How to Use SSH
Home > Help Files >
Software Applications >
How to Use SSH
SSH (Secure Shell) is a program to log into another computer over a
network, to execute commands in a remote machine, and to move files
from one machine to another. It provides strong authentication and
secure communications over insecure channels. It is intended as a
replacement for rlogin, rsh, and rcp.
Campus Minimum Security Standards, No unencrypted
authentication is allowed. This means that you must use ssh instead
of telnet or rlogin.
The current standard SSH server is OpenSSH. Some DECF hosts run
SecureShell SSH server. There are compatibility and implementation difference between the two. Specifically:
- You cannot use scp between the two.
- The keys generated by each server are not compatible. This means
that if you want to use passphrase authentication between an OpenSSH
and SecureShell SSH server, then you need to convert the keys from one
format to another.
- The directory structures, filenames, and command-line options are different between the two.
Converting SecureShell Keys to OpenSSH Keys
These instructions only apply to people who are connecting
remotely to DECF. If you generated a public/private key on DECF hosts
with the aim of ssh'ing between DECF clients with a passphrase or null
passphrase, please read instructions here
- Find the public keys of your Secure Shell client
- ssh remote host (e.g. ssh kepler.berkeley.edu)
- mkdir ~/.ssh/
- cd ~/.ssh
- Copy and paste your public key into client.pub file.
- ssh-keygen -i -f ~/.ssh/client.pub > ~/.ssh/authorized_keys
Converting OpenSSH Keys to SecureShell Keys
- Find the public keys of OpenSSH client
- ssh remote-host
- mkdir ~/.ssh2/
- cd ~/.ssh2
- Copy and paste your public key into client.openssh.pub file.
You may need to edit the key in order to make sure it's all one line!
Your key WILL NOT work if it's not.
- ssh-keygen -e -f ~/.ssh2/client.openssh.pub > ~/.ssh2/client.pub
- echo "Key client.pub" > authorization
- Make sure you have the line "IdKey client" in your
identification file on the client/locahost side
If an SSH client is not installed on the computer you are connecting
from (e.g. when you are traveling), DECF's WebSSH can be used to
connect to our computer. WebSSH is a Java language implementation of
an SSH client that is available on the DECF website.
DECF's WebSSH can be accessed here: http://webssh.decf.berkeley.edu
SSH from Windows
If you are conencting from Windows, the following instructions will guide you through the configuration of Xming, Putty, and WinSCP, so that you can:
1) connect to our servers (requires PuTTY),
2) run programs remotely will graphical interface enabled (requires both PuTTY and Xming), and
3) transfer/download files from our server (requires WinSCP).
1. To SSH to our computers from Windows
- Download the putty.exe file from http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html.
- Open Putty by clicking on the icon.
- A window should pop up. In the category menu on the left, click on "SSH" then "X11".
- Check Enable X11 Forwarding
- Now, go back to "Session" in the category menu on the left and fill out the following:
- Host Name: kepler.berkeley.edu
- Connection Type: SSH
- Saved Sessions: Whatever you want to call it (e.g. keplerssh)
- Click the "Save" button
- That will create a profile in the saved sessions box. Select the profile name (i.e. keplerssh) and click open.
- A terminal will pop-up. Enter your username and password when prompted.
- You have now successfully logged into kepler.
You must log into kepler first everytime you want to connect to any of our client machines. From kepler, you can SSH to our client machines by issuing:
where machinename is one of the client machines found in the 1111 lab, and Archipelagos cluster. Click here to see the client machines available.
2. To Run Program Remotely with Graphical Interface from Windows
3. To Transfer Files To/From Our Server on Windows
- Download Xming from the Xming Website.
- Install Xming onto your computer.
- Open up Xming. (Nothing will pop-up, but an Xming icon should show up on the taskbar.)
- Once Xming has started, start up Putty and sign into your DECF account. (See Steps 2-7 above)
- Once logged into a client machine (1111 lab, or Archipelalgos cluster), type in the program you want to run (e.g. matlab):
- Go to http://winscp.net/eng/download.php and click "Installation package"
under WinSCP 4.1.9 or under the latest non-beta version.
- Install WinSCP with the default options.
- Open up WinSCP and enter the following:
- Host Name: kepler.berkeley.edu
- User name: your DECF username
- Password: your DECF password
- File Protocol: SFTP
- Click "Save" (The default save name will be [username]@kepler.berkeley.edu)
- This will open a window to stored sessions. Login as your saved profile in the previous step.(i.e. [username]@kepler.berkeley.edu)
- Your local computer's directory will be on left side and your DECF directory will be on right side.
- You can drag and drop between windows in order to transfer files.
- If WinSCP will not connect to our servers, check your firewall and make sure
that WinSCP is allowed to connect to the internet.
SSH from Mac
If you are conencting from Mac, the following instructions will guide you through some configurations, so that you can:
- connect to our servers,
- run programs remotely with graphical interface enabled, and
- transfer/download files from our server (requires FileZilla).
- To SSH into our machines
To run programs Remotely with a Graphical Interface
To Transfer Files To/From Our Servers on Mac
Alternatively, if you know how to use sftp and scp, you can
transfer files directly throught the Terminal program.
SSH w/o passwords Between DECF Clients (e.g. parallel computing)
For users who need to run jobs that require parallel computing (e.g. MCNP), passphrase-less public/private keys can be set up so that SSH authenticates against the keys and users need not type in a password everytime they SSH into a client machine.
To generate a passphrase-less public/private key pair on OpenSSH, simply do the following steps on kepler:
umask 022; mkdir ~/.ssh
ssh-keygen -t dsa -f decf
(*Need not type in a passphrase when prompted. Simply hit "Enter" for an empty passphrase)
Two files will be generated:
~/.ssh/decf # Your private key, which should only be readable by you.
~/.ssh/decf.pub # Your public key, which can be shared.
Next, issue the following command to make your public key usable by OpenSSH:
cat ~/.ssh/decf.pub > authorized_keys
Lastly, issue the following command to make your private key usable by OpenSSH:
echo "IdentityFile ~/.ssh/decf" > config
These instructions only apply to people who generated both
public/private keys using SecureShell SSH:
- ssh kepler.berkeley.edu
- mkdir ~/.ssh/
- cd ~/.ssh
- ssh-keygen -i -f ~/.ssh2/decf.pub > ~/.ssh/authorized_keys
- ssh-keygen -i -f ~/.ssh2/decf > ~/.ssh/decf
- echo "IdentityFile ~/.ssh/decf" > config
- chmod 600 ~/.ssh/decf
- Make sure you DECF user name and passwords are correct. If you do not remember what your password is, you can reset it here: Reset Forgotten Password
- Make sure your firewall is not blocking the SSH connection from PuTTY.
Problem Running Programs Remotely with Graphical Interface
- For Windows users, make sure you have correctly configure your PuTTY with the X11 forwarding enabled (see above), and that Exceed is already running before you start PuTTY.
- For Mac users, make sure you have X11 installed, and that you are SSH'ing into DECF with the -Y option.
SSH Keys Problem
- You generated the public/private keys, but SSH still asks for password:
- Make sure your keys are in the correct format. Currently, kepler and all client machines use SecureShell SSH. So, your public/private keys should be in SecureShell SSH format.
- Make sure your public and private keys are correctly listed in the authorization and identification files respectively.
If you are completely lost, contact firstname.lastname@example.org