SSH Configuration for Hunter CS Students
To remotely access the CS Lab computers (cslab1, cslab2, etc.), you must use an SSH client. OpenSSH is part of (Mac) OS X, most modern Linux distributions and *BSD operating systems (e.g. Ubuntu, Fedora, FreeBSD, etc.). Windows does not include an SSH client as part of the operating system, so you may need to download and install one.
TODO: Add list of Windows SSH clients.
If you are not already logged into the CS Network, you cannot login to the CS Lab computers directly. Instead, you must login to the CS Gateway Server, eniac. Open a Terminal window and enter the following at the prompt:
You will be prompted for your password.
Now that you're logged into the CS Network, you can manage your account (e.g. change your password) and move files around, but you cannot run arbitrary programs on the CS Gateway Server (this is enforced by the operating system). You must login to another computer in the CS Network (e.g. any of the lab computers) to get any work done:
You will be prompted for your password again. After you successfully login, you will be able to do anything that you could do from the CS Lab. To logout, simply type:
This will log you out of the CS Lab computer, but you will still be logged into the CS Network.
To completely logout, you will need to type
exit a second time.
Simplifying the Login Process
Having to manually login to the CS Gateway Server first, and then the CS Lab Computer that you want is annoying. Also, eniac.cs.hunter.cuny.edu is quite long to remember and type every single time. By creating an ssh configuration file on your computer, you can simplify things.
mkdir -pm700 ~/.ssh mkdir -pm700 ~/.ssh/ids mkdir -pm700 ~/.ssh/ids/hunter
Copy the config file provided below to ~/.ssh
You can now login to the CS Lab computers without manually logging into the CS Gateway Server first:
You will be asked for your password twice, once by the CS Gateway Server, and once again by the CS Lab computer.
Reducing Password Prompts
Why type your password twice when you don't have to? If you create a private/public key-pair on your computer, you can use it to reduce/eliminate the number of times you will be prompted for your password.
You will be prompted for a file name (just press enter to accept the default) and a passphrase (twice for confirmation). You don't need to enter a passphrase, but your private key will not be encrypted if you don't. At least on (Mac) OS X, the operating system will give you the option of saving it to the system-wide keychain when you use it, so there often isn't a good excuse to not use one.
If you accepted the default file name, there should be two new files in "
/.ssh", "id_rsa" and "id_rsa.pub".
You will need to append the contents of "/.ssh/id_rsa.pub" on your computer to "~/.ssh/authorized_keys" on any of the
CS Network computers.
To do this, login to a CS Lab computer and run these commands:
mkdir -pm700 ~/.ssh echo THE_CONTENTS_OF_id_rsa.pub >> ~/.ssh/authorized_keys
Now when you login to a CS Lab computer, you will only be asked for your password once (by the CS Lab computer). The CS Gateway Server will authenticate your connection using your private/public key-pair (you may be asked for a passphrase if you didn't leave it blank and your OS is not setup to save it for you).
Eliminating Password Prompts
You can completely eliminate password prompts by enabling Agent Forwarding in your ssh config file.
Note: At the time of writing, this doesn't work. It used to before they upgrade the computers; I will contact Tom Walter
You can do this by uncommenting line 3. However, if you do this, someone malicious at Hunter may able use your login session to remotely login to other servers that you have set up to use your private/public key-pair. For this reason, I recommend creating a separate private/public key-pair specifically for use at Hunter and additionally uncommenting line 4 of the ssh config file.