Last active
August 29, 2015 14:01
-
-
Save moble/a03369d433ab9c0c647e to your computer and use it in GitHub Desktop.
Easy ssh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "metadata": { | |
| "name": "", | |
| "signature": "sha256:9c1859af4fa1dc9087d465a110cbbe3985272c1574080d82f88e1dd0786930ea" | |
| }, | |
| "nbformat": 3, | |
| "nbformat_minor": 0, | |
| "worksheets": [ | |
| { | |
| "cells": [ | |
| { | |
| "cell_type": "heading", | |
| "level": 1, | |
| "metadata": {}, | |
| "source": [ | |
| "Easy ssh in three easy steps" | |
| ] | |
| }, | |
| { | |
| "cell_type": "markdown", | |
| "metadata": {}, | |
| "source": [ | |
| "This file shows how to make it very easy to `ssh` from your laptop into the server. Since `scp` and `rsync` go through `ssh`, this will also make it easier to use those programs. I'll assume you have one computer I'll call your laptop, and another I'll call the server. The basic steps will be\n", | |
| "\n", | |
| " 1. Create an ssh key\n", | |
| " 2. Change your ssh configuration\n", | |
| " 3. Copy your ssh key to the server\n", | |
| "\n", | |
| "Done properly, this is at least as secure as using a password, and far easier." | |
| ] | |
| }, | |
| { | |
| "cell_type": "heading", | |
| "level": 2, | |
| "metadata": {}, | |
| "source": [ | |
| "Creating an ssh key" | |
| ] | |
| }, | |
| { | |
| "cell_type": "markdown", | |
| "metadata": {}, | |
| "source": [ | |
| "Open up a terminal on your laptop and enter this command line:" | |
| ] | |
| }, | |
| { | |
| "cell_type": "code", | |
| "collapsed": false, | |
| "input": [ | |
| "ssh-keygen -t rsa" | |
| ], | |
| "language": "python", | |
| "metadata": {}, | |
| "outputs": [] | |
| }, | |
| { | |
| "cell_type": "markdown", | |
| "metadata": {}, | |
| "source": [ | |
| "Hit Enter to accept the default file for the key; when it asks you, enter some long passphrase your computer will remember. Don't skip the passphrase, because that's a *huge* security hole, and your computer should remember it anyway.\n", | |
| "\n", | |
| "You should now have a file called `~/.ssh/id_rsa.pub`. This is your\n", | |
| "\"public key\" and will need to be copied into a particular file on any\n", | |
| "other computer you want to ssh into. *Never* transfer the similar but very different private `~/.ssh/id_rsa` file; this should never be anywhere but your own computer.\n", | |
| "\n", | |
| "But first, we'll make it easier for you to tell `ssh` where you want to go." | |
| ] | |
| }, | |
| { | |
| "cell_type": "heading", | |
| "level": 2, | |
| "metadata": {}, | |
| "source": [ | |
| "Change `config` for less typing" | |
| ] | |
| }, | |
| { | |
| "cell_type": "markdown", | |
| "metadata": {}, | |
| "source": [ | |
| "Other than entering a password every time, `ssh` can also be annoying because you need to enter your login and the full path to the server each time. For example:\n", | |
| "\n", | |
| " ssh jjh276@cbsulogin.tc.cornell.edu\n", | |
| "\n", | |
| "With a couple simple tweaks to your configuration, you can also make this part easier. Still on your laptop, enter the following in a file named `~/.ssh/config`:" | |
| ] | |
| }, | |
| { | |
| "cell_type": "code", | |
| "collapsed": false, | |
| "input": [ | |
| "Host cbsu\n", | |
| " User jjh276\n", | |
| " Hostname cbsulogin.tc.cornell.edu\n", | |
| " IdentityFile ~/.ssh/id_rsa\n", | |
| " ForwardAgent yes" | |
| ], | |
| "language": "python", | |
| "metadata": {}, | |
| "outputs": [] | |
| }, | |
| { | |
| "cell_type": "markdown", | |
| "metadata": {}, | |
| "source": [ | |
| "Obviously, you may need to tweak the `Host`, `User`, and `Hostname` lines, as necessary.\n", | |
| "\n", | |
| "Also, from the command line, you may need to do the following from the command line on the laptop:" | |
| ] | |
| }, | |
| { | |
| "cell_type": "code", | |
| "collapsed": false, | |
| "input": [ | |
| "chmod 600 ~/.ssh/config" | |
| ], | |
| "language": "python", | |
| "metadata": {}, | |
| "outputs": [] | |
| }, | |
| { | |
| "cell_type": "markdown", | |
| "metadata": {}, | |
| "source": [ | |
| "Once you've done this, the line above should be as easy as\n", | |
| "\n", | |
| " ssh cbsu" | |
| ] | |
| }, | |
| { | |
| "cell_type": "heading", | |
| "level": 2, | |
| "metadata": {}, | |
| "source": [ | |
| "Copy public key to the server" | |
| ] | |
| }, | |
| { | |
| "cell_type": "markdown", | |
| "metadata": {}, | |
| "source": [ | |
| "The last step is to get your public key over to the server and have it recognize it as an authorized key. To copy it over enter this from your laptop:" | |
| ] | |
| }, | |
| { | |
| "cell_type": "code", | |
| "collapsed": false, | |
| "input": [ | |
| "scp ~/.ssh/id_rsa.pub cbsu:" | |
| ], | |
| "language": "python", | |
| "metadata": {}, | |
| "outputs": [] | |
| }, | |
| { | |
| "cell_type": "markdown", | |
| "metadata": {}, | |
| "source": [ | |
| "Enter your password when prompted.\n", | |
| "\n", | |
| "Now, you'll need to ssh into `cbsu` and add your public key to a certain file. From your laptop, enter" | |
| ] | |
| }, | |
| { | |
| "cell_type": "code", | |
| "collapsed": false, | |
| "input": [ | |
| "ssh cbsu" | |
| ], | |
| "language": "python", | |
| "metadata": {}, | |
| "outputs": [] | |
| }, | |
| { | |
| "cell_type": "markdown", | |
| "metadata": {}, | |
| "source": [ | |
| "For the last time ever, enter your password.\n", | |
| "\n", | |
| "Now, from the prompt on the server, enter" | |
| ] | |
| }, | |
| { | |
| "cell_type": "code", | |
| "collapsed": false, | |
| "input": [ | |
| "mkdir ~/.ssh >& /dev/null\n", | |
| "cat id_rsa.pub >> ~/.ssh/authorized_keys2\n", | |
| "chmod 700 ~/.ssh\n", | |
| "chmod 600 ~/.ssh/*\n", | |
| "rm id_rsa.pub" | |
| ], | |
| "language": "python", | |
| "metadata": {}, | |
| "outputs": [] | |
| }, | |
| { | |
| "cell_type": "heading", | |
| "level": 2, | |
| "metadata": {}, | |
| "source": [ | |
| "You're all done" | |
| ] | |
| }, | |
| { | |
| "cell_type": "markdown", | |
| "metadata": {}, | |
| "source": [ | |
| "From now on, you should be able to just run things like the following without entering a password:\n", | |
| "\n", | |
| " ssh cbsu\n", | |
| " \n", | |
| " scp /path/to/some/file cbsu:/other/path/\n", | |
| " \n", | |
| " scp cbsu:\"/another/path/*.bam\" /yet/another/path\n", | |
| " \n", | |
| " rsync -avz --include '*.bam' cbsu:\"/another/path/\" /yet/another/path\n", | |
| "\n", | |
| "The first time you do any of these on a Mac, a window should pop up asking if you want to remember the password. It's perfectly fine to just click yes." | |
| ] | |
| }, | |
| { | |
| "cell_type": "markdown", | |
| "metadata": {}, | |
| "source": [ | |
| "You might have other servers you want to work the same way. That's not a problem. You can (and probably should) use the same ssh key for all servers, so you never need to run `ssh-keygen` again on your laptop. But you will need to edit `~/.ssh/config` on your laptop, copy the public key over, and add it to `~/.ssh/authorized_keys2` on the new server.\n", | |
| "\n", | |
| "You can also `ssh` between servers using this method. If you can `ssh` into each from your laptop, the line `ForwardAgent yes` allows sharing of your public ssh key between the two servers, so it should work transparently -- assuming the server was set up to allow it. If the server doesn't allow it, you either have to convince the server admin to change that, or set up the keys as above, running `ssh-keygen` on the server you want to ssh *from*, etc. Either way, you might also want to set up `~/.ssh/config` on the server, similar to the above." | |
| ] | |
| } | |
| ], | |
| "metadata": {} | |
| } | |
| ] | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment