Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
linux_ssh_access [2019/07/29 17:26]
ktm5j
linux_ssh_access [2020/06/03 18:49]
pgh5a
Line 1: Line 1:
 ====== Linux SSH Access ====== ====== Linux SSH Access ======
  
-All Linux servers ​in CS run an SSH server on port 22.  Anyone with a CS account may log into these servers, from both inside of the University.+All Linux servers run '​ssh'​.  Anyone with a CS account may log into these servers. ​
  
-**Update 07/29/19** We are now blocking SSH traffic for connections from outside of the UVA network. ​ This means that you are no longer able to SSH directly into CS hosts from outside of UVA.  However connections to ''​%%portal.cs.virginia.edu%%''​ are still allowed from outside of UVA.+From inside ​UVAyou can simply '​ssh' ​to CS servers.
  
-===== Quick Access =====+From outside UVA, you are not able to '​ssh'​ directly into CS servers. ​ However connections to ''​%%portal.cs.virginia.edu%%''​ are still allowed from outside of UVA.
  
-If you are familiar with SSH and are just looking for a server to log in to, try ''​%%portal.cs.virginia.edu%%''​ - a set of load balanced ​servers for general access.+===== Access from Outside UVA ===== 
 + 
 +**Use one of these options to access CS servers from outside of UVA.** 
 + 
 +==== Option 1: VPN access ==== 
 + 
 + 
 +If you are outside of the UVA network (off grounds) then you can use the [[https://​virginia.service-now.com/​its?​id=itsweb_kb_article&​sys_id=f24e5cdfdb3acb804f32fb671d9619d0|UVA VPN]] to access CS servers via SSH
 + 
 +==== Option 2: Access via portal.cs.virginia.edu ==== 
 + 
 +If you need to access CS servers from outside of UVA you can ssh directly into ''​%%portal.cs.virginia.edu%%'' ​without having to use the VPN.  Once you are logged into the ''​%%portal%%''​ cluster, you can then access other CS servers via SSH. 
 + 
 +=== Example using portal.cs === 
 + 
 +<​code>​ 
 +[ktm5j@outside-uva ~]$ ssh -l ktm5j power3.cs.virginia.edu 
 + 
 +^C                                                     <​-- Direct ssh access to power3 is denied 
 +[ktm5j@outside-uva ~]$ ssh -l ktm5j portal.cs.virginia.edu 
 +ktm5j@portal.cs.virginia.edu'​s password:  
 +Last login: Mon Jul 29 14:12:10 2019 
 +ktm5j@portal04 ~ $ hostname 
 +portal04 ​                                              <​-- We are logged into portal cluster 
 +ktm5j@portal04 ~ $ ssh gpusrv01 ​                        <​-- We can now access gpusrv01 
 +ktm5j@gpusrv01'​s password: 
 +.... 
 +ktm5j@gpusrv01 ~ $ 
 +</​code>​ 
 + 
 +=== SSH Jumphost Options === 
 + 
 +The OpenSSH ssh client has an option ''​%%-J%%''​ to specify ​host to use as a "​jumphost"​ that lets us access other servers ​inside of a firewalled network. ​ This combines two steps from the example above (ssh into portal.cs.virginia.edu and then ssh to power3) into one single command. ​ From the manpages: 
 + 
 +<​code>​ 
 +     -J destination 
 +             ​Connect to the target host by first making a ssh connection to 
 +             the jump host described by destination and then establishing a 
 +             TCP forwarding to the ultimate destination from there. ​ Multiple 
 +             jump hops may be specified separated by comma characters. ​ This 
 +             is a shortcut to specify a ProxyJump configuration directive. 
 +             Note that configuration directives supplied on the command-line 
 +             ​generally apply to the destination host and not any specified 
 +             jump hosts. ​ Use ~/​.ssh/​config to specify configuration ​for jump 
 +             ​hosts. 
 +</​code>​ 
 + 
 +Here is how we use this option to "​jump"​ from portal.cs to another CS server. ​ Let's repeat the example of logging in to ''​%%gpusrv01%%''​ 
 + 
 +<​code>​ 
 +[ktm5j@outside-uva ~]$ ssh -l ktm5j gpusrv01 -J portal.cs.virginia.edu 
 +ktm5j@portal04.cs.virginia.edu'​s password: ​                           <-- first asked to authenticate to portal 
 +ktm5j@gpusrv01'​s password: ​                                             <-- immediately able to log into gpusrv01 
 +.... 
 +ktm5j@gpusrv01 ~ $ 
 +</​code>​ 
 + 
 +This process can be made even easier with the use of password-less ssh keys.  When keys are set up properly you can log in (even using the -J jumphost options) without needing to type in a password.
  
 ===== Server Domain Names ===== ===== Server Domain Names =====
  • linux_ssh_access.txt
  • Last modified: 2020/06/03 18:49
  • by pgh5a