Connecting via SSH


HPCC servers do not support direct logins or file transfers via telnet , rlogin , ftp , or rcp . All of these programs transmit passwords in the clear and have other vulnerabilities. Please login/transfer files using the Secure Shell protocol (ssh), which encrypts your entire login session. You must install a secure shell client on your local computer.

We recommend the free programs putty/pscp/psftp for windows and open ssh for unix/linux/Mac OS X. We also recommend two downloadable ssh client for MS-Windows, LabF.com which allows 30 minute sessions without registration, and F-Secure SSH. Please remember set SSH version 2 in your client programs.


Using PuTTY with Windows


To connect to TSU-HPCC servers using putty.exe from a Windows PC. To start putty.exe , click on the shortcut if you have one, or open a command window and type in putty . If the PC says PuTTY is not recognized .. , make sure that the executable putty.exe is located in a directory that is in the system path, or start it from the directory containing the executable. A gray window should open. We will give sample connection instructions for ares.tsu.edu. Substitute as needed. On the first execution of putty, enter ares.tsu.edu under Host Name , click the SSH button under Protocol, enter session name under Saved Sessions, click the Save button under Saved Sessions , then click the SSH button under Category, which opens a new window Options controlling SSH connections . In this window click the 2 button under Preferred SSH protocol version, and click 3DES button under Encryption options . Now putty is set up, and you can click the Open button at the bottom of the window to start.

On the first execution, it will open a black terminal window overlaid by a gray window PuTTY Security Alert which says The server's host key is not cached in the registry. This security warning will also come up after the server is rebooted. Normally it may be ignored, click the Yes button at the bottom of the window to start. Then enter your username and password in the black terminal window as with telnet. If the black terminal window does not open, but a small gray window PuTTY Error says Unable to open connection to ares.tsu.edu, then either ares.tsu.edu is down or your pc does not properly resolve hostname's. In that case, restart putty , load your saved settings and replace the hostname ares.tsu.edu with its numeric IP address, (outside: 67.66.218.111. inside: 10.0.11.111), then save the session and open the session. If that does not work, either ares.tsu.edu or the network in between are down.

You may also use the putty file transfer programs pscp.exe and psftp.exe as a replacement for ftp. The programs are run from a PC command window.

The psftp.exe program emulates unix sftp or ftp, so just open a command window, psftp ares.tsu.edu , login with username and password, and use put or get to upload or download.

Some putty program options are not easily saved from the program. The options are stored in the PC registry. To change them permanently, start regedit in the section Software\SimonTatham\PuTTY\Sessions . Some of the more useful options are Font, FontHeight, Protocol, SshProt, TerminalType, TermWidth with default values Courier, 10, telnet, 1, ansi, 80 and suggested values to your preference such as Lucinda Console, 10, ssh, 2, xterm, 132 . The terminal type should match the value of the unix environment variable TERM .

For more information visit the PuTTY homepage


Using OPENSSH with Unix/Linux/Mac OS X


Many unix machines have ssh installed by default. Enter which ssh to see if it is in your path, and if it is, enter ssh -V to make sure it is version 2+ or supports protocol version 2. Openssh is updated often for security fixes, and you may download the latest source tar distributions for unix and linux systems at http://www.openssh.org. Generally for Unix/Linux client versions of openssh , you will also need the freeware libraries openssl , pam , and zlib .

Compiled linux binaries are at your distribution site or at http://www.rpmfind.net.

Compiled Sun binaries are at http://www.sunfreeware.com.

The openssh distribution will include the file transfer program scp. Usage is similar to the Windows program pscp.exe .


Security Update: Login using RSA encryption



In March of 2009, there was close to 100,000 breakin attempts per day of the Ares cluster. Because of this we have decided to go to a PGP passphrase login system. You need a pair of public-private keys. The private key stays in the computer from where you connect to Ares: your laptop, your desktop, etc. The public key is appended in Ares to:

~/.ssh/authorized_keys

The keys are signed by a passphrase, as opposed to a password, this can be a real phrase, like: "I love Obama, but he hates me." You can use ssh-agent to type the passphrase only once per session. Subsequent login will not ask for password/passphrase.

Direction:

on the LOCAL computer:
"ssh-keygen -t rsa" to create two files:
a secret key: ~/.ssh/id_rsa
and a public key: ~/.ssh/id_rsa.pub
(you will be asked to enter a passphrase, which can be exactly that: a phrase!)

on the REMOTE computer:
copy the one line in the public key to the end of ~/.ssh/authorized_keys

check permissions:

chmod 755 ~/.ssh
chmod 644 ~/.ssh/authorized_keys

Attempting to log in you will be asked to enter the passphrase.

Alternatively, start a secure shell as

ssh-agent $SHELL
ssh-add

and you will be never asked for the passphrase again (until the exit from that shell). For more information:

SSH Public-Key Authentication HOWTO

ssh-keygen - OpenBSD


Copyright © 2009 Texas Southern University High Performance Computing Center