Using SSH
SSH Overview
SSH stands for Secure Shell and provides a safe and secure way of executing commands, making changes, and configuring services remotely. When you connect through SSH, you log in using an account that exists on the remote device.
When you connect through SSH, you will be dropped into a shell session, which is a text-based interface where you can interact with the remote device. For the duration of your SSH session, any commands that you type into your local terminal are sent through an encrypted SSH tunnel and executed on the remote device.
For more information about SSH please click here.
Using SSH to Connect to CS Lab Machines
The CS department has made it possible for someone to SSH onto any of the open lab machines; however to access a specific machine you must first be connected to the CS network. This can be done by connecting with SSH through schizo.cs.byu.edu.
Schizo is a powerful tool that will drop you onto a range of the open lab machines without needing to connect via the VPN. After successfully connecting using schizo you can ssh into any other machine. For directions on how to connect using schizo please click here.
Setting Up SSH Keys
1. If you do not already have an SSH key pair for your personal machine, generate one by running the following command in a terminal on your personal machine:
username@yourmachine:~$ ssh-keygen -t ed25519
After generating the key, ssh-keygen
will ask if you want to make a passcode for the key. Making a passcode will provide another layer of security for your account, but will require the passcode to be typed in each time you ssh into moat. However, if you do not want to make a passcode, just press enter to skip the prompt and press it again when it asks you to confirm.
ssh-keygen
command will print out a randomart image related to your ssh key. You do not need to save this.
2. ssh-keygen
will not print out your actual ssh key pair. Your public key will be stored in a file ending with .pub
. The location of this .pub
file is printed to the terminal when running ssh-keygen
. This tutorial will assume that you have not modified the default location for SSH keys, which is: ~/.ssh/
. To see your SSH key, run this command:
username@yourmachine:~$ cat ~/.ssh/id_ed25519.pub
The output of this cat
command is the SSH key that you will copy into step 4's command.
Example of public SSH key output from cat
command:
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBCHco+ax20+lTz6kiP76HVtP9LIkh+ZYVqvWa7JTHu/ username@yourmachine
3. ssh
into moat using the command below (username is a placeholder where you should type in your CS account username, which is typically your Net ID)
username@yourmachine:~$ ssh username@moat.cs.byu.edu
If this is your first time doing so, follow these instructions.
4. Run the following command in your ssh
terminal, replacing csaccount with your CS account username, and sshkey with the public SSH key that was output in step two.
csaccount@labmachine:~$ ipa user-mod csaccount --sshpubkey="sshkey"
Example:
csaccount@labmachine:~$ ipa user-mod csaccount --sshpubkey="ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBCHco+ax20+lTz6kiP76HVtP9LIkh+ZYVqvWa7JTHu/ username@yourmachine"
This is how it should look when you login after setting up ssh keys:
username@yourmachine:-$ ssh csaccount@moat.cs.byu.edu Autopushing login request to phone... Success. Logging you in... csaccount@labmachine:-$
You should now have SSH keys correctly set up for using moat!
X-11 Forwarding with SSH
When remotely accessing a machine through SSH, X-11 forwarding can be used to forward the GUI of a program running on the remote machine to be displayed on the local machine. This is helpful when remotely using a program that can only be run with a GUI, but depending on the OS of the local machine it can take a few steps to set up.
Linux
If your machine is running Linux, you'll need to simply add a -X to your ssh command, like so: ssh -X netid@schizo.cs.byu.edu
You will remotely access the machine as normal, but now when you run a program with a GUI a window should appear on your local machine with the display.
Windows
If your machine runs Windows, your best option is to use PuTTY and an x server application. It is possible to get X-11 forwarding to work on WSL, but the process is much more involved and requires you to edit config files on your machine. If you want to go that route you may do so at your own risk. The instructions below assume you have PuTTY installed.
A free x server option that is verified to work is vcxsvr, but there are other options that you can look into yourself if you feel so inclined. If you do, the following may not apply.
After installing vcxsvr, you'll need to launch it to set some things up. The first window that pops up when you launch the program will have a few display options. Most of the defaults are fine, but take note of the field labeled “display number.” The value defaults to -1, but unless you have a specific reason to do otherwise you should set it to 0. From there you can just click through the options and accept the defaults. You can save this configuration if you want; if you don't you will need to repeat this process each time. Once that is done, launch PuTTY. Proceed as you normally would to SSH into a lab machine, but before you connect go through the menu on the left and select Connection–>SSH–>X11. Check the box labeled “Enable X-11 forwarding.” Below that box is a field labeled “X display location.” If you set “display number” to 0 on vcxsvr you can leave this blank, as that is the default. If for some reason you set it to a different value you will need to specify that here as well. From that point you can connect to a lab machine as you normally would. You should now be able to launch applications with a GUI.
Mac OS
Mac users should install XQuartz on their machine. When launched, the application will pull up a terminal from which you can run your ssh command, only this time you'll want to add “-X” to the command, like so: ssh -X netid@schizo.cs.byu.edu
You will connect to a lab machine like normal and should now be able to run graphical programs. As with Windows, there may be other solutions available, and you are welcome to research and use something else if you so choose.