Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
linux_ssh_access [2019/01/09 14:27]
ktm5j
linux_ssh_access [2019/08/07 13:06] (current)
pgh5a [Option 1: VPN access]
Line 1: Line 1:
 ====== Linux SSH Access ====== ====== Linux SSH Access ======
  
-All Linux servers in CS run an SSH server on port 22.  Anyone with a CS account may log into these servers, from both inside and outside of the University.+All Linux servers in CS run an SSH server on port 22.  Anyone with a CS account may log into these servers.
  
-===== Quick Access =====+**Update 07/29/19** We are now blocking SSH traffic for connections from outside of the UVA network. ​ This means that you are no longer able to SSH directly into CS hosts from outside of UVA.  However connections to ''​%%portal.cs.virginia.edu%%''​ are still allowed from outside of UVA.
  
-If you are familiar with SSH and are just looking for a server to log in to, try ''​%%portal.cs.virginia.edu%%''​ - a set of load balanced ​servers for general access.+===== Access from Outside UVA ===== 
 + 
 +==== Option 1: VPN access ==== 
 + 
 + 
 +If you are outside of the UVA network (off grounds) then you can use the [[https://​virginia.service-now.com/​its?​id=itsweb_kb_article&​sys_id=f24e5cdfdb3acb804f32fb671d9619d0|UVA VPN]] to access CS servers via SSH
 + 
 +==== Option 2: Access via portal.cs.virginia.edu ==== 
 + 
 +If you need to access CS servers from outside of UVA you can SSH directly into ''​%%portal.cs.virginia.edu%%'' ​without having to use the VPN.  Once you are logged into the ''​%%portal%%''​ cluster, you can then access other CS servers via SSH. 
 + 
 +=== Example using portal.cs === 
 + 
 +<​code>​ 
 +[ktm5j@outside-uva ~]$ ssh -l ktm5j power3.cs.virginia.edu 
 + 
 +^C                                                     <​-- Direct ssh access to power3 is denied 
 +[ktm5j@outside-uva ~]$ ssh -l ktm5j portal.cs.virginia.edu 
 +ktm5j@portal.cs.virginia.edu'​s password:  
 +Last login: Mon Jul 29 14:12:10 2019 
 +ktm5j@portal04 ~ $ hostname 
 +portal04 ​                                              <​-- We are logged into portal cluster 
 +ktm5j@portal04 ~ $ ssh power3 ​                         <-- We can now access power3 
 +ktm5j@power3'​s password: 
 +.... 
 +ktm5j@power3 ~ $ 
 +</​code>​ 
 + 
 +=== SSH Jumphost Options === 
 + 
 +The OpenSSH ssh client has an option ''​%%-J%%''​ to specify ​host to use as a "​jumphost"​ that lets us access other servers ​inside of a firewalled network. ​ This combines two steps from the example above (ssh into portal.cs.virginia.edu and then ssh to power3) into one single command. ​ From the manpages: 
 + 
 +<​code>​ 
 +     -J destination 
 +             ​Connect to the target host by first making a ssh connection to 
 +             the jump host described by destination and then establishing a 
 +             TCP forwarding to the ultimate destination from there. ​ Multiple 
 +             jump hops may be specified separated by comma characters. ​ This 
 +             is a shortcut to specify a ProxyJump configuration directive. 
 +             Note that configuration directives supplied on the command-line 
 +             ​generally apply to the destination host and not any specified 
 +             jump hosts. ​ Use ~/​.ssh/​config to specify configuration ​for jump 
 +             ​hosts. 
 +</​code>​ 
 + 
 +Here is how we use this option to "​jump"​ from portal.cs to another CS server. ​ Let's repeat the example of logging in to ''​%%power3%%''​ 
 + 
 +<​code>​ 
 +[ktm5j@outside-uva ~]$ ssh -l ktm5j power3 -J portal.cs.virginia.edu 
 +ktm5j@portal04.cs.virginia.edu'​s password: ​                           <-- first asked to authenticate to portal 
 +ktm5j@power3'​s password: ​                                             <-- immediately able to log into power3 
 +.... 
 +ktm5j@power3 ~ $ 
 +</​code>​ 
 + 
 +This process can be made even easier with the use of password-less ssh keys.  When keys are set up properly you can log in (even using the -J jumphost options) without needing to type in a password.
  
 ===== Server Domain Names ===== ===== Server Domain Names =====
  • linux_ssh_access.1547044029.txt.gz
  • Last modified: 2019/01/09 14:27
  • by ktm5j