Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Next revision Both sides next revision
linux_ssh_access [2019/07/29 18:17]
ktm5j
linux_ssh_access [2020/07/13 19:04]
pgh5a
Line 1: Line 1:
 ====== Linux SSH Access ====== ====== Linux SSH Access ======
  
-All Linux servers ​in CS run an SSH server on port 22.  Anyone with a CS account may log into these servers, from both inside of the University.+All Linux servers run '​ssh'​.  Anyone with a CS account may log into these servers. ​
  
-**Update 07/29/19** We are now blocking SSH traffic for connections from outside of the UVA network This means that you are no longer ​able to SSH directly into CS hosts from outside of UVA.  However connections to ''​%%portal.cs.virginia.edu%%''​ are still allowed from outside of UVA.+From inside ​UVA, you can simply '​ssh'​ to CS servers typically by using a Terminal application like HyperTerm (Windows) or Terminal (Mac). 
 + 
 +From outside UVA, you are not able to '​ssh' ​directly into CS servers.  However connections to ''​%%portal.cs.virginia.edu%%''​ are still allowed from outside of UVA. 
 + 
 +You must use your CS domain userid (identical to your UVA userid) and password to '​ssh'​ to portal. For example: 
 + 
 +ssh -l jsp9ew portal.cs.virginia.edu. Alternatively,​ ssh jsp9ew@portal.cs.virginia.edu 
 + 
 +Note that if you are opening a terminal application on your Mac or PC, your username on the Mac or PC may be different from your CS domain userid. So be sure to include your CS domain userid on the '​ssh'​ command line. 
 + 
 +If you'd like to use a graphical windowing interface to department servers, see: [[nx_lab|NX Linux Remote Desktop Cluster]]
  
 ===== Access from Outside UVA ===== ===== Access from Outside UVA =====
  
-If you are outside ​of the UVA network (off campus) then you must use the [[https://​virginia.service-now.com/​its?​id=itsweb_kb_article&​sys_id=f24e5cdfdb3acb804f32fb671d9619d0|UVA VPN]] to access CS servers ​via SSH.+**Use one of these options ​to access CS servers ​from outside of UVA.**
  
-If you need to access CS servers from outside of UVA you can SSH directly into ''​%%portal.cs.virginia.edu%%''​ without having to use the VPN.  Once you are logged into the ''​%%portal%%''​ cluster, you can then access ​other CS servers via SSH.+==== Option 1: VPN access ​====
  
-**Example using portal.cs** 
  
-<​code>​ +If you are outside of the UVA network (off grounds) then you can use the [[https://​virginia.service-now.com/​its?​id=itsweb_kb_article&​sys_id=f24e5cdfdb3acb804f32fb671d9619d0|UVA VPN]] to access CS servers via SSH.
-[ktm5j@ruby ~]$ ssh -l ktm5j power3.cs.virginia.edu+
  
-^C                                                     <​-- Direct ​ssh access ​to power3 is denied +==== Option 2: Access via portal.cs.virginia.edu ==== 
-[ktm5j@ruby ~]$ ssh -l ktm5j portal.cs.virginia.edu+ 
 +You can ssh directly into ''​%%portal.cs.virginia.edu%%''​ without having ​to use the VPN.  Once you are logged into the ''​%%portal%%''​ cluster, you can then ssh to other CS servers. //Note! From off grounds, you can ONLY ssh into portal. You cannot ssh directly into other department servers.//​ 
 + 
 +<​code>​ 
 +[ktm5j@outside-uva ​~]$ ssh -l ktm5j portal.cs.virginia.edu
 ktm5j@portal.cs.virginia.edu'​s password: ​ ktm5j@portal.cs.virginia.edu'​s password: ​
 Last login: Mon Jul 29 14:12:10 2019 Last login: Mon Jul 29 14:12:10 2019
 ktm5j@portal04 ~ $ hostname ktm5j@portal04 ~ $ hostname
 portal04 ​                                              <​-- We are logged into portal cluster portal04 ​                                              <​-- We are logged into portal cluster
-ktm5j@portal04 ~ $ ssh power3 ​                         ​<-- We can now access ​power3 +ktm5j@portal04 ~ $ ssh gpusrv01 ​                        <-- We can now access ​gpusrv01 
-ktm5j@power3's password:+ktm5j@gpusrv01's password: 
 +.... 
 +ktm5j@gpusrv01 ~ $ 
 +</​code>​ 
 + 
 +=== SSH Jumphost Options === 
 + 
 +The OpenSSH ssh client has an option ''​%%-J%%''​ to specify a host to use as a "​jumphost"​ that lets you access other servers directly, in one step.  This combines two steps (ssh into portal.cs.virginia.edu and then ssh to gpusrv01) into one single command. ​ From the manpages: 
 + 
 +<​code>​ 
 +     -J destination 
 +             ​Connect to the target host by first making a ssh connection to 
 +             the jump host described by destination and then establishing a 
 +             TCP forwarding to the ultimate destination from there. ​ Multiple 
 +             jump hops may be specified separated by comma characters. ​ This 
 +             is a shortcut to specify a ProxyJump configuration directive. 
 +             Note that configuration directives supplied on the command-line 
 +             ​generally apply to the destination host and not any specified 
 +             jump hosts. ​ Use ~/​.ssh/​config to specify configuration for jump 
 +             ​hosts. 
 +</​code>​ 
 + 
 +Here is how we use this option to "​jump"​ from portal.cs to another CS server. ​ Let's repeat the example of logging in to ''​%%gpusrv01%%''​ 
 + 
 +<​code>​ 
 +[ktm5j@outside-uva ~]$ ssh -l ktm5j gpusrv01 -J portal.cs.virginia.edu 
 +ktm5j@portal04.cs.virginia.edu'​s password: ​                           <-- first asked to authenticate to portal 
 +ktm5j@gpusrv01'​s password: ​                                             <-- immediately able to log into gpusrv01 
 +.... 
 +ktm5j@gpusrv01 ~ $
 </​code>​ </​code>​
  
Line 29: Line 70:
  
 Computer Science hosts its own DNS server with authority over the ''​%%cs.virginia.edu%%''​ domain space. ​ Any server in CS will have a fully qualified domain name (fqdn) of ''​%%hostname.cs.virginia.edu%%''​. Computer Science hosts its own DNS server with authority over the ''​%%cs.virginia.edu%%''​ domain space. ​ Any server in CS will have a fully qualified domain name (fqdn) of ''​%%hostname.cs.virginia.edu%%''​.
- 
-If you want to log into a server named ''​%%gpusrv04%%'',​ then the domain address should be ''​%%gpusrv04.cs.virginia.edu%%''​. 
  
 ==== Short Names ==== ==== Short Names ====
  
-If you are inside of the Computer Science network then you can simply ​use the hostname of a server instead of its fully qualified name.  For example, if you are logged into a CS server, you can ping another server by its hostname alone.+If you are inside of the Computer Science network then use the hostname of a server instead of its fully qualified name.  For example, if you are logged into a CS server, you can ping another server by its hostname alone.
  
 <​code>​ <​code>​
  • linux_ssh_access.txt
  • Last modified: 2020/08/06 13:11
  • by pgh5a