Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
SSH Configuration for Hunter CS students
Host cs-gateway
HostName eniac.cs.hunter.cuny.edu
# ForwardAgent yes
# IdentityFile ~/.ssh/ids/hunter/id_rsa
Host cslab?*
HostName %h
User YOUR_USERNAME
ProxyCommand ssh %r@cs-gateway -q -W %h:%p

SSH Configuration for Hunter CS Students

To remotely access the CS Lab computers (cslab1, cslab2, etc.), you must use an SSH client. OpenSSH is part of (Mac) OS X, most modern Linux distributions and *BSD operating systems (e.g. Ubuntu, Fedora, FreeBSD, etc.). Windows does not include an SSH client as part of the operating system, so you may need to download and install one.

TODO: Add list of Windows SSH clients.

OpenSSH

If you are not already logged into the CS Network, you cannot login to the CS Lab computers directly. Instead, you must login to the CS Gateway Server, eniac. Open a Terminal window and enter the following at the prompt:

ssh YOUR_USERNAME@eniac.cs.hunter.cuny.edu

You will be prompted for your password.

Now that you're logged into the CS Network, you can manage your account (e.g. change your password) and move files around, but you cannot run arbitrary programs on the CS Gateway Server (this is enforced by the operating system). You must login to another computer in the CS Network (e.g. any of the lab computers) to get any work done:

ssh cslab5

You will be prompted for your password again. After you successfully login, you will be able to do anything that you could do from the CS Lab. To logout, simply type:

exit

This will log you out of the CS Lab computer, but you will still be logged into the CS Network. To completely logout, you will need to type exit a second time.

Simplifying the Login Process

Having to manually login to the CS Gateway Server first, and then the CS Lab Computer that you want is annoying. Also, eniac.cs.hunter.cuny.edu is quite long to remember and type every single time. By creating an ssh configuration file on your computer, you can simplify things.

mkdir -pm700 ~/.ssh
mkdir -pm700 ~/.ssh/ids
mkdir -pm700 ~/.ssh/ids/hunter

Copy the config file provided below to ~/.ssh

You can now login to the CS Lab computers without manually logging into the CS Gateway Server first:

ssh cslab5

You will be asked for your password twice, once by the CS Gateway Server, and once again by the CS Lab computer.

Reducing Password Prompts

Why type your password twice when you don't have to? If you create a private/public key-pair on your computer, you can use it to reduce/eliminate the number of times you will be prompted for your password.

ssh-keygen

You will be prompted for a file name (just press enter to accept the default) and a passphrase (twice for confirmation). You don't need to enter a passphrase, but your private key will not be encrypted if you don't. At least on (Mac) OS X, the operating system will give you the option of saving it to the system-wide keychain when you use it, so there often isn't a good excuse to not use one.

If you accepted the default file name, there should be two new files in "/.ssh", "id_rsa" and "id_rsa.pub". You will need to append the contents of "/.ssh/id_rsa.pub" on your computer to "~/.ssh/authorized_keys" on any of the CS Network computers.

To do this, login to a CS Lab computer and run these commands:

mkdir -pm700 ~/.ssh
echo THE_CONTENTS_OF_id_rsa.pub >> ~/.ssh/authorized_keys

Now when you login to a CS Lab computer, you will only be asked for your password once (by the CS Lab computer). The CS Gateway Server will authenticate your connection using your private/public key-pair (you may be asked for a passphrase if you didn't leave it blank and your OS is not setup to save it for you).

Eliminating Password Prompts

You can completely eliminate password prompts by enabling Agent Forwarding in your ssh config file.

Note: At the time of writing, this doesn't work. It used to before they upgrade the computers; I will contact Tom Walter

You can do this by uncommenting line 3. However, if you do this, someone malicious at Hunter may able use your login session to remotely login to other servers that you have set up to use your private/public key-pair. For this reason, I recommend creating a separate private/public key-pair specifically for use at Hunter and additionally uncommenting line 4 of the ssh config file.

@robbyoconnor

This comment has been minimized.

Copy link

robbyoconnor commented Sep 8, 2014

I personally added to my hosts file the ip of eniac and my hostfile looked like this:

146.95.214.131 eniac
@robbyoconnor

This comment has been minimized.

Copy link

robbyoconnor commented Sep 17, 2014

I really strongly advise people checkout ssh-forever -- first install ruby via your favorite method then

gem install ssh-forever

After that simply do (for example):

ssh-forever username@cs-gateway 

NB: I added eniac's ip to my hosts file which means it easier for me...you can do similar...

Then enter your password, afterwards you SHOULD be able to bypass typing your password twice, I have not been able to get passwordless login to work to login to the lab machines...

ssh username@cslab1 

This assumes you've used the configuration Omar has provided.

@robbyoconnor

This comment has been minimized.

Copy link

robbyoconnor commented Mar 6, 2015

My ~/.ssh/config for Hunter looks like:

Host cs-gateway
  HostName eniac.cs.hunter.cuny.edu
  User roconnor # replace with your username! 
  ForwardAgent yes
  ForwardX11 yes 
  IdentityFile ~/.ssh/id_rsa

Host cslab?*
  HostName %h
  User roconnor
  IdentityFile ~/.ssh/id_rsa
  StrictHostKeyChecking no 
  ProxyCommand ssh %r@cs-gateway -q -W %h:%p
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.