Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
linux_ssh_access [2020/09/01 18:02]
pgh5a
linux_ssh_access [2021/04/13 19:34]
pgh5a
Line 3: Line 3:
 All Linux servers run "​secure shell" - '​ssh'​. ​ Anyone with a CS account may log into these servers. ​ All Linux servers run "​secure shell" - '​ssh'​. ​ Anyone with a CS account may log into these servers. ​
  
-On Grounds, you can simply '​ssh'​ to CS servers ​typically by using a Terminal application like HyperTerm (Windows) or Terminal (Mac).+On Grounds, you can simply '​ssh'​ to CS servers.
  
-Off Grounds, you are not able to '​ssh'​ directly into CS servers.  However connections to ''​%%portal.cs.virginia.edu%%'' ​are allowed from off Grounds.+Off Grounds, you are not able to '​ssh'​ directly into most CS servers ​except ​''​%%portal.cs.virginia.edu%%''​.
  
 You must use your CS domain userid (identical to your UVA userid) and password to '​ssh'​ to portal. For example: You must use your CS domain userid (identical to your UVA userid) and password to '​ssh'​ to portal. For example:
Line 11: Line 11:
 ''​%%ssh -l abc1de portal.cs.virginia.edu%%''​. Alternatively,​ ''​%%ssh abc1de@portal.cs.virginia.edu%%''​ ''​%%ssh -l abc1de portal.cs.virginia.edu%%''​. Alternatively,​ ''​%%ssh abc1de@portal.cs.virginia.edu%%''​
  
-Note that if you are opening a terminal application ​on your Mac or PC, your username on the Mac or PC may be different from your CS/UVA userid. So be sure to include your userid on the '​ssh'​ command line.+Most users on Mac or Windows ​PC will use a Terminal application like SecureCRTCmder, KiTTY, or Putty (Windows), Terminal or iTerm2 (Mac) to '​ssh'​ to our linux servers. 
 + 
 +Note that your username on the Mac or PC may be different from your CS/UVA userid. So be sure to include your userid on the '​ssh'​ command line.
  
 If you'd like to use a graphical windowing interface to department servers, see: [[nx_lab|NX Linux Remote Desktop Cluster]] If you'd like to use a graphical windowing interface to department servers, see: [[nx_lab|NX Linux Remote Desktop Cluster]]
Line 22: Line 24:
  
  
-If you are outside of the UVA network (off grounds) then you can first start a VPN session to UVA using the [[https://​virginia.service-now.com/​its?​id=itsweb_kb_article&​sys_id=f24e5cdfdb3acb804f32fb671d9619d0|UVA VPN]]. Once the VPN is established,​ you can '​ssh'​ to CS servers directly.+If you are outside of the UVA network (off grounds) then you can first start a VPN session to UVA using the [[https://​virginia.service-now.com/​its?​id=itsweb_kb_article&​sys_id=f24e5cdfdb3acb804f32fb671d9619d0|UVA VPN]]. Once the VPN is established,​ you can '​ssh'​ to CS servers directly. Note that you should use the UVA "​Anywhere"​ VPN, not the "More Secure"​ VPN.
  
 === Option 2: Access via portal.cs.virginia.edu === === Option 2: Access via portal.cs.virginia.edu ===
Line 34: Line 36:
 abc1de@portal04 ~ $ hostname abc1de@portal04 ~ $ hostname
 portal04 ​                                              <​-- We are logged into portal cluster portal04 ​                                              <​-- We are logged into portal cluster
-abc1de@portal04 ~ $ ssh gpusrv01 ​                        ​<-- We can now access ​gpusrv01+abc1de@portal04 ~ $ ssh gpusrv01 ​                      ​<-- We can now '​ssh'​ to gpusrv01
 abc1de@gpusrv01'​s password: abc1de@gpusrv01'​s password:
 .... ....
Line 42: Line 44:
 === Jumphost Option === === Jumphost Option ===
  
-The ssh client has an option ''​%%-J%%''​ to specify a host to use as a "​jumphost"​ that lets you access other servers directly, in one step.  This combines two steps (for example, ssh into portal.cs.virginia.edu and then ssh to gpusrv01) into one single command. ​ From the //man// page: +The ssh client has an option ''​%%-J%%''​ to specify a host to use as a "​jumphost"​ that lets you access other servers directly ​with one command.  This combines two steps (for example, ssh into portal.cs.virginia.edu and then ssh to gpusrv01) into one single command.
- +
-<​code>​ +
-     -J destination +
-             ​Connect to the target host by first making a ssh connection to +
-             the jump host described by destination and then establishing a +
-             TCP forwarding to the ultimate destination from there. ​ Multiple +
-             jump hops may be specified separated by comma characters. ​ This +
-             is a shortcut to specify a ProxyJump configuration directive. +
-             Note that configuration directives supplied on the command-line +
-             ​generally apply to the destination host and not any specified +
-             jump hosts. ​ Use ~/​.ssh/​config to specify configuration for jump +
-             ​hosts. +
-</​code>​+
  
 Here is how we use this option to "​jump"​ from portal.cs to another CS server. ​ Let's repeat the example of logging in to ''​%%gpusrv01%%''​ Here is how we use this option to "​jump"​ from portal.cs to another CS server. ​ Let's repeat the example of logging in to ''​%%gpusrv01%%''​
  
 <​code>​ <​code>​
-[abc1de@outside-uva ~]$ ssh -l abc1de gpusrv01 -J portal.cs.virginia.edu +[abc1de@outside-uva ~]$ ssh abc1de@gpusrv01 -J abc1de@portal.cs.virginia.edu 
-abc1de@portal04.cs.virginia.edu'​s password: ​                           <-- first asked to authenticate to portal +abc1de@portal04.cs.virginia.edu'​s password: ​                 <-- first asked to authenticate to portal 
-abc1de@gpusrv01'​s password: ​                                             <-- immediately able to log into gpusrv01+abc1de@gpusrv01'​s password: ​                                 <-- immediately able to log into gpusrv01
 .... ....
 abc1de@gpusrv01 ~ $ abc1de@gpusrv01 ~ $
Line 105: Line 94:
 === Servers === === Servers ===
  
-For a listing of generally available servers in CS, see the article [[compute_resources|General Purpose Nodes]]+For a listing of generally available servers in CS, see the article [[compute_resources|Computing Resources]]
  
 === Login Restrictions (Info for Faculty) === === Login Restrictions (Info for Faculty) ===
Line 124: Line 113:
  
 <​code>​ <​code>​
-sshd;​*;​!root&​fls4t&ejs3s&pgh5a;​!Al0000-2400+sshd;​*;​!root&​abc1de&fgh1ij&klm1no;​!Al0000-2400
 </​code>​ </​code>​
  
-This line is formatted such that the users listed are separated by ampersand ''​%%&​%%''​ characters. ​ This entry will allow the users ''​%%root%%'',​ ''​%%fls4t%%'',​ ''​%%ejs3s%%''​ and ''​%%pgh5a%%''​ are allowed access. ​ **Be sure to always include yourself and root in this rule.  Failure to do so may result in everyone becoming locked out.**+This line is formatted such that the users listed are separated by ampersand ''​%%&​%%''​ characters. ​ This entry will allow the users ''​%%root%%'',​ ''​%%abc1de%%'',​ ''​%%fgh1ij%%''​ and ''​%%klm1no%%''​ are allowed access. ​ **Be sure to always include yourself and root in this rule.  Failure to do so may result in everyone becoming locked out.**
  
-If we wanted to add the user ''​%%ktm5j%%''​ to this rule above, we would insert the string ''​%%&​ktm5j%%''​ like this:+If we wanted to add the user ''​%%pqr1st%%''​ to this rule above, we would insert the string ''​%%&​pqr1st%%''​ like this:
  
 <​code>​ <​code>​
-sshd;​*;​!root&​fls4t&ejs3s&pgh5a&ktm5j;​!Al0000-2400+sshd;​*;​!root&​abc1de&fgh1ij&klm1no&pqr1st;​!Al0000-2400
 </​code>​ </​code>​
  
 Changes to this file take effect immediately,​ no services need to be restarted. ​ When editing this file, be sure that you keep at least one active ssh connection until you have tested your changes. ​ This will prevent becoming locked out if any errors are made! Changes to this file take effect immediately,​ no services need to be restarted. ​ When editing this file, be sure that you keep at least one active ssh connection until you have tested your changes. ​ This will prevent becoming locked out if any errors are made!
  • linux_ssh_access.txt
  • Last modified: 2021/04/13 19:34
  • by pgh5a