Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
linux_ssh_access [2019/01/02 16:31]
ktm5j
linux_ssh_access [2020/06/03 18:49] (current)
pgh5a
Line 1: Line 1:
 ====== Linux SSH Access ====== ====== Linux SSH Access ======
  
-All Linux servers ​in CS run an SSH server on port 22.  Anyone with a CS account may log into these servers, from both inside and outside of the University.+All Linux servers run '​ssh'​.  Anyone with a CS account may log into these servers.  
 + 
 +From inside UVAyou can simply '​ssh'​ to CS servers. 
 + 
 +From outside UVA, you are not able to '​ssh'​ directly into CS servers. ​ However connections to ''​%%portal.cs.virginia.edu%%''​ are still allowed ​from outside of UVA. 
 + 
 +===== Access from Outside UVA ===== 
 + 
 +**Use one of these options to access CS servers from outside of UVA.** 
 + 
 +==== Option 1: VPN access ==== 
 + 
 + 
 +If you are outside of the UVA network (off grounds) then you can use the [[https://​virginia.service-now.com/​its?​id=itsweb_kb_article&​sys_id=f24e5cdfdb3acb804f32fb671d9619d0|UVA VPN]] to access CS servers via SSH. 
 + 
 +==== Option 2: Access via portal.cs.virginia.edu ==== 
 + 
 +If you need to access CS servers from outside of UVA you can ssh directly into ''​%%portal.cs.virginia.edu%%''​ without having to use the VPN.  Once you are logged into the ''​%%portal%%''​ cluster, you can then access other CS servers via SSH. 
 + 
 +=== Example using portal.cs === 
 + 
 +<​code>​ 
 +[ktm5j@outside-uva ~]$ ssh -l ktm5j power3.cs.virginia.edu 
 + 
 +^C                                                     <​-- Direct ssh access to power3 is denied 
 +[ktm5j@outside-uva ~]$ ssh -l ktm5j portal.cs.virginia.edu 
 +ktm5j@portal.cs.virginia.edu'​s password:  
 +Last login: Mon Jul 29 14:12:10 2019 
 +ktm5j@portal04 ~ $ hostname 
 +portal04 ​                                              <​-- We are logged into portal cluster 
 +ktm5j@portal04 ~ $ ssh gpusrv01 ​                        <​-- We can now access gpusrv01 
 +ktm5j@gpusrv01'​s password: 
 +.... 
 +ktm5j@gpusrv01 ~ $ 
 +</​code>​ 
 + 
 +=== SSH Jumphost Options === 
 + 
 +The OpenSSH ssh client has an option ''​%%-J%%''​ to specify a host to use as a "​jumphost"​ that lets us access other servers ​inside ​of a firewalled network. ​ This combines two steps from the example above (ssh into portal.cs.virginia.edu ​and then ssh to power3) into one single command. ​ From the manpages: 
 + 
 +<​code>​ 
 +     -J destination 
 +             ​Connect to the target host by first making a ssh connection to 
 +             the jump host described by destination and then establishing a 
 +             TCP forwarding to the ultimate destination from there. ​ Multiple 
 +             jump hops may be specified separated by comma characters. ​ This 
 +             is a shortcut to specify a ProxyJump configuration directive. 
 +             Note that configuration directives supplied on the command-line 
 +             ​generally apply to the destination host and not any specified 
 +             jump hosts. ​ Use ~/​.ssh/​config to specify configuration for jump 
 +             ​hosts. 
 +</​code>​ 
 + 
 +Here is how we use this option to "​jump"​ from portal.cs to another CS server. ​ Let's repeat the example of logging in to ''​%%gpusrv01%%''​ 
 + 
 +<​code>​ 
 +[ktm5j@outside-uva ~]$ ssh -l ktm5j gpusrv01 -J portal.cs.virginia.edu 
 +ktm5j@portal04.cs.virginia.edu'​s password: ​                           <-- first asked to authenticate to portal 
 +ktm5j@gpusrv01'​s password: ​                                             <-- immediately able to log into gpusrv01 
 +.... 
 +ktm5j@gpusrv01 ~ $ 
 +</​code>​ 
 + 
 +This process can be made even easier with the use of password-less ssh keys.  When keys are set up properly you can log in (even using the -J jumphost options) without needing to type in a password.
  
 ===== Server Domain Names ===== ===== Server Domain Names =====
Line 8: Line 71:
  
 If you want to log into a server named ''​%%gpusrv04%%'',​ then the domain address should be ''​%%gpusrv04.cs.virginia.edu%%''​. If you want to log into a server named ''​%%gpusrv04%%'',​ then the domain address should be ''​%%gpusrv04.cs.virginia.edu%%''​.
 +
 +==== Short Names ====
 +
 +If you are inside of the Computer Science network then you can simply use the hostname of a server instead of its fully qualified name.  For example, if you are logged into a CS server, you can ping another server by its hostname alone.
 +
 +<​code>​
 +username@power5:​~$ ping power3
 +PING power3.cs.virginia.edu (128.143.67.43) 56(84) bytes of data.
 +64 bytes from power3.cs.virginia.edu (128.143.67.43):​ icmp_seq=1 ttl=64 time=0.149 ms
 +64 bytes from power3.cs.virginia.edu (128.143.67.43):​ icmp_seq=2 ttl=64 time=0.123 ms
 +</​code>​
 +
 +This will not work from outside of the CS network unless you modify your DNS search path to contain ''​%%cs.virginia.edu%%''​.
  
 ===== Login ===== ===== Login =====
  
-==== From Linux/Unix ====+==== From Linux/Mac OS ====
  
-To log into this server from another Linux system, run the following from a shell:+To log into this server from another ​computer running ​Linux/Unix/MacOS, run the following from a shell:
  
 <​code>​ <​code>​
Line 21: Line 97:
 [username@gpusrv04 ~]$ [username@gpusrv04 ~]$
 </​code>​ </​code>​
 +
 +In Mac OS the Terminal app can be found in the Utilities folder under Applications.
  
 ==== From Windows ==== ==== From Windows ====
  
 For information about SSH clients for Windows, see the article [[windows_ssh|SSH from Windows]] For information about SSH clients for Windows, see the article [[windows_ssh|SSH from Windows]]
 +
 +===== Servers =====
 +
 +For a listing of generally available servers in CS, see the article [[compute_resources|General Purpose Nodes]]
  
 ===== Login Restrictions (Info for Faculty) ===== ===== Login Restrictions (Info for Faculty) =====
  • linux_ssh_access.1546446666.txt.gz
  • Last modified: 2019/01/02 16:31
  • by ktm5j