Contents
Connecting to Physics Department Login Servers
The Department login servers for ssh access from anywhere are named login.physics.wisc.edu
. Once connected via ssh, you can
- change your password
- use unix utilities
- access AFS files
- use HTCondor
- create a personal web page
- ssh to other Department servers
On a Windows computer, you can use the built-in ssh command or a GUI ssh client such as PuTTY. On a Mac, you can use ssh from the Terminal app found in Applications/Utilities.
Below is an example ssh session. Note that the ‘$’ sign is not part of the command. It is part of the command prompt. Therefore, when copying the command, enter just ssh youraccount@login.physics.wisc.edu
.
$ ssh dan@login.physics.wisc.edu dan@login.physics.wisc.edu's password: Last login: Tue Apr 15 11:24:06 2014 from 128.104.164.180 ####################################################### Welcome to login01.physics.wisc.edu Scientific Linux release 6.4 (Carbon) 996.66 MB RAM 1 cores of type QEMU Virtual CPU version 1.1.2 ####################################################### [dan@login01 ~]$ logout Connection to login.physics.wisc.edu closed.
Passwordless Authentication
If you frequently ssh to login.physics.wisc.edu
, you may wish to use a form of authentication that avoids frequent entry of your password. SSH keys are one way to achieve this, but they have the disadvantage of not obtaining an AFS token. One way to get an AFS token and avoid entry of your password every time you ssh is to use kerberos delegation.
Windows (PuTTY): Kerberos Delegation
In the Kerberos Network Identity Manager, ensure your account is the default account. If it is not, right click and select “set as default”
( To install Kerberos Network Identity Manager follow the instructions here: Windows AFS Setup )
Edit your PuTTY configuration to allow GSSAPI credential delegation.
This option is located under: Connection -> SSH -> Auth -> GSSAPI
If you have not yet logged into Kerberos and/or your Kerberos ticket has expired you will be prompted to log into your Kerberos account. The prompt should no longer appear after doing this once unless your ticket has expired or you have been logged out of Kerberos.
Windows (Cygwin): Kerberos Delegation
Install Cygwin, including the openssh and krb5-workstation packages.
Run the Cygwin Terminal as Administrator.
Add the following to /etc/krb5.conf:
[libdefaults]
forwardable = yes
Close Cygwin Terminal, then run it again, this time NOT as administrator.
Put the following in ~/.ssh/config
GSSAPIAuthentication yes
GSSAPIDelegateCredentials yes
Then you can get a kerberos ticket for PHYSICS.WISC.EDU, and this will be used to authenticate you in all subsequent ssh sessions. Once the ticket expires, you will need to get a new one. To get a ticket, use the following command:
kinit youraccount@PHYSICS.WISC.EDU
Mac: Kerberos Delegation
Put the following in ~/.ssh/config
GSSAPIAuthentication yes
GSSAPIDelegateCredentials yes
# add following line only in macOS <= 10.11; else see note below
GSSAPITrustDns yes
Then you can get a kerberos ticket for PHYSICS.WISC.EDU, and this will be used to authenticate you in all subsequent ssh sessions. Once the ticket expires, you will need to get a new one. To get a ticket, use the following command:
kinit youraccount@PHYSICS.WISC.EDU
Note: on macOS > 10.11, passwordless ssh does not currently work when the target specified is login.physics.wisc.edu. Instead, you need to specify login01.physics.wisc.edu or login02.physics.wisc.edu.
Linux: Kerberos Delegation
Put the following in ~/.ssh/config
GSSAPIAuthentication yes
GSSAPIDelegateCredentials yes
Then you can get a kerberos ticket for PHYSICS.WISC.EDU, and this will be used to authenticate you in all subsequent ssh sessions. Once the ticket expires, you will need to get a new one. To get a ticket, use the following command:
kinit -f youraccount@PHYSICS.WISC.EDU
Transferring Files
Files can be securely transferred to and from the Department login machines using the ssh protocol. Under Windows, this can be done using a tool such as WinSCP. On a Mac or in Linux, this can be done using the command-line tools scp
and sftp
.
Example scp file transfer
This example copies a file from my computer where I am running scp
to my AFS home directory. The same thing could be achieved by setting up AFS access directly from my computer.
$ scp MyDocument.pdf dan@login.physics.wisc.edu:
This example copies a file from my AFS home directory to my computer where I am running scp
and puts it in a directory named Downloads
.
$ scp dan@login.physics.wisc.edu:MyDocument.pdf Downloads/