Secure Shell (SSH)

Secure Shell (SSH), is a network protocol that provides a secure way to access a remote computer. Most CSE Linux computers including classrooms and labs are accessible via SSH.

Windows Note: Windows’ built-in support for SSH is new and is missing some features. However, Microsoft provides the Windows Subsystem for Linux (WSL) and Windows Terminal for free through the Microsoft Store. WSL let's you install Ubuntu while retaining Windows. Windows Terminal provides a more modern implementation of SSH. The next version of WSL will provide a complete SSH experience, including the ability to remotely run graphical applications.

Microsoft has a support page dedicated to installing WSL and installing Windows Terminal.

If you are using WSL or Windows Terminal, follow Linux instructions instead of Windows instructions.
 

Expand all

SSH Command Cheatsheet

Run these commands from a terminal (Linux and Mac OS) or a command prompt (Windows).

 

Key

  • <internet_id>: Your InternetID.
  • remote-machine: The computer, server, or machine name you want to connect to. For a list of computers available to CSE students, staff, and faculty see CSE classrooms and labs.
  • <file> or file: The file in question.
  • <destination>: The full path to the desired location on the remote computer. If omitted, this is your home directory.
  • <directory>: The directory or folder in question.
  • <local destination>: The path to the desired location on your computer.

 

Connecting to Remote Computer/Machine

  • Your InternetID is not required if it is the same on the remote machine.
  • Example: ssh student003@csel-kh1250-05.cselabs.umn.edu

 

Copying Files to a Remote Computer/Machine

  • Username is not required if it is the same on the remote machine.
  • Note that the colon following the remote-host is required.
  • Example: scp helloworld.py student003@csel-kh1250-05.cselabs.umn.edu:/tmp/

 

Copying a Directory to a Remote Computer/Machine

  • Example: scp -r csci1561 student003@csel-kh1250-03.cselabs.umn.edu:classes/

 

Copying Files From a Remote Computer/Machine

  • Local destination is is required.
  • Example: scp student003@csel-kh1250-05.cselabs.umn.edu:helloworld.py ./

About SSH

What Is SSH?

Secure shell (SSH) was initially implemented to replace insecure methods of communication between UNIX systems. These protocols had many security vulnerabilities, not the least of which was using completely unencrypted data. 

SSH operates on a client/server basis (i.e., clients connect to the server). SSH clients are now available for all major operating systems, though servers that allow incoming connections tend to be set up almost exclusively on UNIX/Linux systems.

Why Use SSH?

The main advantage of SSH is that, being terminal-based, it is much quicker and requires less resources than a complete remote graphical login interface. 

Main SSH Components

SSH consists of several different programs, as well as some utilities (this may vary by operating system or client).

  • ssh, used to initiate a login shell on a server.
  • scp, used to copy files between the client and the server.
  • sftp, used for more interactive file transfer.

First Time Connecting With SSH

  1. Open Terminal (Mac and Linux) or the Command Prompt (Windows).
  2. Type:
    • <internet_id> is your InternetID.
    • remote-machine is the computer or machine name you want to connect to. For a list of computers available to CSE students, staff, and faculty see CSE classrooms and labs.
    • Example: ssh user1234@csel-kh4250-31.cselabs.umn.edu

  3. Press enter or return to run the command.
  4. The connection prompts you to verify the computer/machine you are connected to.
    • Example:

      • The authenticity of host 'csel-kh1250-08.cselabs.umn.edu (134.84.182.208)' can't be established.
        RSA key fingerprint is SHA256:52b4DsR1OCpjyxrkYy9HBR8xzSl8Mr34hOqWuu4N8YE.
        Are you sure you want to continue connecting (yes/no/[fingerprint])?
  5. Type yes to accept.
  6. Press enter or return to submit the verification.
  7. Enter your UMN password when prompted.
  8. Press enter or return to submit your password.
  9. Authenticate with Duo.

Using SSH for File Transfer

There are several ways to transfer files between CSE computers and your computer. For information about using SSH and its components (SCP and SFTP), as well as other file transfer methods, see Transfer Files to and From CSE Machines.

SSH Configuration File

The SSH configuration (config) file allows you to specify settings for individual hosts, as well as global connection settings. This can include setting a username, creating an alias for hosts rather than having to type the entire host name, and more.

Linuxize has a guide dedicated to using the SSH config file.

Key-based Authentication

Using public key exchange to authenticate allows you to connect to a CSE-Infrastructure Services via SSH without needing to Duo Authenticate every time.

Definitions

  • Client: the computer initiating the connection. This is usually the computer you are physically using.
  • Target: the system being connected to.

What is Public Key Authentication?

Key-based authentication relies on the client creating a key pair: a private key and a public key. The public key is then copied to the target machine (or machines). This key is then used for authentication against the private key.

Key pairs are protected by a passphrase which is entered upon key creation.

Important: Never share your private keys with anyone.

Create an SSH Key Pair

Create a private/public key pair on the client computer.

  1. Open Terminal (Linux/Mac) or the Command Prompt (Windows).
  2. Run:
  3. Take note of the location your key pair is saving to. In the example below this is /home/myaccount/.ssh/.
    • Press return/enter to save to the default location.
    • Alternatively you can specify a different location of your choice.
    • Example key pair generation prompt:

      • Generating public/private rsa key pair.
        Enter file in which to save the key (/home/myaccount/.ssh/id_rsa):
        Created directory '/home/myaccount/.ssh'.
  4. Enter a secure and memorable passphrase for your key, when prompted.
    • Important: Do not leave the passphrase empty.
    • Important: Make sure you memorize or record this passphrase in a secure location. It cannot be recovered if you forget it.
  5. Re-enter the passphrase, when prompted.
  6. Your key pair will generate.
    • Example key pair generation complete prompt:

      • Your identification has been saved in /home/myaccount/.ssh/id_rsa
        Your public key has been saved in /home/myaccount/.ssh/id_rsa.pub
        The key fingerprint is:
        SHA256:zpDksj42Cy9Fqz9EaXwx1TV6o2BuX6zb2lgz6kekhrQ myaccount@my_laptop
        The key's randomart image is:
        +---[RSA 3072]----+
        |               .*|
        |              .oo|
        |           o . ++|
        |          o.. +o*|
        |        S .oo.++.|
        |       o ..E.ooo |
        |        o + .+++ |
        |         . +.+O+=|
        |          o.=OBO+|
        +----[SHA256]-----+

Copy Public Key To Server

Copy the public key to a CSE machine you have access to (except VOLE), such as a lab machine or a workstation.

Linux and MacOS
  1. Open Terminal.
  2. Run:
    • Example ssh-copy-id command and copying prompt:
      • % ssh-copy-id student0003@csel-kh1250-05.cselabs.umn.edu
        /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
        /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
  3. Enter your University Internet Account password, when prompted.
  4. Your public key should be copied to the remote computer.
    • Example ssh-copy-id completion prompt:
      • Number of key(s) added: 1
        
        Now try logging into the machine, with:   "ssh ‘csel-kh1250-05.cselabs.umn.edu’”
        and check to make sure that only the key(s) you wanted were added.
  5. Next time you SSH to the remote computer, you should prompted for the key passphrase you created.
Windows
  1. Open Command Prompt.
  2. Run:
    • scp /home/myaccount/.ssh/id_rsa.pub <internet_id>@remote-machine:
      • Important: Make sure you copy the public key, ending in .pub.
      • Example:
        • scp C:\Users\myaccount\.ssh\id_rsa.pub student003@csel-kh1250-03.cselabs.umn.edu:
  3. Move the public key information to .ssh/authorized_keys.
    1. SSH into the remote-machine from step 2.
    2. Run:
  4. Next time you SSH to the remote computer, you should prompted for the key passphrase you created.

Displaying Graphical Applications (X11 Forwarding)

SSH allows you to run applications on a remote server while sending the graphical interface back to your computer. This is known as X11 forwarding, X11 being the original name for the display protocol.

Virtual Online Linux Environment (VOLE) is an alternative to use graphical applications. It allows you to access a virtual CSE Lab machine through a web browser.

  1. Set up a display server.
    • Displaying remote graphical data requires a compatible X11 display server on your computer.
    • Linux
      • The display server is built-in and requires no configuration.
    • MacOS
      • XQuartz is free application available for a MacOS display server.
    • Windows
      • A display server will be available in the next version of Windows Subsystem for Linux (WSL). Some alternatives for an X Windows display server are Xming, XcXsrv, and Cygwin/X.
  2. Start the display server.
    • Follow instructions from the application you are using to setup and start the display server.
  3. Initiate an X11-forwarding session
    • Run:

      • <internet_id>: Your InternetID.
      • remote-machine: The computer, server, or machine name you want to connect to. For a list of computers available to CSE students, staff, and faculty see CSE classrooms and labs.
      • [-X/-Y]: Using -X or -Y depends on the display server. Typically -X works for Linux and -Y for MacOS.
      • Example: ssh -X student003@csel-kh1250-05.cselabs.umn.edu
    • Error: Can't open display
      • Make sure you have a compatible display server installed.
      • If you used -X in the command, try using -Y.
      • If you used -Y in the command, try using -X.