Access to cs.umb.edu hosts from elsewhere, for CS636 and CS437/637

We will be using dbs2.cs.umb.edu for its Oracle database (CS636 only), and topcat.cs.umb.edu for its mysql database (for both classes), and as a place to run webapps (for both classes).

For security reasons, you cannot ssh directly from off-site systems to dbs2, because it is running old ssh software. Thus you need to ssh to topcat.cs.umb.edu or users.cs.umb.edu and then ssh to dbs2. For example:

  1. Use a SSH tool on your home machine (more information on this below) to login to users.cs.umb.edu (or topcat.cs.umb.edu) with your password. If port 22, the normal SSH port doesn't work, you can use port 80, also enabled for SSH on users.cs.umb.edu.
  2. Use the command "ssh dbs2" to login to dbs2.

To avoid the second password entry for ssh, you can follow the instructions in the next section. To avoid the first password entry, follow the instructions later in this file depending on your development system's OS.

Note that you will see all the same files from your login on users or topcat as you do once you have logged in on dbs2, or any other host of our UNIX/Linux network. This is accomplished through a distributed filesystem (NFS, network file system). Thus to transfer files to dbs2, just transfer them to topcat.cs.umb.edu or users.cs.umb.edu (also named itserver6.cs.umb.edu).

Logging into cs.umb.edu hosts from other cs.umb.edu hosts with ssh, without needing to enter a password (Optional procedure)

  1. Run "ssh-keygen" on, say, users.cs.umb.edu and answer its questions with carriage-returns, or enter a passphrase for better security. This should create a well-protected .ssh directory in your login directory with files id_rsa and id_rsa.pub, holding the private and public keys, and file known_hosts.Be sure to leave the .ssh directory fully protected (don't use chmod on it).
  2. "cd .ssh", then "cp id_rsa.pub authorized_keys2". If you already have an authorized_keys2 file, use the command "cat id_rsa.pub >> authorized_keys2" instead, to append the new key.
  3. Test your setup by trying "ssh users" from dbs2. No password should be needed.
  4. Once logged in on a Linux machine, you can similarly ssh back to dbs2.
  5. scp (network copy command) will also work without passwords, but we don't need it between cs.umb.edu UNIX/Linux machines, because the filesystems are shared across the systems, allowing us to use the ordinary UNIX/Linux cp command.

Access to cs.umb.edu hosts from offsite Linux or Mac systems: All Linux/Mac systems come with scp and ssh, available once you get a shell window working. For Mac, run the Terminal application. You can just use the same commands as on users.cs.umb.edu in the above instructions. For example, from your shell window on your development Linux/Mac system:

  1. ssh mycsusername@users.cs.umb.edu
  2. ssh topcat

For file transfer from a Linux/Mac system:

scp myfile mycsusername@users.cs.umb.edu:targetpath (where targetpath is relative to your login directory at cs.umb.edu)

To avoid the first password entry when you ssh or scp to cs.umb.edu, first follow the above instructions to avoid the second password entry, and then use scp to copy the resulting .ssh directory on users.cs.umb.edu to your Linux/Mac home directory. First use "cd" to get to your home directory on your system and then:

"scp -r mycsusername@users.cs.umb.edu:.ssh ." (that's a dot at the end, for the current directory)

Access to cs.umb.edu hosts from offsite Windows systems using the free Windows tools putty and pscp.

Of course this is not the only way to do file transfers. There are GUI clients that allow drag and drop file transfers after one overall login. Download SSHSecureClient-3.2.9 for an installer for such a GUI client for Windows.

Download the Windows installer at putty home and install it, agreeing to all options. Then add the download directory c:\Program Files\PuTTY to your Path. You can use the path command to see all the directories on your path. Once this is set up, you will have a desktop icon for putty and you can use a new CMD window (to be sure to get the new Path setting) to do a file transfer as follows:

pscp myfile myusername@users.cs.umb.edu:targetpath

Using putty and pscp for access to cs.umb.edu systems from your Windows PC without entering passwords each time (Optional procedure)
These free and reliable tools work immediately on download, but expect you to enter a password for every use. With a little work, you can set up your environment to avoid the need to enter passwords so often. Note that the install of putty tools above has given you putty, pscp, puttygen, and pageant, used below. This procedure assumes you have already done the above procedure to eliminate second password entries, so you have a .ssh subdirectory of your home directory on the cs.umb.edu network. It also assumes you have all the putty tools on your Path, so you can run them from the command line.

  1. Transfer the file .ssh/id_rsa (the private key at cs.umb.edu) to your PC.
  2. Run puttygen and navigate to "File->Load Private Key", then browse for your key file "id_rsa" and load it.
  3. You should see "Successfully imported foreign key"
  4. Click on "Save private key"
  5. This will generate a .ppk file, which is what pageant wants (next step).
  6. Run pageant and see a little icon on your system tray. Double click the icon to run pageant.
  7. Load the .PPK file into pageant by right-clicking it, etc.
  8. Now the putty tools on your system have easy access to the needed keys.
  9. Now you should be able to login with ssh from your Windows PC without using a password. But if the format is a little wrong, you won't be able to log in at all. So make sure you keep your older login alive when you try another test login with putty to see if your setup works.
  10. Test pscp to see you can transfer files without a password entry.

Notes: client and server roles in ssh, other use cases (all optional)

ssh, scp, putty and pscp are client-server applications, with servers running on all the departmental systems, and also any other normally-deployed Mac. A Linux system may or may not have a ssh server installed: on Ubuntu Linux distributions, use "sudo apt-get install ssh openssh-server" to add it.

The system on which putty or pscp is run is the client end, and it connects to the server program on the server end, which must be running all the time to listen for new incoming client connections. Only the client end needs the private key, so for high security server systems (banks, etc.), should not have private key stored there, only the corresponding public key. And a passphrase should be used in this case. Note that by this logic, we should only need to bring the public key back from cs.umb.edu to a Windows client for putty/pscp to use, but this software seems only able to do the server-end protocol, which utilizes the private key. The Linux/Mac ssh/scp can do both ends.

One private key can be used for many client-server interactions with that server. So if you have two systems, say a Mac and a PC, you can use the same private key for transfers from each machine to and from cs.umb.edu.

Transfers between your own machines If you have a Mac and a PC, you can use the Mac system at a server end of transfers between your two machines (without having to enter a password if you have set up the .ssh directory on the Mac). In other words, run pscp on the PC, making it the client end, addressing the Mac system by its IP address, obtainable on the Linux/Mac systems with the ifconfig command, for example 192.168.1.114 on a typical home network. Then, on the PC, use for example "pscp file user@192.168.1.114:dev" to transfer the file to the Mac system, into the dev subdirectory of the user's login directory.