | ||
+ | $ rm ../ | ||
+ | |||
+ | From now on you can login from client yyyy to server zzzz without having to specify a password. | ||
+ | |||
+ | ====== SFTP and SCP file access ====== |