Working remotely

It will often be necessary to work on non-local machines. This can be the case when designing a new website or running complex simulation code on a server cluster.

Secure Shell (SSH)

Secure Shell (SSH) is a cryptographic network protocol that allows one to securely interact with non-local systems over an insecure connection. SSH is typically used to securely login to a remote system. Specifically, an SSH server listens for connection attempts on a certain port (usually port 22), and an SSH client initializes an attempt by contacting the provided server at this port.

In *nix systems, an SSH client is usually natively provided along with the operating system, and one can type ssh in the command line to use the client to securely connect to a remote server. There are other clients that provide a user interface, such as PuTTY for Windows users. From here on, we will focus on the *nix SSH client OpenSSH, which is among the most commonly used.

SSH config

The basic format for ssh is

ssh <user>@<hostname> -p <port>

which logs the user as <user> into the specified hostname, which can be an IP address, web address, or any other valid specification of a hostname. Typing man ssh makes it obvious that there are many different additional arguments that can be passed. Re-entering the same configurations every time can be tedious, so naturally, there is a place to save your these custom arguments in a more readable way. This is done in the file ~/.ssh/config, which is just a plaintext file. It is formated as follows.

# Remote potato server
Host potato-server
    User chef
    HostName potato.remote.server.com
    Port 2222

If the file does not already exist, it can be created. An entry can be made for every server configuration desired. Now, instead of having to retype all the arguments, all that is needed is to run ssh potato-server.

Securely transfering files

There is much more that can be done remotely than simply logging into a server. Files can be securely moved between two machines by using either Secure Copy (SCP) or Secure FTP (SFTP).

Secure Copy (SCP)

This copies files between two different hosts on a network. It uses SSH as a protocol so that the files are encrpyted while being transfered. It also makes use of the SSH config file if available. To send recipe.txt to the remote server from earlier, one can type

scp ./recipe.txt potato-server.

For more sophisticated usage, read the manual using man scp.

Secure FTP (SFTP)

FTP stands for File Transfer Protocol, and is designed for transfering files between servers. However, it was never designed to be secure, and all traffic is unencrypted. Secure FTP (SFTP) is a protocal that has all the same functionality as FTP, except all traffic is encrpyted using SSH, which is immensely safer. Again, it uses the SSH config file if available.

SFTP is an interactive alternative to SCP. Continuing the example, one can type sftp potato-server, and a new prompt is opened. There are many commands that can be used in the sftp prompt, and as always, these can be explored with man sftp.

SSH keys

SSH servers can be configured to accept connections with no authentication, but that is exceedingly stupid and should never be done. For authentication purposes, SSH servers can require a password. But this can be undesirable for several reasons. Passwords can be brute-forced, sometimes easily if the password is poor. They can also be forgotten, which can happen if you typically connect to many different servers.

The preferred alternative is an SSH key, which uses public-key cryptography. This means that keys come in pairs: a public key and a private key. The public key is used to encrypt information and can be seen by anyone, whereas the private key is used to decrypt the information and is only hosted locally. For example, if Alice wanted to send a letter to Bob, she only needs Bob’s public key so that she can encrypt the message. It makes communication safer because Bob’s private key always stays with Bob, and it makes his life easier since all his keys can be easily organized.

Generating an SSH key

Use ssh-keygen to generate a new SSH key. It could be ran by itself, or can be ran with more arguments (for benefits such as longer key length or different key name). This will generate a public and private key pair, with the public key having a .pub extension.

Copying an SSH key to a server

Now the goal is to give the server your public key. One way to do this is to use the command ssh-copy-id <hostname> to copy your public key to the correct file on the remote server. Ironically, this can be impossible if the remote server does not accept password authentication to initially connect to the server. To do this manually, you have to concactenate your public key to ~/.ssh/authorized_users on the remote server.

Alternatively, there can be other ways to provide your public key to the other server. For example, verison control services (such as Github or Bitbucket) allow you to provide them with public keys in your user settings panel, which is done simply by pasting the entire public key into a textbox. This allows you to be able to push and pull without having to re-enter your password every time.

Incorporating with SSH config

To use a certain SSH key by default for a certain connection, go back to the SSH config file and use the key term IdentityFile.

# Remote potato server
Host potato-server
    User chef
    HostName potato.remote.server.com
    Port 2222
    IdentityFile ~/.ssh/secret.key

# Github key
Host github.com
    IdentityFile ~/.ssh/github.key