SSH

SSH remote access¶

Each IDCS partner laboratory provides SSH remote access to their laboratory IT resources or IDCS IT resources by a SSH input gateway.

graph LR
    You --> SSH-Laboratory-Gateway
    SSH-Laboratory-Gateway --> ServerX

SSH laboratory input gateway¶

CMLSCPHT

ssh.cmls.polytechnique.fr

ssh.cpht.polytechnique.fr or pascal.cpht.polytechnique.fr

SSH remote login is only allowed with SSH Key pair.

SSH Key generation¶

Linux or MAC OS X
1. In a terminal, check on your computer that you don't have a key pair :
```
$ cd ~/.ssh
$ ls
authorized_keys2  id_rsa      known_hosts
config            id_rsa.pub
```
  Find a key pair like id_rsa and id_rsa.pub (or id_ed25519 and id_ed25519.pub). The pub file is the public key (which can be communicated to anyone) while the other is the private key. If you don't see these files, it is necessary to generate them.
  
  RSA Algorithm
  
  It depends on the size of the key. A key length less than 4096 bits is now considered not secure. So, we recommend to use the ed2556 algorithm from now on.
  
  Ed25519 Algorithm
  
  It’s the most recommended public-key algorithm available today. The Ed25519 public-key is compact. It only contains 68 characters, compared to RSA 3072 that has 544 characters.
2. In a terminal, run this command ssh-keygen with ed25519 algorithm:
```
$ ssh-keygen -t ed25519
```
3. This command asks you to save the key in the default file id_ed25519 file, then asks a passphrase to protect the private key :
```
Generating public/private ed25519 key pair.
Enter file in which to save the key (/home/ubuntu/.ssh/id_ed25519): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/ubuntu/.ssh/id_ed25519
Your public key has been saved in /home/ubuntu/.ssh/id_ed25519.pub
```
4. Transmit the public key id_ed25519.pub to IDCS IT support.
5. IT support will then copy the contents of your public key into ~/.ssh/authorized_keys of your home directory and then confirm you that you can connect to the gateway.
Windows (with PuTTY)
1. Download and install SSH client : PuTTY
2. Run the tool PuTTYgen et select ED25519 as the key type, then click on Generate :
3. Move your mouse cursor randomly in the area below the progress bar, as shown below :
4. Once the progress bar is complete, the window below appears and asks you for a key passphrase that protects the private key :
5. Transmit the public key in the field starting with ssh-ed25519... to IDCS IT support.
6. IT support will then copy the contents of your public key into ~/.ssh/authorized_keys of your home directory and then confirm you that you can connect to the gateway.

SSH client configuration¶

With SSH you could create the file $HOME/.ssh/config to simplify some ssh setup, like:

fix some options.
fix remote username for one host.
use host alias.

Host aliases¶

The following example of config file, defines two aliases: cpht and cholesky. They make the command line shorter to connect you to the cholesky frontend. Thus, ssh <your_login>@cpht.polytechnique.fr is replaced by ssh cpht. Note that the alias cholesky reuses the alias cpht so as to bounce on the SSH CPHT gateway before connecting to the cholesky front head (if you have registred cpht as your connection machine).

Note

Replace <your_login>, and <path_to_ssh_key> with your own setup.

Host *
  ForwardAgent yes

Host cpht
   HostName ssh.cpht.polytechnique.fr
   User <your_login> # replace with your own login
   ForwardX11 yes
   IdentityFile <path_to_ssh_key> # replace with your own path, e.g. ~/.ssh/id_rsa
   Port 22

Host cholesky
   HostName cholesky-login.mesocentre.idcs.polytechnique.fr
   User <your_login> # replace with your own login
   IdentityFile <path_to_ssh_key> # replace with your own path, e.g. ~/.ssh/id_rsa
   Port 22
   ProxyJump cpht # proxy jumping with cpht