Merenber: /* Public key-based authentication */

2022-08-24T02:25:29Z

Public key-based authentication

← Older revision		Revision as of 21:25, 23 August 2022
Line 39:		Line 39:
	nano ~/.ssh/authorized_keys		nano ~/.ssh/authorized_keys
	</pre>		</pre>
	Paste your public key into this file. Once you are done, save and close the file (if you are using nano, run Ctrl-O, Ctrl-X).		Paste your public key into this file. Once you are done, save and close the file (if you are using nano, run Ctrl-O, Enter, Ctrl-X).

	Now whenever you run the SSH command from your computer, you won't need to enter a password anymore.		Now whenever you run the SSH command from your computer, you won't need to enter a password anymore.

Merenber: /* SOCKS proxy */

2022-08-24T02:22:06Z

SOCKS proxy

← Older revision		Revision as of 21:22, 23 August 2022
Line 67:		Line 67:

	== SOCKS proxy ==		== SOCKS proxy ==
	This is useful for when you want to proxy all of the traffic for a particular application through a remote. This requires SOCKS ~~proxy~~ from the application. Firefox is one such application, which is useful if you want to visit a website which can only be accessed from an on-campus IP address. Run the following first (you can choose a different port if you want):		This is useful for when you want to proxy all of the traffic for a particular application through a remote. This requires SOCKS support from the application. Firefox is one such application, which is useful if you want to visit a website which can only be accessed from an on-campus IP address. Run the following first (you can choose a different port if you want):
	<pre>		<pre>
	ssh -D 8132 ctdalek@corn-syrup.csclub.uwaterloo.ca		ssh -D 8132 ctdalek@corn-syrup.csclub.uwaterloo.ca

Merenber: Created page with "[https://linux.die.net/man/1/ssh SSH], or Secure SHell, is a program used to securely login to a remote computer. As of this writing, the `ssh` comman..."

2022-08-24T02:19:24Z

Created page with "[https://linux.die.net/man/1/ssh SSH], or Secure SHell, is a program used to securely login to a remote computer. As of this writing, the <code>ssh</code> comman..."

New page

[https://linux.die.net/man/1/ssh SSH], or Secure SHell, is a program used to securely login to a remote computer. As of this writing, the <code>ssh</code> command is builtin to Windows, MacOS, and Linux, so you do not need to install any third-party software to use it. However, if you are using Windows, I suggest using a dedicated terminal emulator such as Windows Terminal or Git Bash instead of the old batch command prompt window, which does not handle all ANSI escape sequences properly.

== Password-based authentication ==
See [[Machine List]] for a list of general-use machines which you may SSH into. Let's say your CSC username is <code>ctdalek</code> and you want to use the <code>corn-syrup</code> machine. Then run the following command from your terminal:
<pre>
ssh ctdalek@corn-syrup.csclub.uwaterloo.ca
</pre>
Then enter your password. If this is your first time, check the email you received from CSC when you signed up; it should contain a temporary password in it.

If you are off-campus, you will also be prompted for a 2FA code via DUO (see [[Two-Factor Authentication]] for details). Since this is annoying, I suggest setting up public key-based authentication instead (see below).

== Public key-based authentication ==
Pubkey auth is far more convenient since you do not have to enter your password every time. If you are a CS student, chances are that you may already have created an SSH key for one of your courses; if not, just run the command <code>ssh-keygen</code> and follow the prompts.

The <code>ssh-keygen</code> command will create two files: a private key and a public key, by default named id_rsa and id_rsa.pub. (If you chose ED25519 as your signature algorithm, these will be named id_ed25519 and id_ed25519.pub instead). You will want to get the content of the public key file.

On MacOS, Linux, Git Bash and PowerShell, run the following command to print the file's content:
<pre>
cat ~/.ssh/id_rsa.pub
</pre>

If you are using the old Windows command prompt, run the following instead:
<pre>
type %USERPROFILE%\.ssh\id_rsa.pub
</pre>

Copy the output to your clipboard. It will look something like this (example only):
<pre>
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCzaWV...hNUzpnsbVsHGZy7k= ctdalek@desktop-pc
</pre>
Note that the last part (in this case, "ctdalek@desktop-pc") is just a comment - you can actually put anything you want there.

Now SSH into a CSC machine. If you do not have a <code>.ssh</code> directory yet in your home directory, create it now:
<pre>
mkdir ~/.ssh
</pre>
Now open the file <code>~/.ssh/authorized_keys</code>. In this example we will use the nano text editor, but any editor will do.
<pre>
nano ~/.ssh/authorized_keys
</pre>
Paste your public key into this file. Once you are done, save and close the file (if you are using nano, run Ctrl-O, Ctrl-X).

Now whenever you run the SSH command from your computer, you won't need to enter a password anymore.

== ssh_config ==
SSH has a lot of different configuration options which can be placed in the file <code>~/.ssh/config</code> (on your local computer, not the remote). See https://linux.die.net/man/5/ssh_config for a reference. Here's a basic config file:
<pre>
Host csc
HostName corn-syrup.csclub.uwaterloo.ca
User ctdalek
</pre>
Now whenever you run <code>ssh csc</code> from your terminal, you will login to corn-syrup.

== Forward proxy ==
Let's say you're running a server program on a CSC machine, and it's running on localhost:3000 on the remote. One way to access this locally is to use a forward proxy:
<pre>
ssh -L 3000:localhost:3000 ctdalek@corn-syrup.csclub.uwaterloo.ca
</pre>
Now localhost:3000 on your local machine will be forwarded to localhost:3000 on the remote.

== Reverse proxy ==
Let's say you're running a server program locally listening on localhost:3000, and you want to access this from the remote. In this case, you want to create a reverse proxy:
<pre>
ssh -R 3000:localhost:3000 ctdalek@corn-syrup.csclub.uwaterloo.ca
</pre>
Now localhost:3000 on the remote will be forwarded to localhost:3000 on your computer.

== SOCKS proxy ==
This is useful for when you want to proxy all of the traffic for a particular application through a remote. This requires SOCKS proxy from the application. Firefox is one such application, which is useful if you want to visit a website which can only be accessed from an on-campus IP address. Run the following first (you can choose a different port if you want):
<pre>
ssh -D 8132 ctdalek@corn-syrup.csclub.uwaterloo.ca
</pre>
Now in Firefox, go to the URL <code>about:preferences</code>, scroll to the bottom, click on the Settings button, choose "Manual proxy configuration", set SOCKS Host to localhost, and set the port to 8132. Also choose "SOCKS v5" and check the "Proxy DNS when using SOCKS v5" option. Now click OK. All of Firefox's network connections should now be proxied through the remote machine.

How to SSH - Revision history

Merenber: /* Public key-based authentication */

Merenber: /* SOCKS proxy */

Merenber: Created page with "[https://linux.die.net/man/1/ssh SSH], or Secure SHell, is a program used to securely login to a remote computer. As of this writing, the ssh comman..."

Merenber: Created page with "[https://linux.die.net/man/1/ssh SSH], or Secure SHell, is a program used to securely login to a remote computer. As of this writing, the `ssh` comman..."