|
|
 |
|
 |
|
 |
SSH/SFTP
FAQ
|
|
|
|
HPCVL requires all Users to login using the HPCVL Portal
in order to interact with the cluster. This is a short FAQ on using SSH and SFTP as methods of accessing HPCVL
machines and transfering files. These protocols are meant as a "backup" alternative in case of problems.
Questions:
-
What is "secure shell"?
-
Where can I get "secure shell"?
-
How do I use "secure shell"?
-
Something's not right.
-
Where can I get further help?
Answers:
-
What
is a "secure shell"?
A secure
shell (SSH) is a terminal program that encrypts the
data that you send and receive to a remote system. For the general
private and academic user, the client software for SSH
is free. It comes in many different "flavors" and is used
similarly to "telnet".
At this point, HPCVL requires its users to use the
HPCVL Portal for interactive
login, to ensure that the data transfer is safe and that "eavesdropping"
or "connection hijacking" is unlikely. HPCVL also requires
that all file transfers are done using SCP within the Portal.
The server also runs
an SSH daemon with protocol level SSH2, that supports SSH and
SFTP. The latest version of the client software, and some
"a little older" versions should be able to communicate
with it.
Back to Top...
-
Where
can I get a "secure shell"?
Unix Systems: (Linux, Solaris,
AIX, Iris, HP-UX). If you don't have an ssh client installed
on your system, we suggest you visit the Openssh
web site. This is a relatively simple way to get one.
Also, check out your favorite "free download
site" for "Openssh"; you might find a
precompiled executable.
Solaris: If you are using a SUN
machine with Solaris, ssh/sftp is likely included with the OS. You can also get a pre-compiled version
from http://sunfreeware.com/
or one of its mirrors.
Linux Systems: Most installations should include a choice of ssh/sftp packages.
AIX Systems: If you are running a IBM
workstation with AIX, there is some
precompiled versions of ssh available.
Click here to
learn how to get them.
Windows Systems: There are several SSH-based programs available.
One of the more popular and easy to use Secure Telnet applications is "PuTTY".
If you choose to use PuTTY, you will find putty.exe, pscp.exe and psftp.exe in the download
section. All are free and very easy to use.
Back to Top...
-
How do I run a "secure shell"?
The following instructions
are specific to the Open-ssh version of ssh. The command structure
might differ slightly for other clients, such as the ones supplied
with PuTTY.
The Open-ssh package comes with three client programs. These are:
-> ssh (secure login shell, similar to telnet)
-> scp (secure copy command, similar to remote cp)
-> sftp (similar to standard ftp, presently not implemented
on the server)
Use the ssh command to log in the same way as you would with a telnet session:
ssh -l user_name ip_address
where user_name is your username on the target machine (i.e. the SunFire), and
ip_address is the 4-digit IP-address of the target machine (e.g. 130.15.59.64
for sfnode0). After issuing this command, you will be prompted for your password.
ForTransfering files, you can use the scp command:
scp -o User=user_name local_file ip_address:target_file
where user_name is again the
user name on the target machine, and ip_address is the IP-address
of the target machine. local_file
and target_file
are the names of the file copied, on your local machine and the remote
target machine, respectively. Make sure you include the proper directory
path for target_file
sftp is an encrypted version of the ftp
command. It is called similar to the latter:
sftp username@ip_address
at which point it will prompt you for your password. Then you receive an sftp>
prompt. From then on you use the same commands as in an ftp session, i.e. dir, get,
put, etc. Note that the commands bin, ascii, prompt
are not used in sftp. If you need a reminder about available commands, you can type help at the sftp> command prompt. If you want to transfer many files you might want to
use the tar command to produce a single archive. The HPCVL Secure Portal also offers
a GUI that makes moving multiple files easier.
Back to Top...
-
Something's not right...
The first time you log in with ssh,
you might receive a message like:
The authenticity of host '130.15.59.64 (130.15.59.64)' can't be established. RSA1 key
fingerprint is bla::bla::bla
Just answer the question if you want to continue with "yes".
The message will not re-occur.
If for some reason your encryption key is not recognized anymore by
the target machine, you will get an error message such as:
@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: HOST IDENTIFICATION HAS CHANGED! @@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle
attack)! It is also possible that the host key has just been changed.
Please contact your system administrator.
Before
you contact the system administrator, you might want to move the file
$HOME/.ssh/known_hosts to
something else and try again.
If you still can't get in, contact the system administrator.
Back to Top...
-
Where can I get further help?
An excellent starting point to find information about ssh
is the OpenSSH web site
which has many links, FAQ's,
and manual
pages. All of these are OpenSSH specific, but they also cover all you need to
know about ssh in general. Then there is the original
SSH HomePage with
info/rmation/mmercials about ssh and
other security products. If you want to know it all in detail, there
is the O'Reilly "snail
book".
Manual pages exist on our systems (man ssh,
or man sftp) that give you a somewhat hard-to-read
introduction, but ssh -? will give you a list of options. Finally,
you can contact
our user-support staff.
Back to Top...
|
|
|
|
|
 |
|
|
