SSH Access

Contents

Connecting to Physics Department Login Servers

The Department login servers for ssh access from anywhere are named login.physics.wisc.edu. Once connected via ssh, you can

 

On a Windows computer, you can use an ssh client such as PuTTY or the UNIX-style ssh command in Cygwin.  On a Mac, you can use ssh from the Terminal app found in Applications/Utilities.

Below is an example ssh session.  Note that the '$' sign is not part of the command.  It is part of the command prompt.  Therefore, when copying the command, enter just 'ssh youraccount@login.physics.wisc.edu'.

$ ssh dan@login.physics.wisc.edu
dan@login.physics.wisc.edu's password:
Last login: Tue Apr 15 11:24:06 2014 from 128.104.164.180


#######################################################
    Welcome to login01.physics.wisc.edu
    Scientific Linux release 6.4 (Carbon)

    996.66 MB RAM
    1 cores of type QEMU Virtual CPU version 1.1.2
#######################################################

[dan@login01 ~]$ logout
Connection to login.physics.wisc.edu closed.

Passwordless Authentication

If you frequently ssh to login.physics.wisc.edu, you may wish to use a form of authentication that avoids frequent entry of your password. SSH keys are one way to achieve this, but they have the disadvantage of not obtaining an AFS token. One way to get an AFS token and avoid entry of your password every time you ssh is to use kerberos delegation.

Windows (PuTTY): Kerberos Delegation

In the Kerberos Network Identity Manager, ensure your account is the default account. If it is not, right click and select "set as default"

( To install Kerberos follow the instructions here: Windows AFS Setup )

Edit your PuTTY configuration to allow GSSAPI credential delegation.

This option is located under: Connection -> SSH -> Auth -> GSSAPI

If you have not yet logged into Kerberos and/or your Kerberos ticket has expired you will be prompted to log into your Kerberos account. The prompt should no longer appear after doing this once unless your ticket has expired or you have been logged out of Kerberos.

Mac: Kerberos Delegation

Put the following in ~/.ssh/config


GSSAPIAuthentication yes
GSSAPIDelegateCredentials yes
# add following line only in MacOSX <= 10.11
GSSAPITrustDns yes 

Then you can get a kerberos ticket for PHYSICS.WISC.EDU, and this will be used to authenticate you in all subsequent ssh sessions. Once the ticket expires, you will need to get a new one. To get a ticket, use the following command:


kinit youraccount@PHYSICS.WISC.EDU

Linux: Kerberos Delegation

Put the following in ~/.ssh/config


GSSAPIAuthentication yes
GSSAPIDelegateCredentials yes

Then you can get a kerberos ticket for PHYSICS.WISC.EDU, and this will be used to authenticate you in all subsequent ssh sessions. Once the ticket expires, you will need to get a new one. To get a ticket, use the following command:


kinit youraccount@PHYSICS.WISC.EDU

Transferring Files

Files can be securely transferred to and from the Department login machines using the ssh protocol. Under Windows, this can be done using a tool such as WinSCP. On a Mac or in Linux, this can be done using the command-line tools scp and sftp.

Example scp file transfer

This example copies a file from my computer where I am running scp to my AFS home directory. The same thing could be achieved by setting up AFS access directly from my computer.


$ scp MyDocument.pdf dan@login.physics.wisc.edu:

This example copies a file from my AFS home directory to my computer where I am running scp and puts it in a directory named Downloads.


$ scp dan@login.physics.wisc.edu:MyDocument.pdf Downloads/
©2013 Board of Regents of the University of Wisconsin System