Remote Access to CSci-E28 class server

Table of Contents

1. Access using a password

(See "Getting Started in CSCI-E28" at https://cscie28.dce.harvard.edu/~dce-lib215/news/Starting28.html for information on setting up your account.)

As of this year in order to use ssh access you must be connected to the Harvard University VPN.

You can access your account on the class server using the ssh command: 

$ ssh your-account@cscie28.dce.harvard.edu

and then providing your password. You can also use the scp and sftp commands to access remote files: 

$ scp local-path your-account@cscie28.dce.harvard.edu:remote-path
$ scp your-account@cscie28.dce.harvard.edu:remote-path local-path

Just like cp you can copy file-to-file or many-files-to-directory.

The sftp program is used more interactively. You connect to the remote machine and use ftp-like commands to transfer files. (I don't use this much.)

However every time you access ssh, scp, or sftp in this manner you need to provide the remote password, which can be tedious unless you set up passwordless login.

2. Setting up ssh for passwordless login

It's very convenient to set up ssh so you can log into the class server without specifying a password. You need to be able to log into your-account @cscie28.dce.harvard.edu with your password to set this up. After that you can still use your password but in most cases you won't need to.

This works by creating a public/private key pair. The private key remains on your local computer (Linux, Mac, or Windows). It is recommended but not required that you create a passphrase when you create your private key. This is used to encrypt the private key on your own machine so that even if the files are compromised you have some protection.

The public key is appended to your ~/.ssh/authorized_keys file on the remote machine. This file contains a list of public keys for which holders of the corresponding private key are allowed access.

See https://linuxize.com/post/how-to-setup-passwordless-ssh-login/

3. Using the ssh key

On most systems you can use the ssh-add program to add an identity to the current session. This will persist until you log out or reboot the machine. You only need to provide the passphrase for the ssh private key once, and the ssh-agent program which in most cases is running automatically will keep track of it. The 

$ ssh-add -l

command will list the current identities, and ssh-add -d will delete an identity. By default the identity in ~/.ssh/id_rsa is used, by you can specify a different file if you wish to manage more than one identity.

If using the ssh or scp command asks for your passphrase then you do not have an identity active in the current session. It will keep asking for the passphrase which makes it not any more convenient than using the login's password in the first place.

(I believe it is also possible to install the private key into an ssh-agent automatically at login; on the Mac this uses the macOS Keychain facility. You need to determine if you're comfortable with that level of access since it means anyone with access to your local machine can access your remote accounts.)

4. Creating an ssh alias

When using ssh and scp (secure copy) it is very convenient to create an alias for the remote login so you don't have to type your-account @cscie28.dce.harvard.edu constantly. This can be done by adding an alias in the ~/.ssh/config file on your local machine. You can add the lines 

Host e28
	HostName cscie28.dce.harvard.edu
	User your-account

to that file. Remember that the ~/.ssh directory should be protected mode 0700 (read, write, and execute only for you). The ~/.ssh/config file should be mode 0600 (read, write only for you).

This means that instead of 

$ scp dir/filenames ... your-account@cscie28.dce.harvard.edu:dirname

you can instead type 

$ scp dir/filenames ... e28:dirname

which is much more convenient and you won't mistype it as often.

5. Other .ssh/config entries

If you find that the remote machine logs you off too often you can also add the indented directive ServerAliveInterval 300 to the Host entry above, or if there is more than one system you routinely connect to you can say 

Host *
	ServerAliveInterval 300

Other useful entries are 

Compression		yes
ForwardAgent 		yes
ForwardX11Timeout	24h
SendEnv 		LANG LC_* TZ

6. Remote Editing

Some code editing programs and IDEs will support remote access. If you use GNU Emacs this is available via the Tramp built-in facility.

Visual Studio Code has extensions provided by Microsoft (Remote - SSH) that allow it to use ssh/scp to access remote directories. See this article for details: VS Code Remote Development using SSH.

Vim has similar facilities where you can specify a file as 

$ vim scp://[user@]host/path/to/file

The equivalent Emacs path is 

$ emacs /ssh:[user@]host:path/to/file

although you can usually abbreviate "ssh" as "-" as it is the default method for remote file connection. So for me 

$ emacs /-:e28:path/to/file

is all I need. This also works within the program after C-x C-f for example. Note that the first connection can take a few seconds; after that Emacs will cache the connection for re-use.

Date: 2022-01-23

Author: Alexis Layton (all208@g.harvard.edu)

Created: 2022-02-09 Wed 19:20

Validate