Remote Connection Setup

It is often either convenient or necessary to connect to another machine over a network to edit code, run jobs, or even install and configure software. To that end, we will practice using ssh and scp in this course to become comfortable working in remote environments.

You will practice both connecting from your personal computer to the CS Network, and to a special virtual machine (VM) hosted on the CS Network.

Basic ssh usage

The most basic usage of ssh is to specify the user and machine address where you want to connect. E.g., from the terminal on my personal laptop, I could connect to the CS Network using

$ ssh ckazer@cslab.cs.swarthmore.edu

You would use your own CS Network account username instead of ckazer. This will typically prompt you for your password for the account that you are signing into.

Basic scp usage

The most basic usage of scp is to copy a file from one machine to an account on a different one. E.g., suppose I have a photo in the home directory of my personal laptop that I want to copy to my home directory on the CS Network. I could use the following command:

$ scp ~/photo.png ckazer@cslab.cs.swarthmore.edu:~

Note that this command uses similar syntax to the normal cp command. You provide a source (in this case a file on the local machine) as well as a destination (in this case, a directory on a remote machine). Similar to ssh you must specify a username and address. Afterwards, you put a : followed by the destination on the remote machine.

CS14 Virtual Machine

For most of your work in this class, you will be asked to work on a VM that has been allocated for you, separate from normal CS Network machines. Those VMs are running on a machine called batch, and for security reasons are not able to be accessed over the internet. To log in to your virtual machine, while you are already logged into a CS Network machine, you can use

$ ssh cs14user@batch -p 22XX

where XX is replaced with your unique VM number. Your VM number can be found here. The -p option tells ssh to connect to a specific port on the remote machine; we are using the different ports on batch to differentiate between the different VMs.

By default, the password for cs14user is commandline.

The first time you log into your cs14vm you should change your password! You can do so by entering passwd at the terminal.

SSH Config File

It can grow tedious to repeatedly type out addresses for computers you connect to frequently. Luckily, ssh allows us to define a config file which stores information about a host and allows us to enter a shorthand command to connect to that host. We will set up config files both on your personal machine and your CS Network account.

CS Network account

We will add a configuration to allow you to quickly connect from your CS account to your VM. Logged into the CS Network, use vim ~/.ssh/config to open your config and add the following entry:

Host cs14vm
  HostName batch
  User cs14user
  Port 22XX  #Replace XX with your VM number

Save your modifications, and exit back out to the command line. You should now be able to use the following commands to copy files to your VM and login to it from a CS machine:

$ scp some_file cs14vm:~
$ ssh cs14vm

Personal Machine (Mac/Linux)

We will add configurations to allow you to quickly connect from your personal machine to both your CS Network account and your VM. In the terminal of your personal machine, use vim ~/.ssh/config to open your config and add the following entries:

Host cslab
  HostName cslab.cs.swarthmore.edu
  User <username>  #Replace <username> with your CS Network account name

Host cs14vm
  HostName batch.cs.swarthmore.edu
  User cs14user
  Port 22XX  #Replace XX with your VM number
  ProxyJump cslab

A proxy, in computer systems, is a machine that performs a task on your behalf. cslab, on behalf of your personal machine, will connect to cs14vm. Save your modifications, and exit back out to the command line. You should now be able to ssh directly from your personal machine to either the CS Network or your VM using the shorthand names.

$ ssh cslab
$ ssh cs14vm

SSH Keys

ssh public/private keys can operate as unique virtual identifiers for your accounts. In taking CS31 and/or CS35 you have already been using ssh-keys to connect to GitHub.

Another common application is to use these keys for remote login authentication, replacing the need to type a login password, although you will still need to type the password for your ssh-key if you set one. In many cases using ssh-keys is considered more secure because they are more difficult to crack than a password stored on a server.

We will configure ssh so that you can login from your CS Network account to your VM using ssh-keys, as well as from your personal machine to both your CS Network account and your VM using ssh-keys.

CS Network account

Logged into your CS Network account, you should already have a public/private key pair set up. You can check by entering the command:

cs-machine$ ls ~/.ssh

You should either see files named id_rsa and id_rsa.pub or id_ed25519 and id_ed25519.pub. The .pub file is your public key, and may be safely copied elsewhere, to help other machines and services identify who you are. The file without .pub is your private key, and should only stay on that machine.

First, copy your public key (either rsa or ed25519) to your cs14vm, and give it the name cs_key.

cs-machine$ scp ~/.ssh/id_ed25519.pub cs14vm:~/cs_key

Next, login to your cs14vm.

cs-machine$ ssh cs14vm

You should see that a banner of CS14 along with your VM number prints out, and that the name of the machine on the command prompt has changed. Add the public key to the authorized_keys file that the ssh agent on the remote machine uses to check login attempts via public/private key authorization.

cs14box$ cat cs_key >> .ssh/authorized_keys

Ensure that authorized_keys is only readable by the user, or key authorization won’t work. For now, just copy the following commands. We’ll talk more about chmod and permissions later on in the semester.

cs14box$ chmod 700 .ssh/authorized_keys
cs14box$ chmod 600 .ssh/authorized_keys

Now, on future logins from your CS Network account to cs14vm, you shouldn’t be prompted for you cs14user password, although you may be prompted for your CS Network account ssh-key password.

Personal Machine

You may or may not already have ssh-keys set up on your personal machine. From the terminal on your personal machine, you can check by entering the command:

personal$ ls ~/.ssh

If you already have keys setup, you should either see files named id_rsa and id_rsa.pub or id_ed25519 and id_ed25519.pub. The .pub file is your public key, and may be safely copied elsewhere, to help other machines and services identify who you are. The file without .pub is your private key, and should only stay on that machine.

If you don’t already have keys setup, you can create a public/private keypair using ssh-keygen and following the prompts:

personal$ ssh-keygen
Personal to CS Network

Now, we will copy your public key to your CS Network account and give it the name personal_key. (We called this the laptop_key in lecture.)

personal$ scp ~/.ssh/id_ed25519.pub cslab:~/personal_key

Next, login to your CS Network account.

personal$ ssh cslab

You should see a welcome message, and that the name of the machine on the command prompt has changed. Add the public key to the authorized_keys file that the ssh agent on the remote machine uses to check login attempts via public/private key authorization.

cs-machine$ cat personal_key >> .ssh/authorized_keys

Ensure that authorized_keys is only readable by the user, or key authorization won’t work. For now, just copy the following commands. We’ll talk more about chmod and permissions later on in the semester.

cs-machine$ chmod 700 .ssh/authorized_keys
cs-machine$ chmod 600 .ssh/authorized_keys

Now, on future logins from your personal machine to your CS Network account, you shouldn’t be prompted for your CS Network account password, although you may be prompted for your personal machine ssh-key password.

Personal to VM

The steps here are the same as copying your public key from your personal machine to the CS Network account, except that you replace cslab with cs14vm.

personal$ scp ~/.ssh/id_ed25519.pub cs14vm:~/personal_key
personal$ ssh cs14vm
...
cs14box$ cat personal_key >> .ssh/authorized_keys

You should not need to use chmod again if you already did so when setting up the cs_key.

SSH add

Once you have ssh-keys set up on a few different machines, it can be tedious to re-enter your key’s password every time you want to login somewhere or push to GitHub. We can solve this problem by using ssh-add.

$ ssh-add

You will be prompted to enter your key’s password, but once you enter it you will be saved in memory until you log out of the machine. So it is useful at the start of every terminal session to just run ssh-add so that you can avoid using passwords more than once to do remote work!