SSH to the Lab Machines

February 2, 2015

Help with setting up your connection to the lab machines.

If you are connecting to the department of computer science computer lab from ssh on your laptop, you should, if all possible, use public key authentication rather than a password authentication.

Public key authentication is a technique that works through a key pair: a public key and a private key. The pair are related strongly, although the private key cannot be computed (practically speaking) from the public key. The public key can be used, however, in a protocol that convinces the public key holder that the counter-party of the protocol knows the private key while releasing minimal information about the private key.

To convert from password authentication to public key authentication, you log into the target machine using your password. Then you will upload your public key and add it to the end of the file authorized_keys in the .ssh subdirectory of your home directory (~/.ssh/authorized_keys) on the target machine. The presence of the public key in this file allows the holder of the matching private key to log directly into the target machine using ssh without presenting a password.

Because of the way we gateway machines into the lab, you will have to log into the gateway machine,, and then log into a lab machine from the gateway machine. You must do this, else lee might become overloaded and your login will be terminated. These instructions tell how to have a transparent login passing through the gateway machine.

Generating a Public-Private Key Pair

The ssh program suite includes a program ssh-keygen that creates key pairs. Change directory to ~/.ssh and type ssh-keygen. It will prompt you for a filename and a password to protect the private key. Omit the password for the moment. If your username for the lab machines is abcd424, a typical file name to choose is id_rsa_abcd. The result will be two files, id_rsa_abcd and

The file id_rsa_abcd must be unreadable by any other than the owner. To remind you of this, ssh will not work if the permissions on this file are not correct. The file can be handed out like candy, even to your worst enemy.

Upload the public file and add it to authorized_keys.

The file will be a single line, and this line should be included in the ~/.ssh/authorized_keys file of the server that you wish to access. This single line must be copied as is, you cannot add spaces or line feeds, which happens if you cut and paste the file contents. You should append it to the authorized_keys file on lee. At this point you will need to use your lee password to gain access to lee to make this change to the authorized_keys file.

Add machine proxies to your configuration file.

Ssh looks for the configuration file ~/.ssh/config, which contains login parameters for various targets, arranged by stanzas beginning with a Host tag. Because of the number of parameters needed to make our login transparent, we will add to (or create) this file on your home machine with appropriate stanzas.

The net effect will be you will be able to type “ssh antietam” and be instantly on the lab machine antietam. Also convenient, you will be able to type “scp file-here antietam:file-there” to copy a file here on the home machine to a file there on the lab machine antietam.

Find the file ~/.ssh/config or create it if it does not exist, and open it for editing. Pick up two machines for the list of Lab Machines (below). In this example we choose gettysburg and franklin. Add these lines to the config file:

Host lee
User abcd424
IdentityFile ~/.ssh/id_rsa_abcd


Host gettysburg
ProxyCommand ssh -o StrictHostKeyChecking=no lee nc %h 22
User abcd424
IdentityFile ~/.ssh/id_rsa_abcd


Host franklin
ProxyCommand ssh -o StrictHostKeyChecking=no lee nc %h 22
User abcd424
IdentityFile ~/.ssh/id_rsa_abcd

Now you should be able to log into gettysburg typing ssh gettysburg.

You should be able to scp to gettysburg using scp [file-to-copy] gettysburg:[pathname-on-gettsyburg].


Lab Machines

Choose at least two among these machines for your remote work. You should choose them randomly so that each machine has equal load across all students using these machines. The machines have a networked file system, so that any changes in files are available instantly to all machines. Probably best you decide which machine will be your editing machine, else you might end up writing over your work inadvertently. Be respectful of the fact that others are using these machines, including an actual graphical-user-interface user sitting with keyboard and mouse in front of the machine.


Example transcript

Matawan:~ burt$ cd ~/.ssh
Matawan:.ssh burt$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/burt/.ssh/id_rsa): id_rsa_abcd
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in id_rsa_abcd.
Your public key has been saved in
The key fingerprint is:
b2:7b:8a:8a:7e:b3:8b:b0:67:ce:43:25:2f:67:5f:74 burt@Matawan.local
The key's randomart image is:
+--[ RSA 2048]----+
| rrsa |
| == |
| |
| . . . E |
|.. + ... |
|.+=o .++. |
|+*=== o ab df |

Matawan:.ssh burt$ scp lee:.ssh/authorized_keys's password: 100% 400 0.4KB/s 00:00
Matawan:.ssh burt$ touch example-file
Matawan:.ssh burt$ scp example-file antietam:
config 100% 2955 2.9KB/s 00:00
Killed by signal 1.
Matawan:.ssh burt$ ssh antietam
Last login: Sun Feb 1 22:11:27 2015 from

[abcd424@antietam ~]$ ls
example-file public_html
[abcd424@antietam ~]$ exit
Connection to antietam closed.
Killed by signal 1.
Matawan:.ssh burt$

posted in CSC524 by admin

Powered by Wordpress and MySQL. Theme by Shlomi Noach,