This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
ssh [2021/03/24 20:17] – [Copy public key to server. 1. modern and easy, if it works] deul | ssh [2024/03/14 09:28] (current) – jansen | ||
---|---|---|---|
Line 4: | Line 4: | ||
Most of the desktop machine at the STRW can be accessed through the ssh protocol. So when you know your machine name, use that (including the strw.leidenuniv.nl domain) to access that machine directly. | Most of the desktop machine at the STRW can be accessed through the ssh protocol. So when you know your machine name, use that (including the strw.leidenuniv.nl domain) to access that machine directly. | ||
- | If you do not have a personal machine you can use the '' | + | If you do not have a personal machine you can use the '' |
+ | Note that the %%ssh.strw.leidenuniv.nl%% machine is just a gateway; it is not meant for any type of data processing, desktop environments etc. | ||
+ | |||
+ | See our [[ssh: | ||
=== Special access === | === Special access === | ||
- | Some places we visit (e.g. China or Iran) or some hotels abroad limit the internet access to web browsing only. Because you want more in such cases the ssh server of the Sterrewacht now also serves the ssh protocol on web ports 80 and 443. So you can now get access to the Sterrewacht computer systems from those limiting environments using | + | Some places we visit (e.g. China or Iran) or some hotels abroad limit the internet access to web browsing only. Because you want more in such cases, the ssh server of the Sterrewacht now also serves the ssh protocol on web ports 80 and 443. So you can now get access to the Sterrewacht computer systems from those limiting environments using |
ssh ssh.strw.leidenuniv.nl -p 80 -l <your STRW accountname> | ssh ssh.strw.leidenuniv.nl -p 80 -l <your STRW accountname> | ||
Line 34: | Line 37: | ||
====== SSH keys ====== | ====== SSH keys ====== | ||
====Create a key pair==== | ====Create a key pair==== | ||
- | To create an ssh key pair, with the proper encryption, open up a console, and enter the following command: | + | To create an ssh key pair, with the proper encryption, open up a console |
$ ssh-keygen -t ed25519 | $ ssh-keygen -t ed25519 | ||
Line 60: | Line 63: | ||
| | ||
- | When asked for a " | + | When asked for a " |
+ | ** | ||
The ssh-keygen program will now generate both your public and your private key. Your keys are stored in the .ssh/ directory in your home directory. | The ssh-keygen program will now generate both your public and your private key. Your keys are stored in the .ssh/ directory in your home directory. | ||
Line 69: | Line 73: | ||
====Simplified version in case of a shared home disk==== | ====Simplified version in case of a shared home disk==== | ||
- | This is how you authorize the key for use within a local network with shared home disk. See below for the general case of accessing a remote system. | + | This is how you authorize the key for use within a local network with shared home disk (so this is how to set up a key so you can log in using ssh without password between computers at the institute). |
+ | See below for the general case of accessing a remote system. | ||
Simply add the public part of the key to your .ssh/ | Simply add the public part of the key to your .ssh/ | ||
Line 76: | Line 81: | ||
- | ====Copy public key to server.==== | + | ====Copy public key to server==== |
===1. modern and easy, if it works=== | ===1. modern and easy, if it works=== | ||
Nowadays, ssh comes with a utility to send a public key to a remote machine (requiring you to log in using your password once, or requiring a previous key to be already in place). This will take care adding the key to the authorized_keys on the remote system. To do this, simply use: | Nowadays, ssh comes with a utility to send a public key to a remote machine (requiring you to log in using your password once, or requiring a previous key to be already in place). This will take care adding the key to the authorized_keys on the remote system. To do this, simply use: | ||
Line 83: | Line 88: | ||
ssh-copy-id user@remotehost | ssh-copy-id user@remotehost | ||
- | ====Copy public key to server. | + | === 2. the old way ==== |
To be able to log in to remote systems using your pair of keys, you will first have to add your public key on the remote server to the authorized_keys file in the .ssh/ directory in your home directory on the remote machine. | To be able to log in to remote systems using your pair of keys, you will first have to add your public key on the remote server to the authorized_keys file in the .ssh/ directory in your home directory on the remote machine. | ||
- | In our example we will assume you don't have any keys in the authorized_keys files on the remote server. | + | In our example we will assume you don't have any keys in the authorized_keys files on the remote server. |
First we will upload the public keys to the remote server: | First we will upload the public keys to the remote server: | ||
$ cd .ssh/ | $ cd .ssh/ | ||
- | $ scp id_ed25519.pub | + | $ scp id_ed25519.pub |
id_ed25519.pub | id_ed25519.pub | ||
Line 105: | Line 110: | ||
$ rm ../ | $ rm ../ | ||
- | From now on you can login from client | + | From now on you can login from client to server without having to specify a password |
+ | |||
+ | === Using the keyring and ssh agent === | ||
+ | Linx and MacOS offer a service to unlock your ssh keys (and other secrets) using your login password. This simplifies the use of passphrases on your keys, and you will only be prompted for the passphrase once when logging in (or not at all, if the session re-uses the login password). | ||
+ | |||
+ | === Configuration file === | ||
+ | Configuration for ssh can be stored at the client side (ie: on your laptop) in '' | ||
+ | |||
+ | Compression | ||
+ | |||
+ | Host *.strw.leidenuniv.nl | ||
+ | user mystrwusername | ||
+ | |||
+ | For more details, see the '' | ||