Remote Access (SSH)

SSH (Secure Shell) is a program that allows you to access a computer remotely from another computer. You need to use SSH to remotely access the undergraduate machines and resources. It is a replacement for telnet and rsh. Unlike telnet and rsh, SSH encrypts your password and all traffic when connected, so you are less vulnerable to attacks by unscrupulous users that want to get your password.

scp is a replacement for rcp, and allows your to copy files across a network. This is now the preferred method for getting your data to and from your Computing Science account.

In general we suggest students connect to ohaton.cs.ualberta.ca, as it is on extended hours support, and will have the greatest possible availability of all machines the undergraduates can access.

On the research network you can connect to innisfree.cs.ualberta.ca.

Getting SSH

Select an SSH client depending on which operating system you're running.

Windows Users

  • PuTTY: A free implementation of Telnet and SSH for Windows and Unix platforms which works quite well with our systems. It can be used to make terminal connections to the undergraduate systems or to copy files between your laptop/home system and the undergraduate systems using "pscp" (one of the utilities that comes with PuTTY).
  • WinSCP: Can be used to copy files between your remote system and the undergraduate systems

Macintosh

  • Terminal: Mac OS X comes with an SSH client called Terminal. This terminal based SSH operates the same as any other UNIX client
  • You can also search for an SSH client that has a graphical user interface

UNIX

  • OpenSSH: Free source for their version of the SSH client.
    • Install the software following the instructions provided.
    • UNIX users will have to build the client from source.
    • When the install is done, test it out. Try connecting to your CS account.

Using SSH

The general format of an SSH command looks like this:

ssh username@hostname

So, you can try something like this:

ssh your_ccid@foobar.cs.ualberta.ca

On your first connection to a server, you might (and should) see something like this:

The authenticity of host 'foobar (10.128.4.88)' can't be established. DSA key fingerprint is 45:76:1c:d9:a3:35:8c:83:14:25:42:92:58:ae:ec:ed. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'foobar,10.128.4.88' (DSA) to the list of known hosts.

This is a warning that the server may not be the server that you want to connect to, but if you're sure that it's the place that you want to go, you can still connect. After you've connected once, the server will be assumed to be trusted, and you won't see the message again.

Change in host key

It may happen that for any number of reasons, the server changes its host key. In that case, you may see a message like:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: POSSIBLE DNS SPOOFING DETECTED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ The RSA1 host key for falun has changed, and the key for the according IP address 129.128.41.237 is unchanged. This could either mean that DNS SPOOFING is happening or the IP address for the host and its host key have changed at the same time. Offending key for IP in /home/dsk13/ugrad/foo/.ssh/known_hosts:92 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that the RSA1 host key has just been changed. The fingerprint for the RSA1 key sent by the remote host is bd:29:25:2f:02:9c:1f:47:55:8d:8c:9b:3e:4a:fc:91. Please contact your system administrator. Add correct host key in /home/dsk13/ugrad/foo/.ssh/known_hosts to get rid of this message. Offending key in /home/dsk13/ugrad/foo/.ssh/known_hosts:76 RSA1 host key for falun has changed and you have requested strict checking.

While this message is intimidating, there is no reason to panic. While it is possible that someone is eavesdropping on your connection, the overwhelmingly likely reason is that the host's key has changed.

  • The simple fix to this is to go into your '.ssh' directory, and open the file 'known_hosts' (or known_hosts2, whichever one the error message specifies) in your favourite editor
    • Find the line that starts with the host that you were connecting to (in this case, the server 'falun') and delete the line. You will get a message like the one that you saw when you connected to a server for the first time.