Access to cs.umb.edu hosts from elsewhere, for CS634, Spring '18

We will be using dbs3.cs.umb.edu for its Oracle database and pe07.cs.umb.edu for its mysql database, and as a place to run programs.

For security reasons, you cannot login to dbs3. Thus you will need to ssh to pe07.cs.umb.edu and then use sqlplus to access Oracle on dbs3. See DatabaseSetup.html for more information. In other words, everything you need for these courses is available on host pe07 at cs.umb.edu. You can login to users.cs.umb.edu first and then "ssh topcat" if you wish. You will see the same login directory when logged into users as when logged into topcat or pe07, because of the distributed filesystem setup.

To avoid the second password entry for ssh when using ssh from one cs.umb.edu system to another, you can follow the instructions just below. To avoid the first password entry (when you first login to cs.umb.edu), follow the instructions later in this file depending on your development system's OS.

Logging into cs.umb.edu hosts from other cs.umb.edu hosts with ssh, without needing to enter a password (Optional procedure)
  1. Run "ssh-keygen" on, say, users.cs.umb.edu and answer its questions with carriage-returns, or enter a passphrase for better security. This should create a well-protected .ssh directory in your login directory with files id_rsa and id_rsa.pub, holding the private and public keys, and file known_hosts.Be sure to leave the .ssh directory fully protected (don't use chmod on it).
  2. "cd .ssh", then "cp id_rsa.pub authorized_keys2". If you already have an authorized_keys2 file, use the command "cat id_rsa.pub >> authorized_keys2" instead, to append the new key.
  3. Test your setup by trying "ssh users" from dbs2. No password should be needed.
  4. Once logged in on a Linux machine, you can similarly ssh back to dbs2.
  5. scp (network copy command) will also work without passwords, but we don't need it between cs.umb.edu UNIX/Linux machines, because the filesystems are shared across the systems, allowing us to use the ordinary UNIX/Linux cp command.

Access to cs.umb.edu hosts from offsite Linux or Mac systems: All Linux/Mac systems come with scp and ssh, available once you get a shell window working. For Mac, run the Terminal application. You can just use the same Linux/UNIX commands as on users.cs.umb.edu. For example, from your shell window on your development Linux/Mac system:

  1. ssh mycsusername@users.cs.umb.edu
  2. ssh topcat

File transfer from a Linux/Mac system:

    scp myfile mycsusername@users.cs.umb.edu:targetpath (where targetpath is relative to your login directory at cs.umb.edu)

For example, for user joe to put local file answer.txt in his cs630 directory on users

    scp answer.txt joe@user.cs.umb.edu:cs630

To rename it to hw1.txt on the way: scp answer.txt joe@user.cs.umb.edu:cs630/hw1.txt

To avoid the first password entry when you ssh or scp to cs.umb.edu, first follow the above instructions to avoid the second password entry, and then use scp to copy the resulting .ssh directory on users.cs.umb.edu to your Linux/Mac home directory. First use "cd" to get to your home directory on your system and then:

    scp -r mycsusername@users.cs.umb.edu:.ssh .    (that's a dot at the end, for the current directory)

Access to cs.umb.edu hosts from offsite Windows systems using the free Windows tools putty and pscp.

Of course this is not the only way to do file transfers. There are GUI clients that allow drag and drop file transfers after one overall login. Download SSHSecureClient-3.2.9 for an installer for such a GUI client for Windows.

Download the Windows installer at putty home and install it, agreeing to all options. Then add the download directory c:\Program Files\PuTTY to your Path. You can use the path command to see all the directories on your path. Once this is set up, you will have a desktop icon for putty and you can use a new CMD window (to be sure to get the new Path setting) to do a file transfer as follows:

    pscp myfile myusername@users.cs.umb.edu:targetpath

For example, for user joe to put local file answer.txt in his cs630 directory on users

    pscp answer.txt joe@user.cs.umb.edu:cs630

To rename it to hw1.txt on the way: pscp answer.txt joe@user.cs.umb.edu:cs630/hw1.txt

Using putty and pscp for access to cs.umb.edu systems from your Windows PC without entering passwords each time (Optional procedure)
These free and reliable tools work immediately on download, but expect you to enter a password for every use. With a little work, you can set up your environment to avoid the need to enter passwords so often. Note that the install of putty tools above has given you putty, pscp, puttygen, and pageant, used below. This procedure assumes you have already done the above procedure to eliminate second password entries, so you have a .ssh subdirectory of your home directory on the cs.umb.edu network. It also assumes you have all the putty tools on your Path, so you can run them from the command line.

  1. Transfer the file .ssh/id_rsa (the private key at cs.umb.edu) to your PC.
  2. Run puttygen and navigate to "File->Load Private Key", then browse for your key file "id_rsa" and load it.
  3. You should see "Successfully imported foreign key"
  4. Click on "Save private key"
  5. This will generate a .ppk file, which is what pageant wants (next step).
  6. Run pageant and see a little icon on your system tray. Double click the icon to run pageant.
  7. Load the .PPK file into pageant by right-clicking it, etc.
  8. Now the putty tools on your system have easy access to the needed keys.
  9. Now you should be able to login with ssh from your Windows PC without using a password. But if the format is a little wrong, you won't be able to log in at all. So make sure you keep your older login alive when you try another test login with putty to see if your setup works.
  10. Test pscp to see you can transfer files without a password entry.

Notes: client and server roles in ssh, other use cases (all optional)

ssh, scp, putty and pscp are client-server applications, with servers running on all the departmental systems, and also any other normally-deployed Mac. A Linux system may or may not have a ssh server installed: on Ubuntu Linux distributions, use "sudo apt-get install ssh openssh-server" to add it.

The system on which putty or pscp is run is the client end, and it connects to the server program on the server end, which must be running all the time to listen for new incoming client connections. Only the client end needs the private key, so high security server systems (banks, etc.), should not have private key stored there, only the corresponding public key. And a passphrase should be used in this case. Note that by this logic, we should only need to bring the public key back from cs.umb.edu to a Windows client for putty/pscp to use, but this software seems only able to do the server-end protocol, which utilizes the private key. The Linux/Mac ssh/scp can do both ends.

One private key can be used for many client-server interactions with that server. So if you have two systems, say a Mac and a PC, you can use the same private key for transfers from each machine to and from cs.umb.edu.

Transfers between your own machines If you have a Mac and a PC, you can use the Mac system at a server end of transfers between your two machines (without having to enter a password if you have set up the .ssh directory on the Mac). In other words, run pscp on the PC, making it the client end, addressing the Mac system by its IP address, obtainable on the Linux/Mac systems with the ifconfig command, for example 192.168.1.114 on a typical home network. Then, on the PC, use for example "pscp file user@192.168.1.114:dev" to transfer the file to the Mac system, into the dev subdirectory of the user's login directory.