Working remotely¶
It will often be necessary to work on non-local machines. This can be the case when designing a new website or running complex simulation code on a server cluster.
Secure Shell (SSH)¶
Secure Shell (SSH) is a cryptographic network protocol that allows one to securely interact with non-local systems over an insecure connection. SSH is typically used to securely login to a remote system. Specifically, an SSH server listens for connection attempts on a certain port (usually port 22), and an SSH client initializes an attempt by contacting the provided server at this port.
In *nix systems, an SSH client is usually natively provided along
with the operating system, and one can type ssh
in the command
line to use the client to securely connect to a remote server. There
are other clients that provide a user interface, such as PuTTY for Windows users. From here on, we will focus on
the *nix SSH client OpenSSH, which is among the most
commonly used.
SSH config¶
The basic format for ssh
is
ssh <user>@<hostname> -p <port>
which logs the user as <user>
into the specified hostname, which
can be an IP address, web address, or any other valid specification of
a hostname. Typing man ssh
makes it obvious that there are many
different additional arguments that can be passed. Re-entering the
same configurations every time can be tedious, so naturally, there is
a place to save your these custom arguments in a more readable
way. This is done in the file ~/.ssh/config
, which is just a
plaintext file. It is formated as follows.
# Remote potato server
Host potato-server
User chef
HostName potato.remote.server.com
Port 2222
If the file does not already exist, it can be created. An entry can be
made for every server configuration desired. Now, instead of having to
retype all the arguments, all that is needed is to run ssh
potato-server
.
Securely transfering files¶
There is much more that can be done remotely than simply logging into a server. Files can be securely moved between two machines by using either Secure Copy (SCP) or Secure FTP (SFTP).
Secure Copy (SCP)¶
This copies files between two different hosts on a network. It uses
SSH as a protocol so that the files are encrpyted while being
transfered. It also makes use of the SSH config file if available. To
send recipe.txt
to the remote server from earlier, one can type
scp ./recipe.txt potato-server
.
For more sophisticated usage, read the manual using man scp
.
Secure FTP (SFTP)¶
FTP stands for File Transfer Protocol, and is designed for transfering files between servers. However, it was never designed to be secure, and all traffic is unencrypted. Secure FTP (SFTP) is a protocal that has all the same functionality as FTP, except all traffic is encrpyted using SSH, which is immensely safer. Again, it uses the SSH config file if available.
SFTP is an interactive alternative to SCP. Continuing the example, one
can type sftp potato-server
, and a new prompt is opened. There are
many commands that can be used in the sftp
prompt, and as always,
these can be explored with man sftp
.
SSH keys¶
SSH servers can be configured to accept connections with no authentication, but that is exceedingly stupid and should never be done. For authentication purposes, SSH servers can require a password. But this can be undesirable for several reasons. Passwords can be brute-forced, sometimes easily if the password is poor. They can also be forgotten, which can happen if you typically connect to many different servers.
The preferred alternative is an SSH key, which uses public-key cryptography. This means that keys come in pairs: a public key and a private key. The public key is used to encrypt information and can be seen by anyone, whereas the private key is used to decrypt the information and is only hosted locally. For example, if Alice wanted to send a letter to Bob, she only needs Bob’s public key so that she can encrypt the message. It makes communication safer because Bob’s private key always stays with Bob, and it makes his life easier since all his keys can be easily organized.
Generating an SSH key¶
Use ssh-keygen
to generate a new SSH key. It could be ran by
itself, or can be ran with more arguments (for benefits such as longer
key length or different key name). This will generate a public and
private key pair, with the public key having a .pub
extension.
Copying an SSH key to a server¶
Now the goal is to give the server your public key. One way to do this
is to use the command ssh-copy-id <hostname>
to copy your public
key to the correct file on the remote server. Ironically, this can be
impossible if the remote server does not accept password
authentication to initially connect to the server. To do this
manually, you have to concactenate your public key to
~/.ssh/authorized_users
on the remote server.
Alternatively, there can be other ways to provide your public key to the other server. For example, verison control services (such as Github or Bitbucket) allow you to provide them with public keys in your user settings panel, which is done simply by pasting the entire public key into a textbox. This allows you to be able to push and pull without having to re-enter your password every time.
Incorporating with SSH config¶
To use a certain SSH key by default for a certain connection, go back
to the SSH config file and use the key term IdentityFile
.
# Remote potato server
Host potato-server
User chef
HostName potato.remote.server.com
Port 2222
IdentityFile ~/.ssh/secret.key
# Github key
Host github.com
IdentityFile ~/.ssh/github.key