IT 1100 : Introduction to Operating Systems
Chapter 16
Remote Connectivity
So far in this class we have learned the following ways to remote connect to another computer
wgetallows us to download content from a websitewget http://cit.dixie.edu/it/1100/syllabus.pdf
sshallows us to create a terminal connection to another computer.ssh smorgan@ssh.cs.dixie.edu
Remote Connectivity
vncviewerallows us to create a visual connection to another computer.GTK VncViewer / Vinagre- LinuxChicken- MacTightVNC- Windows, Mac, Linux
Remote Connectivity
- SCP and FTP allow us to transfer files to a remote destination.
scpis a secure copy protocol which means securely transferring computer files between a local machine localhost and a remote machine remote host or between two remote hosts. It is a non-interactive program.sis for secure or SSH.ftpor the improved versionsftpis an interactive file transfer protocol. It allows us to not only copy, but also give commands such as creating and deleting directories and files. Again,sis for secure or SSH.
Remote Connectivity
There are GUI programs that allow us to have a GUI view of the directories and files of a remote computer and transfer those files to and from our localhost computer.
The most common are these:
Cyberduck- Mac, WindowsWinSCP- WindowsFilezilla- Linux, Mac, and Windows
Remote Connectivity
These programs can used to access your CIT account (ssh.cs.dixie.edu) and Scratch (scratch.cs.dixie.edu) while at home or outside the CIT Network and transfer files back and forth.
Network Review
- What is a Computer Network? It is a group of computers with permissions to talk to each other. Here on campus we have at least two networks: The DSU network and the CIT network.
- The CIT network consists of all the computers in the SCC building. These are on a unique network which is why they have a unique login name and password. This network includes scratch and our virtual machines.
- The DSU network consists of all other computers on campus including any laptops, phones or devices connected through wifi.
- To this let’s add one more network - The rest of the world!
Network Review
- The rest of the world will mean if you are on any other computer or connected through any other wifi or internet connection. Such as when you are at home.
- All networks are set up differently, but we won’t discuss that in this class. What you do need to know is that many networks have a firewall. A firewall protects a network from outsiders. A firewall is a server(aka router) set up to check the credentials of everyone trying to gain access to the network.
- Up until now, we have learned that to ssh to
scratch, we have to ssh tossh.cs.dixie.edufirst.ssh.cs.dixie.eduis our firewall. To connect toscratchusing ssh, first we ssh tossh.cs.dixie.eduand then we ssh toscratch.cs.dixie.eduor any other machine in the network. Thus connecting toscratchthrough the firewall. - This protects the CIT network. If we are on The rest of the world network, at home or somewhere else in the world, we must prove our identity through the ssh firewall before we can access the CIT computers. Similarly, if we are on the DSU Network, such as when we use a laptop, we must prove our identity before we can access the CIT network.
Network Review
- We saw evidence of this while completing the GUI install. In order to access the VNCViewer we needed to create a “tunnel” either by checking a box or by using a connection manager such as putty. To access our Virtual Machine, first we had to prove our identity to the firewall.
- The same restrictions apply when making scp or sftp connections.
Network related commands
pingallows us to examine and monitor a network.- we can see if our network connection is up
- we can test if DNS is working
tracerouteallows us to see whathopsour packets will take through the network
Network related commands
ip ashows our ip address- So does
ifconfig(on older systems, or if you install net-tools) netstatshows our open port numbers (and other networking info) (net-tools)
Ports
- Computers communicate with each other through ports. When we want to VNC connect to our virtual machine - we access that through a port. Anytime we create an ssh connection, our computer sends out the message through port 22.
- When we create a tunnel it uses port 22 to create the tunnel because it is an SSH connection, but we need to specify
- which machine and port we want to receive the information on
- and our destination machine and port number - the machine we are tunneling to.
When selecting Ports to receive information on we can choose most any number between 1024 and 65535. These are the ports not reserved for system use and are available for user use.
Creating a Tunnel
Use the VNC Connect From Home Pages in Canvas to see how to create a command line tunnel on your particular machine.
A tunnel connection has the following format:
- ssh <username>@ssh.cs.dixie.edu -L <receivingport>:<destination machine:port>
Creating a Tunnel (Examples)
To create an SSH tunnel to our VM on desdemona with port number 8467 through the ssh.cs.dixie.edu firewall for a VNCViewer connection, it looks like this:
- ssh <cit-username>@ssh.cs.dixie.edu -L 8467:desdemona.cs.dixie.edu:8467
To create an SSH tunnel to Scratch through the ssh.cs.dixie.edu firewall for an SFTP connection, it looks like this:
- ssh <cit-username>@ssh.cs.dixie.edu -L 8467:scratch.cs.dixie.edu:22
Creating a Tunnel (Examples)
Do you see the similarities and the differences? The main differences are the destination machine and the destination machine port number. You must keep that terminal open to keep your tunnel connection. Next you open your VNCViewer or your SFTP/SCP program and use the <receiving machine:port> provided in your tunnel. In the host or server box you type localhost and in the port box you type the port number.
SCP Command Line Connections
SCP - Secure Copy - allows you to securely copy files from one machine to another.
scp works just like cp. The only difference is that for scp we declare the source and destination computer and file
- cp <source> <destination>
- scp <source> <destination>
By default when we use scp to access a remote computer our relative path begins in our $HOME directory. Absolute paths always work and relative paths start in $HOME.
SCP Command Line Connections (Examples)
To copy a file from my localhost to a remote host (watch the spacing)
- scp filename destination-machine:./new_filename
- scp myfile.txt smorgan@scratch.cs.dixie.edu:./myfile.txt
SCP Command Line Connections (Examples)
To copy a file from a remote host to my localhost (watch the spacing)
- scp source-machine:./filename ./new_filename
- scp smorgan@scratch.cs.dixie.edu:./myfile.txt ./myfile.txt
Interpret These Commands - Which file(s) are being transferred and where will the file(s) end up?
- scp stats.tar shauna@oxygen.cs.dixie.edu:/tmp/
- scp shauna@oxygen.cs.dixie.edu:/tmp/stats.txt ./
- scp shauna@oxygen.cs.dixie.edu:/tmp/*.txt ./
SSH Basic Connection Shortcuts
- ssh <username>@<machine name or ip>
- ssh joe@scratch.cs.dixie.edu <— inside the network we can go directly to scratch without connecting through the firewall.
- ssh scratch.cs.dixie.edu <— username can be omitted if it is the same as the current user
- ssh joe@scratch <— suffix can be omitted from inside the network
- ssh scratch <— username and suffix can both be omitted if the username is the same and you are inside the network
- ssh ssh.cs.dixie.edu <— from off campus or outside the network you must continue to ssh through the firewall
- ssh ssh <— accessing through the CIT firewall from inside the network
Accessing Remote Machines
Keys Watch this
Every time we access a computer for the first time we are asked in computer-ese - Do you trust this computer? Because we are safely inside of our network we always say yes. The computer then remembers our answer and never asks us again.
Inside of our $HOME directory - we have a directory called .ssh. It is a hidden directory because it is not necessary for everyday use.
- ssh into ssh.cs.dixie.edu
- ls .ssh
Accessing Remote Machines
In this directory you should see
- authorized_keys id_rsa id_rsa.pub known_hosts
known_hosts
known_hosts is a list of hosts(computers) that you have connected to previously. When you say ‘yes’ and authorize a connection to a new computer it stores the information in here.
- less .ssh/known_hosts
Accessing Remote Machines
id_rsa and id_rsa.pub
These are the files used to prove your identity to other computers without entering a password.
- id_rsa is your private key
- less .ssh/id_rsa
- id_rsa.pub is your public key
- less .ssh/id_rsa.pub
Accessing Remote Machines
authorized_keys
authorized_keys is a list of the public keys of other computers authorized to login without entering a password.
- less .ssh/authorized_keys
Accessing Remote Machines
ssh-keygen
ssh-keygen (no spaces) can generate a public and private key if you don’t already have them. This command does not work on a Mac.
- The command is just
ssh-keygen. Do NOT generate a new public and private key if you already have one.- Check for an existing pair
ls .sshto see if they already exist.- if you see id_rsa and id_rsa.pub then you already have a generated key pair
- if they are not there - it is safe to generate new ones
- if you don’t already have a .ssh file you should create one now.
mkdir .ssh ssh-keygen- When prompted for the name of the file enter
.ssh/id_rsa - Enter NO passphrase - A passphrase is for extra security and defeats our purpose of not entering a password.
- if you don’t already have a .ssh file you should create one now.
- Check your work
ls .ssh
Accessing Remote Machines
ssh-copy-id
Once you have a public/private key pair you can share the public key with another machine to allow yourself to log in without the use of a password.
ssh-copy-id (no spaces) enables you to log into remote machines without entering a password by copying your public key to the other computer. The ssh-copy-id command does all the work of copying the public key to the remote machine and correctly putting the information everywhere it needs to be. It stores this information in the authorized_keys file. This command does not work on a Mac.
Accessing Remote Machines
Then when you ssh to that computer, the authorized_keys file is checked, if there is an entry for your computer, then the private key on your computer talks to the public key on the other computer - and if they are a correct pair then you can connect to the machine without a password.
- ssh-copy-id <username>@<remote machine name or ip address >
- ssh-copy-id smorgan@scratch.cs.dixie.edu
- ssh-copy-id scratch
This will allow you to log into remote machine without entering a password because by sharing your public key it’s like saying I’m the same person on both machines - trust me.
Beware
Be very careful to only generate a public/private key pair if it doesn’t already exist. You can break your CIT profile and/or your virtual machine access if you generate a new one within your profile. Of course it can be fixed.
Within the CIT network - our access to our Virtual Machines depends on the known_hosts and authorized_keys file. Don’t delete these files.
On most computers you can delete both the known_hosts and authorized_keys file without doing any real damage. You simply have to restore known_hosts and authorized_keys that you want to keep.
If these commands are done incorrectly or if you replace an existing rsa_key - it could break your vm.cs.dixie.edu account. If some of your virtual machines start disappearing or if you are not able to turn on and off your virtual machines. Then run the following commands:
- ssh vm.cs.dixie.edu
- /qemu/bin/citv init
Textbook Time
- WES-16 - bottom of page 205-212, wget, ssh, scp and sftp
Last Updated 09/26/2019