Getting Help

Lab Schedule

How to Use SSH


Home > Help Files > Software Applications > SSH > How to Use SSH

Contents


Overview

SSH (Secure Shell) is a program to log into another computer over a network, to execute commands in a remote machine, and to move files from one machine to another. It provides strong authentication and secure communications over insecure channels. It is intended as a replacement for rlogin, rsh, and rcp.

Per Campus Minimum Security Standards, No unencrypted authentication is allowed. This means that you must use ssh instead of telnet or rlogin.


Converting keys between OpenSSH and SecureShell SSH

The current standard SSH server is OpenSSH. Some DECF hosts run SecureShell SSH server. There are compatibility and implementation difference between the two. Specifically:
  1. You cannot use scp between the two.
  2. The keys generated by each server are not compatible. This means that if you want to use passphrase authentication between an OpenSSH and SecureShell SSH server, then you need to convert the keys from one format to another.
  3. The directory structures, filenames, and command-line options are different between the two.

Converting SecureShell Keys to OpenSSH Keys

These instructions only apply to people who are connecting remotely to DECF. If you generated a public/private key on DECF hosts with the aim of ssh'ing between DECF clients with a passphrase or null passphrase, please read instructions here

  1. Find the public keys of your Secure Shell client
  2. ssh remote host (e.g. ssh kepler.berkeley.edu)
  3. mkdir ~/.ssh/
  4. cd ~/.ssh
  5. Copy and paste your public key into client.pub file.
  6. ssh-keygen -i -f ~/.ssh/client.pub > ~/.ssh/authorized_keys

Converting OpenSSH Keys to SecureShell Keys

  1. Find the public keys of OpenSSH client
  2. ssh remote-host
  3. mkdir ~/.ssh2/
  4. cd ~/.ssh2
  5. Copy and paste your public key into client.openssh.pub file. You may need to edit the key in order to make sure it's all one line! Your key WILL NOT work if it's not.
  6. ssh-keygen -e -f ~/.ssh2/client.openssh.pub > ~/.ssh2/client.pub
  7. echo "Key client.pub" > authorization
  8. Make sure you have the line "IdKey client" in your identification file on the client/locahost side


WebSSH

If an SSH client is not installed on the computer you are connecting from (e.g. when you are traveling), DECF's WebSSH can be used to connect to our computer. WebSSH is a Java language implementation of an SSH client that is available on the DECF website.

DECF's WebSSH can be accessed here: http://webssh.decf.berkeley.edu


SSH from Windows

If you are conencting from Windows, the following instructions will guide you through the configuration of Xming, Putty, and WinSCP, so that you can:

    1) connect to our servers (requires PuTTY),
    2) run programs remotely will graphical interface enabled (requires both PuTTY and Xming), and
    3) transfer/download files from our server (requires WinSCP).

1. To SSH to our computers from Windows

  1. Download the putty.exe file from http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html.

  2. Open Putty by clicking on the icon.

  3. A window should pop up. In the category menu on the left, click on "SSH" then "X11".
    • Check Enable X11 Forwarding

  4. Now, go back to "Session" in the category menu on the left and fill out the following:
    • Host Name: kepler.berkeley.edu
    • Connection Type: SSH
    • Saved Sessions: Whatever you want to call it (e.g. keplerssh)
    • Click the "Save" button

  5. That will create a profile in the saved sessions box. Select the profile name (i.e. keplerssh) and click open.

  6. A terminal will pop-up. Enter your username and password when prompted.

  7. You have now successfully logged into kepler.

    You must log into kepler first everytime you want to connect to any of our client machines. From kepler, you can SSH to our client machines by issuing:

      ssh machinename
    where machinename is one of the client machines found in the 1111 lab, and Archipelagos cluster. Click here to see the client machines available.

2. To Run Program Remotely with Graphical Interface from Windows

  1. Download Xming from the Xming Website.

  2. Install Xming onto your computer.

  3. Open up Xming. (Nothing will pop-up, but an Xming icon should show up on the taskbar.)

  4. Once Xming has started, start up Putty and sign into your DECF account. (See Steps 2-7 above)

  5. Once logged into a client machine (1111 lab, or Archipelalgos cluster), type in the program you want to run (e.g. matlab):
      matlab

3. To Transfer Files To/From Our Server on Windows

  1. Go to http://winscp.net/eng/download.php and click "Installation package" under WinSCP 4.1.9 or under the latest non-beta version.

  2. Install WinSCP with the default options.

  3. Open up WinSCP and enter the following:
    • Host Name: kepler.berkeley.edu
    • User name: your DECF username
    • Password: your DECF password
    • File Protocol: SFTP
    • Click "Save" (The default save name will be [username]@kepler.berkeley.edu)

  4. This will open a window to stored sessions. Login as your saved profile in the previous step.(i.e. [username]@kepler.berkeley.edu)

  5. Your local computer's directory will be on left side and your DECF directory will be on right side.
    • You can drag and drop between windows in order to transfer files.

  6. If WinSCP will not connect to our servers, check your firewall and make sure that WinSCP is allowed to connect to the internet.


SSH from Mac

Mac

If you are conencting from Mac, the following instructions will guide you through some configurations, so that you can:
  1. connect to our servers,
  2. run programs remotely with graphical interface enabled, and
  3. transfer/download files from our server (requires FileZilla).
  1. To SSH into our machines

    • Simply use the Mac OS X built-in Terminal (Open Applications -> Utilities -> Terminal). Then issue the following command:
      ssh username@kepler.berkeley.edu
      where username is your DECF user name.
    • From kepler, you can SSH to our client machines by issuing:
      ssh machinename
      where machinename is one of the client machines found in the 1111 lab or Archipelagos cluster. Click here to see the client machines available.

  2. To run programs Remotely with a Graphical Interface

    • Make sure you have X11 installed. It's in the original DVD that came with the Mac or you can download it here.
    • Once X11 is installed, issue the following command in your Terminal to enable X11 Forwarding within your SSH connection:

      ssh -YC username@kepler.berkeley.edu
    • From kepler, ssh to a computing clients (see 1 above), then type in the program you want to run (e.g. matlab).

  3. To Transfer Files To/From Our Servers on Mac
    • Download and install the program FileZilla
    • Follow both the Client Tutorial and the Usage Guide on how to use FileZilla.
    • Make sure to use the following parameters when connecting using FileZilla:
        Hostname: sftp://kepler.berkeley.edu
        Username: Your DECF User Name
        Password: Your DECF Password
        

    • Alternatively, if you know how to use sftp and scp, you can transfer files directly throught the Terminal program.

SSH w/o passwords Between DECF Clients (e.g. parallel computing)

For users who need to run jobs that require parallel computing (e.g. MCNP), passphrase-less public/private keys can be set up so that SSH authenticates against the keys and users need not type in a password everytime they SSH into a client machine.

To generate a passphrase-less public/private key pair on OpenSSH, simply do the following steps on kepler:

    umask 022; mkdir ~/.ssh
    cd ~/.ssh
    ssh-keygen -t dsa -f decf
    (*Need not type in a passphrase when prompted.  Simply hit "Enter" for an empty passphrase)
Two files will be generated:
    ~/.ssh/decf           # Your private key, which should only be readable by you.
    ~/.ssh/decf.pub                # Your public key, which can be shared.
Next, issue the following command to make your public key usable by OpenSSH:
    cat ~/.ssh/decf.pub > authorized_keys
Lastly, issue the following command to make your private key usable by OpenSSH:
    echo "IdentityFile ~/.ssh/decf" > config

Converting SecureShell Keys to OpenSSH

These instructions only apply to people who generated both public/private keys using SecureShell SSH:

  1. ssh kepler.berkeley.edu
  2. mkdir ~/.ssh/
  3. cd ~/.ssh
  4. ssh-keygen -i -f ~/.ssh2/decf.pub > ~/.ssh/authorized_keys
  5. ssh-keygen -i -f ~/.ssh2/decf > ~/.ssh/decf
  6. echo "IdentityFile ~/.ssh/decf" > config
  7. chmod 600 ~/.ssh/decf

Common Problems

Log-in Problem

  • Make sure you DECF user name and passwords are correct. If you do not remember what your password is, you can reset it here: Reset Forgotten Password

  • Make sure your firewall is not blocking the SSH connection from PuTTY.

Problem Running Programs Remotely with Graphical Interface

  • For Windows users, make sure you have correctly configure your PuTTY with the X11 forwarding enabled (see above), and that Exceed is already running before you start PuTTY.

  • For Mac users, make sure you have X11 installed, and that you are SSH'ing into DECF with the -Y option.

SSH Keys Problem

  • You generated the public/private keys, but SSH still asks for password:

    • Make sure your keys are in the correct format. Currently, kepler and all client machines use SecureShell SSH. So, your public/private keys should be in SecureShell SSH format.
    • Make sure your public and private keys are correctly listed in the authorization and identification files respectively.

If you are completely lost, contact consult@newton.berkeley.edu