Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Next revision Both sides next revision
linux_ssh_access [2019/01/02 16:41]
ktm5j
linux_ssh_access [2020/03/30 20:09]
pgh5a [Linux SSH Access]
Line 1: Line 1:
 ====== Linux SSH Access ====== ====== Linux SSH Access ======
  
-All Linux servers ​in CS run an SSH server on port 22.  Anyone with a CS account may log into these servers, from both inside and outside of the University.+All Linux servers run '​ssh'​.  Anyone with a CS account may log into these servers.  
 + 
 +From inside UVAyou can simply '​ssh'​ to CS servers. 
 + 
 +From outside UVA, you are not able to '​ssh'​ directly into CS servers. ​ However connections to ''​%%portal.cs.virginia.edu%%''​ are still allowed ​from outside of UVA. 
 + 
 +===== Access from Outside UVA ===== 
 + 
 +==== Option 1: VPN access ==== 
 + 
 + 
 +If you are outside of the UVA network (off grounds) then you can use the [[https://​virginia.service-now.com/​its?​id=itsweb_kb_article&​sys_id=f24e5cdfdb3acb804f32fb671d9619d0|UVA VPN]] to access CS servers via SSH. 
 + 
 +==== Option 2: Access via portal.cs.virginia.edu ==== 
 + 
 +If you need to access CS servers from outside of UVA you can ssh directly into ''​%%portal.cs.virginia.edu%%''​ without having to use the VPN.  Once you are logged into the ''​%%portal%%''​ cluster, you can then access other CS servers via SSH. 
 + 
 +=== Example using portal.cs === 
 + 
 +<​code>​ 
 +[ktm5j@outside-uva ~]$ ssh -l ktm5j power3.cs.virginia.edu 
 + 
 +^C                                                     <​-- Direct ssh access to power3 is denied 
 +[ktm5j@outside-uva ~]$ ssh -l ktm5j portal.cs.virginia.edu 
 +ktm5j@portal.cs.virginia.edu'​s password:  
 +Last login: Mon Jul 29 14:12:10 2019 
 +ktm5j@portal04 ~ $ hostname 
 +portal04 ​                                              <​-- We are logged into portal cluster 
 +ktm5j@portal04 ~ $ ssh gpusrv01 ​                        <​-- We can now access gpusrv01 
 +ktm5j@gpusrv01'​s password: 
 +.... 
 +ktm5j@gpusrv01 ~ $ 
 +</​code>​ 
 + 
 +=== SSH Jumphost Options === 
 + 
 +The OpenSSH ssh client has an option ''​%%-J%%''​ to specify a host to use as a "​jumphost"​ that lets us access other servers ​inside ​of a firewalled network. ​ This combines two steps from the example above (ssh into portal.cs.virginia.edu ​and then ssh to power3) into one single command. ​ From the manpages: 
 + 
 +<​code>​ 
 +     -J destination 
 +             ​Connect to the target host by first making a ssh connection to 
 +             the jump host described by destination and then establishing a 
 +             TCP forwarding to the ultimate destination from there. ​ Multiple 
 +             jump hops may be specified separated by comma characters. ​ This 
 +             is a shortcut to specify a ProxyJump configuration directive. 
 +             Note that configuration directives supplied on the command-line 
 +             ​generally apply to the destination host and not any specified 
 +             jump hosts. ​ Use ~/​.ssh/​config to specify configuration for jump 
 +             ​hosts. 
 +</​code>​ 
 + 
 +Here is how we use this option to "​jump"​ from portal.cs to another CS server. ​ Let's repeat the example of logging in to ''​%%gpusrv01%%''​ 
 + 
 +<​code>​ 
 +[ktm5j@outside-uva ~]$ ssh -l ktm5j gpusrv01 -J portal.cs.virginia.edu 
 +ktm5j@portal04.cs.virginia.edu'​s password: ​                           <-- first asked to authenticate to portal 
 +ktm5j@gpusrv01'​s password: ​                                             <-- immediately able to log into gpusrv01 
 +.... 
 +ktm5j@gpusrv01 ~ $ 
 +</​code>​ 
 + 
 +This process can be made even easier with the use of password-less ssh keys.  When keys are set up properly you can log in (even using the -J jumphost options) without needing to type in a password.
  
 ===== Server Domain Names ===== ===== Server Domain Names =====
  • linux_ssh_access.txt
  • Last modified: 2020/07/13 19:05
  • by pgh5a