Site Tools

Trace: start
linux_ssh_access

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
linux_ssh_access [2019/01/02 11:40] ktm5jlinux_ssh_access [2025/09/08 12:21] (current) – external edit 127.0.0.1
Line 1: Line 1:
 +===== Linux Server Access =====
 +
 +All Linux servers run "secure shell" (//ssh//).  Anyone with a CS account may log into the department's servers. 
 +
 +Users on a Windows PC can use a Terminal application like //SecureCRT, Cmder, KiTTY, or Putty// to //ssh// to our servers.
 +
 +Users on a Mac can use an application like //Terminal// or //iTerm2// to //ssh// to our servers.
 +
 +If you'd like to use a graphical windowing interface to our servers, see: [[nx_lab|Nomachine Remote Desktops]]
 +
 +----
 +
 +===== On Grounds =====
 +You can //ssh// to CS servers.
 +
 +Use your CS domain userid (identical to your UVA userid) and password to //ssh// to ''%%portal%%''. For example:
 +
 +''%%ssh -l abc1de portal.cs.virginia.edu%%''. Alternatively, ''%%ssh abc1de@portal.cs.virginia.edu%%''
 +
 +----
 +
 +==== Off Grounds: Option 1: VPN access ====
 +
 +Start a VPN session to UVA using the [[https://virginia.service-now.com/its?id=itsweb_kb_article&sys_id=f24e5cdfdb3acb804f32fb671d9619d0|UVA VPN]]. Once the VPN is established, you can //ssh// to CS servers directly. Note that you should use the UVA "Anywhere" VPN, not the "More Secure" VPN.
 +
 +----
 +
 +==== Off Grounds: Option 2: ssh to portal.cs.virginia.edu ====
 +You can //ssh// directly into ''%%portal.cs.virginia.edu%%'' without having to use the UVA VPN.  Once you are logged into the ''%%portal%%'' cluster, you can then //ssh// to other CS servers. //Your username on the Mac or PC may be different from your CS/UVA userid. So be sure to include your CS/UVA userid on the ''ssh'' command line.//
 +
 +For example:
 +<code>
 +[abc1de@outside-uva ~]$ ssh abc1de@portal.cs.virginia.edu
 +abc1de@portal.cs.virginia.edu's password: 
 +Last login: Mon Jul 29 14:12:10 2021
 +abc1de@portal04 ~ $ hostname
 +portal04                                               <-- you are logged into the portal cluster
 +abc1de@portal04 ~ $ ssh gpusrv01                       <-- you can now ssh to gpusrv01
 +abc1de@gpusrv01's password:
 +abc1de@gpusrv01 ~ $                                    <-- you are logged into gpusrv01
 +</code>
 +
 +----
 +
 +==== Jumphost Option ====
 +The //ssh// command has an option ''%%-J%%'' to specify a server to use as a "jumphost" that lets you access other servers directly with one command.  This combines two steps (for example, //ssh// into //portal.cs.virginia.edu// and then //ssh// to //gpusrv01//).
 +
 +Here is how we use this option to "jump" from //portal// to another CS server.  Let's repeat the example of logging in to //gpusrv01//.
 +
 +<code>
 +[abc1de@outside-uva ~]$ ssh abc1de@gpusrv01 -J abc1de@portal.cs.virginia.edu
 +abc1de@portal04.cs.virginia.edu's password:                  <-- first asked to authenticate to portal
 +abc1de@gpusrv01's password:                                  <-- immediately able to log into gpusrv01
 +abc1de@gpusrv01 ~ $                                          <-- you are logged into gpusrv01
 +</code>
 +
 +==== SSH Configuration for Jumphost ====
 +You can also have a local configuration file with the following contents. This file is on your laptop or desktop
 +
 +  * On **Windows** this file is: ''%%C:\Users\<username>\.ssh\config%%''
 +  * On **Linux/MacOS** this file is: ''%%~/.ssh/config%%''
 +
 +<code>
 +Host *
 +    ServerAliveInterval 60
 +    
 +Host portal
 +    HostName portal.cs.virginia.edu
 +    User <userid>
 +
 +Host <CS server name>
 +    HostName <CS server name>.cs.virginia.edu
 +    User <userid>
 +    ProxyJump portal
 +</code>
 +
 +If you have an SSH keypair, you can specify it to be used for logging into a CS server. This requires that the public key contents be save in your CS home directory file ''%%~/.ssh/authorized_keys%%''
 +<code>
 +Host portal
 +    HostName portal.cs.virginia.edu
 +    User <userid>
 +    IdentityFile /home/username/.ssh/id_ed25519
 +</code>
 +
 +Then you can do the following
 +<code>
 +~$ ssh portal
 +</code>
 +
 +----
 +
 +===== SSH Key Generation for Logging into Portal =====
 +SSH keys can be generated and used for SSH authentication to CS login servers such as **portal**.
 +
 +To do this, start by generating a key. This can be done on your local computer by opening a terminal.
 +
 +=== 0.1: SSH for Linux & MacOS ===
 +Application for running this command are **Terminal**
 +
 +=== 0.2: SSH for Windows ===
 +Applications for running this commands are **Command Prompt** or **PowerShell**
 +
 +After opening the appropriate application, generate the key using one of the two options, replace ''%%<userid>%%'' with your **UVA computing ID**
 +<code>
 +~$ ssh-keygen -t ed25519 -C "<userid>@portal.cs.virginia.edu"
 +
 +OR
 +
 +~$ ssh-keygen -t rsa -b 4096 -C "<userid>@portal.cs.virginia.edu" 
 +</code>
 +
 +After doing so, you may be prompted for where to save the file to choose a non-default location, select **Enter** to use the path shown
 +<code>
 +Enter file in which to save the key (/home/username/.ssh/id_ed25519):
 +</code>
 +
 +Then, you can choose to further protect your key with a passphrase, which is recommended to do
 +<code>
 +Enter passphrase (empty for no passphrase):
 +Enter same passphrase again:
 +</code>
 +
 +Then, you will see the following output
 +<code>
 +Your identification has been saved in /home/username/.ssh/id_ed25519
 +Your public key has been saved in /home/username/.ssh/id_ed25519.pub
 +The key fingerprint is:
 +SHA256:AbCdEfg123456 <userid>@portal.cs.virginia.edu
 +The key's randomart image is:
 ++--[ED25519 256]--+
 +|        .        |
 +|       + .       |
 +|      . B .      |
 +|     o * +       |
 +|    X * S        |
 +|   + O o . .     |
 +|    .   E . o    |
 +|       . . o     |
 +|        . .      |
 ++----[SHA256]-----+
 +</code>
 +
 +Referencing the above, two files are generated
 +  - ''%%/home/username/.ssh/id_ed25519%%'', which is the **private key**, this is kept local to your computer
 +  - ''%%/home/username/.ssh/id_ed25519.pub%%'', which is the **public key**, this is copied to CS servers
 +
 +After generating the key, you will need to copy the contents of the **Public Key to your home directory on CS servers**. In this example, we'll copy **/home/username/.ssh/id_ed25519.pub** to **/u/<userid>/.ssh/authorized_keys**.
 +
 +On **MacOS** and **Linux** you can use the following command, which requires entering your SSH password, replace ''%%<userid>%%'' with your **UVA computing ID**
 +<code>
 +~$ ssh-copy-id <userid>@portal.cs.virginia.edu
 +</code>
 +
 +On **Windows**, you can run the following command in **Command Prompt** or **PowerShell**, replacing ''%%<username>%%'' with your local computer username, and replace ''%%<userid>%%'' with your **UVA computing ID**
 +<code>
 +C:\Users\<username>> type C:\Users\username\.ssh\id_ed25519.pub | ssh <userid>@portal.cs.virginia.edu "mkdir ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys"
 +</code>
 +
 +Then, after copying the the public key contents, you can use the key to SSH into portal, entering the passphrase for the key (if one was used)
 +<code>
 +~$ ssh <userid>@portal.cs.virginia.edu
 +</code>
 +
 +----
 +
 +===== Host Names depend upon your network connection =====
 +If you are on the Computer Science network just use the hostname of a server (ex. //portal//). If you are outside of the CS network (on wireless for example), use the hostname's fully qualified name (FQDN) (ex. //portal.cs.virginia.edu//). 
 +
 +----
 +
 +==== Available Servers ====
 +For a listing of generally available servers in CS, see [[compute_resources|Computing Resources]]