# Step 3. Configure your SSH
These steps will configure your SSH connection to and from your local machine and your lab. You will first configure a machine used for security purposes that we call entry
, and then one machine that we call home
were you will do your scientific computing.
Requirement
- A running VPN connection (successful implementation of Step 2).
# 3.1 Identify required info
Open the ssh-config.txt
file that you collected in Step 1 using your favourite text editor.
This file contains the necessary information for your SSH configuration. Take note of your lab-name
, your lab-IP
and your username
.
Example contents of ssh-config.txt
:
Host <your-lab-name>-entry
HostName <your-lab-IP>
User <your-username>
Expected info
- `your-lab-name' - the name of your lab
- `your-lab-IP' - the IP address of your lab
- `your-username' - your username in your lab
# 3.2 Design a passphrase
You will need to update your SSH temporary key
in the steps below. We prefer that you design a passphrase
instead of a password. A passphrase is a series of words that creates a phrase. It should be:
- long enough to be hard to guess
- not a famous quotation from the literature (but could be pretty close)
- hard to guess by intuition (even by someone who knows you well)
- easy to remember
- at least 3 characters have to be different from previous one (temporary passphrase)
Oh, and, it should be unique to this site only (not to mention at least 12 characters long and include both lower and upper cases).
Making a good passphrase is great fun and good security hygiene. Here's one to get you going:
AnalysingPokemon4FunInTheMorning
Expected outcome
A unique passphrase
of minimum 12 characters containing both lower and upper cases.
# 3.3 Configure entry
Windows
Download and save the
Putty
SSH client from this link (opens new window).Click on the
putty.exe
file that your save your local machine to start the client.Type
<your-username>@<your-lab-IP>
in the "Host Name (or IP address)" field and click "Open".Enter your
SSH temporary key
collected in Step 1 in the terminal window that appear when asked for a password and hit enter. You will not see anything on the screen when you type your password.Type the same
SSH temporary key
one more time when asked and hit enter.Enter your new
passphrase
from above and hit enter.Retype your
passphrase
for verification and hit enter. You will now be kicked out of the entry machine connection.Repeat Step 2 and 3 to verify your passphrase update. Type your
passphrase
when asked for a password. You should now be logged into your entry machine.
OS X and macOS
Start
Terminal
(Command + Space, type "Terminal").Type
ssh <your-username>@<your-lab-IP>
You should then be prompted to enter a password
<your-username>@<your-lab-IP>'s password:
Enter your
SSH temporary key
colelcted in Step 1 two times.Enter your new
passphrase
and retype for verification. You will be kicked off the entry machine by completion.Repeat step 2. and 3. to verify your passphrase update. Type your
passphrase
when asked for a password. You should now be logged into your entry machine.
Ubuntu Linux
Start
Gnome Terminal
(Ctrl + Alt + T).Type
ssh <your-username>@<your-lab-IP>
You should then be prompted to enter a password
<your-username>@<your-lab-IP>'s password:
Enter your
SSH temporary key
collected in Step 1 two times.Enter your new
passphrase
and retype for verification. You will be kicked off the entry machine by completion.Repeat step 2. and 3. to verify your passphrase update. Type your
passphrase
when asked for a password. You should now be logged into your entry machine.
Expected result
By completion your should be logged into your entry machine and see a terminal window that looks about the same as this:
Welcome to Ubuntu 16.04.3 LTS (GNU/Linux 4.4.0-174-generic x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
Get cloud support with Ubuntu Advantage Cloud Guest:
http://www.ubuntu.com/business/services/cloud
0 packages can be updated.
0 update is a security update.
Welcome to YOUR-LABNAME.
For the record, if you shouldn't be here - please
leave and report the incident to cloud@hunt.ntnu.no.
Last login: Mon Jul 2 17:40:16 2018 from 10.10.10.10
your-username@your-labname-`entry`:~$
# 3.4 Configure home
When logged into your entry machine (see expected result above), connect to your home server by typing
ssh home
in your terminal window.You will be prompted to type your
SSH temporary key
one time.Similar to above, you will be asked for a new password. Type your
passphrase
two times.Similar to above, you will be kicked out of your home machine and back to your entry machine by completion.
Similar to above, verify a successful passphrase update by logging into your home machine typing
ssh home
once more.
6 With a tiny bit of luck, you should now be logged into your lab!
Expected result
By completion your should see a terminal window that looks similar to the text below. You may differentiate between your entry and home machine by looking at the machine name at the bottom. This one should say -home:
Welcome to Ubuntu 16.04.3 LTS (GNU/Linux 4.4.0-98-generic x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
Get cloud support with Ubuntu Advantage Cloud Guest:
http://www.ubuntu.com/business/services/cloud
66 packages can be updated.
0 updates are security updates.
Welcome to YOUR-LABNAME.
For the record, if you shouldn't be here - please
leave and report the incident to cloud@hunt.ntnu.no.
Last login: Sun Dec 3 12:29:28 2017 from 10.10.10.10
your-username@your-labname-`home`:~$
# 3.5 Final steps
We hope that you will log into your lab a lot over the coming months and years. To avoid unnecessary frustration, you need to finalize your installation through the following steps:
Windows
Request Workbench for smooth access to Jupyter Notebooks, Python, RStudio, R, or MATLAB.
Configure MobaXterm for "password less" SSH access directly to your home machine, as well as click-based file transfers between your local machine and your home machine.
Configure X2Go for "password less" one-click access to graphical software in your lab, such as SPSS or Stata.
OS X, MacOS and Ubuntu Linux
When completed, the steps below should allow you to log "password less" directly into your home machine by typing:
ssh your-lab-name
# Establish a SSH alias
This will allow you to log directly into your lab without the need to remember your user name or your lab's IP address:
On your local machine, open the
ssh-config.txt
file from Step 1.2.On your local machine, add the content from the
ssh-config.txt
to the file namedconfig
in the hidden ssh-folder in your home directory (~/.ssh/config
) using your favorite file editor. You may need to generate this file if it is your first ssh-configuration.
# -- Open editor in OS X and macOS
open -Wne ~/.ssh/config
# -- Open editor in Linux Ubuntu
gedit ~/.ssh/config
- Test your new setup by typing
ssh <your-lab-name>-entry
in your terminal. For example:
ssh demolab-entry
You should now be prompted your passphrase and then be logged into your entry-machine. Exit your entry machine and return to your local machine by typing exit
.
# Establish a password-less login
This will allow you to log directly into your lab without the need to remember your passphrase.
If you already have a RSA certificate on your local computer that you would like to use, start from step 3.
- In your local computer, open a terminal.
- Generate a new RSA certificate by typing
ssh-keygen -t rsa -b 4096
. Hint enter three times. When this finishes: - Type
ssh-copy-id <your-lab-name>-entry
to add your new certificate to your entry machine. Enter yourpassphrase
when prompted for a password. - Enter
ssh-add
to add the certificate to the ssh-agent. If you don't have a running ssh-agent you may see an error message. In such a case, first entereval "$(ssh-agent -s)"
and next enterssh-add
.
# Expected result
Simple and secure, you should now be able to directly enter your home node with this command:
ssh <your-lab-name>
for example,
ssh demolab
Voilà!
Workbench
Request Workbench for smooth access to modern data science tools such as Jupyter Notebooks, Python, RStudio, R, or MATLAB.
TIP
Time for coffee!