Secure Shell (SSH)
Clients
on Linux and Mac, all tools are present. on Windows use one of these:
- Bitvise SSH Client (for the SSH tunnel)
- MobaXterm
- Windows subsystem Linux (WSL), install, then install e.g. Ubuntu and install the openssh.
- VSCode
- Putty, Kitty, ...
Connect
How to connect from the Office or How to connect from abroad
Connect from the office by typing either of the following in a terminal. Replace [USERNAME]
with your own.
ssh connections | |
---|---|
1 2 3 4 5 |
|
The -X
option enables X11 forwarding via ssh, i.e., permits opening graphical windows. On Windows you need to enter these details to the ssh client.
Consider using a ~/.ssh/config
configuration file to allow easier access like this:
./ssh/config | |
---|---|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 |
|
and replacing [USERNAME]
and [u:account USERNAME]
with your usernames. Using such a file allows to connect like this ssh srvx1
using the correct server adress and specified username. Copy this file as well on login.univie.ac.at
and you can use commands like this: ssh -t login ssh jet
to connect directly to jet
via the login
gateway.
Please note the special algorithms for ecaccess and of course ECMWF uses teleport now.
From eduroam: You should be able to log in as above.
From the outer world: use the VPN or srvx1.img.univie.ac.at
as jump host.
If you are a guest, you can apply for a guest u:account. This will give you access to eduroam and to the VPN. Your application needs to be endorsed by a staff member, who also determines the expiration date of the account. Please ask the sponsor first!
SSH Authentication with keys
If you want to use ssh-keys you can also use different keys in .ssh/config
per server with IdentityFile ~/.ssh/id_enc_for_server
.
Note: If you are having trouble with your ssh-key being accepted. You need to check the selinux security policy. Because we use non standard home directories, which are not accepted by default. Do that by running:
Bash | |
---|---|
1 2 3 4 5 |
|
If you are not seeing ssh_home_t
than you need to run restorecon -Rv ~/.ssh/
which should update the security policy and allow for the SSH-Daemon to accept your keys.
Please add your ssh-keys via IPA
Find a solution Questions - How to use ssh-key authentication? or Questions - How to use an ssh-agent?
Connect Script
If you are using a terminal (Mac, Linux, WSL, ...) you can use the script Download: connect2jet like this:
Bash | |
---|---|
1 |
|
connect2jet
Connect to Jet | |
---|---|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 |
|
There is also an option to forward a port, e.g. the VNC Port:
Bash | |
---|---|
1 |
|
localhost:5901
and view the VNC session. Other gateway servers can be srvx1.img.univie.ac.at
Tunneling
If you are connected to eduroam or you are on an external computer, you'll need to use an SSH tunnel. The instructions below refer to jet01, but you can do just the same with jet02.
On Linux, start Remmina, then:
- Set "Server" to
jet01.img.univie.ac.at:[DISPLAY]
in the "Basic" tab - Move to the "SSH Tunnel" tab, checkout "Enable SSH Tunnel", "Same server at port 22" and specify your favourite SSH authentication method.
- Save and connect.
On Windows, you can use Bitvise SSH Client (for the SSH tunnel) and the RealVNC VNC Viewer or MobaXterm.
Setup might be bit different for different clients, but all need these informationÖ
Option Bitvise SSH Client/MobaXterm and RealVNC:
- Start the SSH client
- Go to tab "C2S" or SSH tunnels (port forwarding)
- Set "Listen Interface" to
127.0.0.1
- Set "Listening Port" to
5900+[DISPLAY]
, e.g.,5905
- Set "Destination Host" to
jet01.img.univie.ac.at
- Set "Destination Port" to
5900+[DISPLAY]
- Now start VncViewer and connect to
127.0.0.1:5900+[DISPLAY]
SSHFS
It is possible to mount your home directory to your personal computer on Linux via sshfs
or using of course a dedicated remote file browser like: Filezilla, Cyberduck, ...
on Linux you need to install fuse2
and sshfs
, the names might vary between distributions, but are all in the default repos.
Bash | |
---|---|
1 2 3 4 |
|
MOSH
Remote terminal application that allows roaming, supports intermittent connectivity, and provides intelligent local echo and line editing of user keystrokes.
Mosh is a replacement for interactive SSH terminals. It's more robust and responsive, especially over Wi-Fi, cellular, and long-distance links.
In order to use: - install on your client, instructions
Bash | |
---|---|
1 |
|
SSH Banner
If you login in to any of the IMGW Servers you will be greeted by a banner showing some information about the system. However, after some time you might not need that information anymore.
run the following and you will never see the banner again.
Bash | |
---|---|
1 |
|
Created: October 14, 2021