UMIACS - User contributions [en]

SecureShell

2011-11-09T17:31:03Z

Azar: /* X11 Forwarding */

Secure Shell (or [http://en.wikipedia.org/wiki/Secure_Shell SSH]) is a network protocol allowing two computers to exchange data securely over an insecure network. By default use of SSH brings the user to a terminal, but the protocol can be used for other types of data transfer such as [[SFTP]] and [[SCP]].

==Connecting to an SSH Server==
Under Linux and Mac OS X, the following command from a terminal will connect a client computer to the UMIACS [[OpenLAB]].
# ssh bkirz@openlab.umiacs.umd.edu
This will give you access to a terminal on any one of the [[OpenLAB]] servers. Note that by default you will not have access to applications that require X11 to run.

All UMIACS Windows hosts are installed with SSH Secure Shell Client. Alternatively, users can install these software on their personal machines:

* [http://www.chiark.greenend.org.uk/~sgtatham/putty/ PuTTY]
* [http://ttssh2.sourceforge.jp/ ttssh2]

Alternatively, all users can use the UMIACS Intranet SFTP Web Applet located [https://intranet.umiacs.umd.edu/ssh/ here] without installing any additional software.

==X11 Forwarding==
By default, SSH only gives the user shell access to a host. Enabling X11 Forwarding allows users to run applications with Graphical User Interfaces.

Under Linux and Mac OS X, the following command from a terminal will connect a client computer to the UMIACS [[OpenLAB]] using X11 Forwarding.
# ssh '''-Y''' bkirz@openlab.umiacs.umd.edu

'''Note:''' Mac users must have X11 installed in their systems for X11 forwarding to work. This can be checked by looking for X11.app in /Applications/Utilities. You can find the installer [http://www.apple.com/support/downloads/x11formacosx.html here].

If you do not have Cygwin, you will need to forward X through Xming.
First, enable X forwarding on your secure ssh client. The option is under tunneling in the ssh client settings, shown below. This only has to be done once.

[[Image:sshXForward.jpg]]

Next, click save in the main ssh appication window to save this setting.

After this has been done, every time you want to use X forwarding, you need to make sure Xming has been started (it will appear in your task tray) through the start menu programs.
Now, you will be able to use Xwindow programs from your ssh client.

Note that the UMIACS Intranet SFTP Web Applet does ''not'' allow X11 Forwarding.

==SSH Tunneling==

You can tunnel one or more ports through an SSH connection such that your packets will look like they are coming from the host you are tunneling to. This is helpful for services that you would be normally blocked by a firewall.

Please see the [[SecureShellTunneling]] page for more information.

==Passwordless SSH with SSH Keys==

There are some situations where it is important to be able to ssh without entering a password. This is mostly required when working in clusters. This is done using ssh keys. Instead of authenticating with a password, ssh can use a pre-defined set of encryption keys to establish an authorized connection.
To setup passwordless ssh, do the following.

First, you will need to create a ssh key pair. It is possible to use a password that you will need to enter at the beginning of your work session. This is preferable as it is more secure but may cause problems for some clustered work, particularly our TORQUE/MAUI clusters. If you simply hit '''[enter]''', you will never be prompted for a password when ssh'ing which can lead to security problems.

To create a '''''passwordless''''' key, type the following. '''NOTE: This is ''REQUIRED'' for our [[ClusterGuide|TORQUE/MAUI]]-based clusters!'''

# ssh-keygen -N ""

To create a '''''passphrase-protected''''' (more-secure) key, type the following. Do not use this option if you plan to use any of our [[ClusterGuide|TORQUE/MAUI]]-based clusters.

# ssh-keygen

This will produce two files, '''id_rsa''' and '''id_rsa.pub''', the private and public keys respectively. Once you've created the keys, you will need to put them into place as follows:

# mkdir ~/.ssh
# chmod 700 ~/.ssh
# mv id_rsa ~/.ssh
# chmod 600 ~/.ssh/id_rsa
# touch ~/.ssh/authorized_keys2
# chmod 600 ~/.ssh/authorized_keys2
# cat id_rsa.pub >> ~/.ssh/authorized_keys2
# rm id_rsa.pub

It is '''very''' important that you keep your private key secure! Ensure that it is chmod'd to 600 and that you do not put it anywhere visible to other users!

If you did not select a passphrase when you generated your keys, you can now ssh without a password. If you did select a passphrase, you will need to activate the keys as follows:

# ssh-agent [SHELL]
# ssh-add -t [TIME]

In this case, "[SHELL]" is your preferred shell and "[TIME]" is the amount of time you'd like the key to be active in seconds. So, the following would start a bash shell with passwordless ssh active for 30 minutes:

# ssh-agent bash
# ssh-add -t 1800

You will be prompted for your passphrase and, when entered correctly, you will be able to ssh without entering a password.

To disable this functionality, simply delete your private key file ('''~/.ssh/id_rsa''') and remove the public key from your '''~/.ssh/authorized_keys2''' file.

==Further Information==
[http://www.openssh.org/ OpenSSH]

[http://www.openssh.com/windows.html Windows Clients]

SecureShell

2011-11-09T17:30:17Z

Azar: /* Connecting to an SSH Server */

Secure Shell (or [http://en.wikipedia.org/wiki/Secure_Shell SSH]) is a network protocol allowing two computers to exchange data securely over an insecure network. By default use of SSH brings the user to a terminal, but the protocol can be used for other types of data transfer such as [[SFTP]] and [[SCP]].

==Connecting to an SSH Server==
Under Linux and Mac OS X, the following command from a terminal will connect a client computer to the UMIACS [[OpenLAB]].
# ssh bkirz@openlab.umiacs.umd.edu
This will give you access to a terminal on any one of the [[OpenLAB]] servers. Note that by default you will not have access to applications that require X11 to run.

All UMIACS Windows hosts are installed with SSH Secure Shell Client. Alternatively, users can install these software on their personal machines:

* [http://www.chiark.greenend.org.uk/~sgtatham/putty/ PuTTY]
* [http://ttssh2.sourceforge.jp/ ttssh2]

Alternatively, all users can use the UMIACS Intranet SFTP Web Applet located [https://intranet.umiacs.umd.edu/ssh/ here] without installing any additional software.

==X11 Forwarding==
By default, SSH only gives the user shell access to a host. Enabling X11 Forwarding allows users to run applications with Graphical User Interfaces.

Under Linux and Mac OS X, the following command from a terminal will connect a client computer to the UMIACS [[OpenLAB]] using X11 Forwarding.
# ssh '''-Y''' bkirz@openlab.umiacs.umd.edu

'''Note:''' Mac users must have X11 installed in their systems for X11 forwarding to work. This can be checked by looking for X11.app in /Applications/Utilities. You can find the installer [http://www.apple.com/support/downloads/x11formacosx.html here].

Windows users can enable X11 forwarding on UMIACS desktops by using cygwin to ssh -X.
If you do not have Cygwin, you will need to forward X through Xming.
First, enable X forwarding on your secure ssh client. The option is under tunneling in the ssh client settings. This only has to be done once.

[[Image:sshXForward.jpg]]

Next, click save in the main ssh appication window to save this setting.

After this has been done, every time you want to use X forwarding, you need to make sure Xming has been started (it will appear in your task tray) through the start menu programs.
Now, you will be able to use Xwindow programs from your ssh client.

Note that the UMIACS Intranet SFTP Web Applet does ''not'' allow X11 Forwarding.

==SSH Tunneling==

You can tunnel one or more ports through an SSH connection such that your packets will look like they are coming from the host you are tunneling to. This is helpful for services that you would be normally blocked by a firewall.

Please see the [[SecureShellTunneling]] page for more information.

==Passwordless SSH with SSH Keys==

There are some situations where it is important to be able to ssh without entering a password. This is mostly required when working in clusters. This is done using ssh keys. Instead of authenticating with a password, ssh can use a pre-defined set of encryption keys to establish an authorized connection.
To setup passwordless ssh, do the following.

First, you will need to create a ssh key pair. It is possible to use a password that you will need to enter at the beginning of your work session. This is preferable as it is more secure but may cause problems for some clustered work, particularly our TORQUE/MAUI clusters. If you simply hit '''[enter]''', you will never be prompted for a password when ssh'ing which can lead to security problems.

To create a '''''passwordless''''' key, type the following. '''NOTE: This is ''REQUIRED'' for our [[ClusterGuide|TORQUE/MAUI]]-based clusters!'''

# ssh-keygen -N ""

To create a '''''passphrase-protected''''' (more-secure) key, type the following. Do not use this option if you plan to use any of our [[ClusterGuide|TORQUE/MAUI]]-based clusters.

# ssh-keygen

This will produce two files, '''id_rsa''' and '''id_rsa.pub''', the private and public keys respectively. Once you've created the keys, you will need to put them into place as follows:

# mkdir ~/.ssh
# chmod 700 ~/.ssh
# mv id_rsa ~/.ssh
# chmod 600 ~/.ssh/id_rsa
# touch ~/.ssh/authorized_keys2
# chmod 600 ~/.ssh/authorized_keys2
# cat id_rsa.pub >> ~/.ssh/authorized_keys2
# rm id_rsa.pub

It is '''very''' important that you keep your private key secure! Ensure that it is chmod'd to 600 and that you do not put it anywhere visible to other users!

If you did not select a passphrase when you generated your keys, you can now ssh without a password. If you did select a passphrase, you will need to activate the keys as follows:

# ssh-agent [SHELL]
# ssh-add -t [TIME]

In this case, "[SHELL]" is your preferred shell and "[TIME]" is the amount of time you'd like the key to be active in seconds. So, the following would start a bash shell with passwordless ssh active for 30 minutes:

# ssh-agent bash
# ssh-add -t 1800

You will be prompted for your passphrase and, when entered correctly, you will be able to ssh without entering a password.

To disable this functionality, simply delete your private key file ('''~/.ssh/id_rsa''') and remove the public key from your '''~/.ssh/authorized_keys2''' file.

==Further Information==
[http://www.openssh.org/ OpenSSH]

[http://www.openssh.com/windows.html Windows Clients]

Main Page

2011-09-06T13:09:29Z

Azar: /* Anouncements */

__NOTOC__
===Barracuda Reorganization===

'''When: Monday October 3rd 2011 8pm-12am'''

To provide even better SPAM and Virus scanning we will be reorganizing our current Barracuda SPAM Firewalls. This will provide scanning for all incoming mail including mailing lists and external email forwards.

The change will mean that your Quarantine in the future will be from your username@umiacs.umd.edu address and will be distinct from your current Quarantine settings. We will be working to provide a transition in the next few weeks for your Quarantine settings.

You may receive two mails for up to 3 weeks (21days) from the Barracudas as your old Quarantine will still be available until messages expire after they are 21 days old.

===Upgraded OpenLAB Desktop===
The desktop called raspberry in Open Lab Computer Room in AVW room 4462 has been upgraded to a newer machine and is now running Red Hat Enterprise Linux 6.

===New UNIX Print System===
We are pleased to announce the immediately available [[CUPS]] print system for our UNIX (rhel/ubuntu) users. Please contact staff@umiacs.umd.edu with any issues.

<endFeed />

==Technical Reference==

Welcome to UMIACS Wiki. This is the main place to find documentation and information about your account and the technical services that UMIACS offers. If this is your first time please start here [[GettingStarted| Getting Started]].

We provide many [[CoreServices|Core Services]] which include [[EMail]], [[Backups]] and [[VPN]].

We have lots of specific [[LabFacilities|Lab Facilities]] that you may be interested in.

Please check here if you are interested in [[OrderingEquipment|Ordering Equipment]].