In computing, Secure Shell or SSH is both a computer program and an associated network protocol designed for logging into and executing commands on a networked computer. The designers of SSH aimed to replace the earlier rlogin, TELNET and rsh protocols, and the resultant protocol provides secure encrypted communications between two untrusted hosts over an insecure network. Users of SSH can also use it for tunnelling, forwarding arbitrary TCP ports and X11 connections over the resultant secure channel; and can transfer files using the associated SFTP or SCP protocols. An ssh server, by default, listens on the standard TCP port 22.
SSH login
To use SSH login to the G-bar, use the command
ssh s081234@login.gbar.dtu.dk
This will give you access to the front-end machine, from where you need to connect to one of the application nodes by means of the command
linuxsh
If you want to make use of X-forwarding, add '-X' to both the ssh and the linuxsh commands.
Please note that you are not supposed to run any application on the front-end machines. In fact, most applications are available on the Linux nodes, only!
SCP utility
Often, you will need to copy your files back and forth between your computer, and the G-Bar. If you are working with a Unix-based system (Mac, Linux etc.), then this can be done using the scp-utility. To copy a file from your computer to the G-Bar:
scp file username@transfer.gbar.dtu.dk:~/
And doing it the other is just a matter of reversing the arguments. The path can be specified after : (under UNIX, ~ refers to your home directory). Note that you cannot move files from the G-Bar system when you are logged on the G-Bar to your own computer.
If you are using Windows, you may want to check out WinSCP, which provides a nice graphical user interface for accessing your G-Bar home directory.
SSH Keys
Linux
$ ssh-keygen -t rsa
Enter file in which to save the key (/home/user/.ssh/id_rsa):
Enter passphrase (empty for no passphrase): <Please use a good password here>
Enter same passphrase again:
Copy the public key to the server:
$ ssh-copy-id -i ~/.ssh/id_rsa.pub transfer.gbar.dtu.dk
MacOS
Create the key as Linux above. Copy the public key to the server:
$ cat ~/.ssh/id_rsa.pub | ssh transfer.gbar.dtu.dk "cat >> ~/.ssh/authorized_keys"
To add to your MacOS Keychain:
$ /usr/bin/ssh-add -K
Now for both Linux and MacOS you can ssh to the Gbar systems using your ssh-public-key.
Windows
As MacOS and Linux are similar in ssh key setup, the steps are fairly simple. Windows however has no native ssh/scp support, therefore you need to use some additional software: PuTTY
SSH tunnelling
Deprecation Notice: Please note that the use of VNC on the G-bar servers is no longer possible. The examples below are kept, however, as tunnelling can be used for other things as well, and VNC is a convenient example.
SSH-tunnelling is an efficient tool for protection of personal data. If you e.g. connect with a VNC client to the server G-Bar login server, the data sent between your computer and login.gbar.dtu.dk will not be encrypted. This means that others may be able to get hold of your password. If you transmit your data through a ssh-tunnel, your data will be safe.
Linux and Unix
On Linux and other Unix-like systems (e.g. G-Bar servers) the command ssh can be used. To establish a tunnel, use the command:
ssh -C -L <local port>:<server address>:<server port> <user name>@<server address>
The option -C enables ssh compression. An example:
ssh -C -L 5900:login.gbar.dtu.dk:5955 s801234@login.gbar.dtu.dk
This will log s801234 in to the G-Bar (login.gbar.dtu.dk is an alias for an appropriate server) and forward the local port 5900 to the server's port 5955.
In another terminal-session, you will then be able to write:
vncviewer -encodings "hextile copyrect" :0
to connect to the server's vnc-server on port 5955 through your ssh-tunnel. Explanation of the encodings option, see the vnc page.
If you intend to forward priviledged ports (port number < 1024) you have to be root.
Windows
On Windows it is recommended to use PuTTY. It is basically the same. To forward local port 5900 to port 5955 of the G-Bar server, do the following:
1. Start putty.exe 2. Under Category (left) choose Session. 3. Write login.gbar.dtu.dk in the field Host Name (or IP address). 4. Choose SSH as Protocol. 5. In field Port: 22. 6. Under Category (left) choose Connection => SSH => Tunnels. 7. In the fieldSource port write 5900. 8. In the field Destination write login.gbar.dtu.dk:5955. 9. Click Add. 10. Click Open.
If you want to save the settings, you can do that just before you click Open. Do the following:
1. Under Category (left) choose Session. 2. Write a name for the settings in the field Saved Sessions. 3. Click Save.
Load and save of the settings should be obvious.
You connect your vncviewer to the G-Bar through the SSH-tunnel by doing the following:
1. Start vncviewwer.exe 2. Write localhost:0 as server address. 3. Click Options 4. Choose Allow CopyRect and Hextile 5. Click OK and Connect