Tardis Beginner Tutorials/9

From Tardis
Jump to: navigation, search

Tutorial 9: Setting up RSA keys and using SCP As well as interactive password authentication, ssh supports public & private RSA key pairs. What this means is that you don't have to type your password in every time you want to log into a remote machine over ssh - all you have to do is set up a key pair. The point of this particular tutorial however is that there is more to ssh than just a shell login - ssh can be used to transfer files (scp) and set up tcp portforwards between two hosts, which can then be used to set up tunnels... overall ssh is a very powerful tool.

You can set up rsa keys between any pair of machines. You generate a pair of keys on a machine - a private key and a public key - and copy the public key over to the remote machine(s). You can then log into the remote machine(s) using the key authentication automatically - all this is done by default, the only difference from the user's perspective is that no password prompt appears. There are simple ways to set up rsa keypairs using tools in the putty suite, but i've never used them and am not going to explain how to use them. If you are interested, check the docs yourself on the putty website. To set this up on a linux machine to be able to log into tardis without typing a password, or to generate a keypair on tardis to log into another machine, do:

ssh-keygen -t rsa

Simply press return to all the prompts to accept the defaults, you want no passphrase. Then you will need to copy the contents of the newly created ~/.ssh/id_rsa.pub into ~/.ssh/authorized_keys if it doesn't exist or append the contents to the end if it does. You can either copy and paste the contents across manually using a text editor on each machine, or you can do it using scp and learn something on the way :) So let's do that:

scp ~/.ssh/id_rsa.pub [username]@ssh.tardis.ed.ac.uk:~/tempkey

Feed it your password... then you'll need to log into the remote machine. If you were doing this from tardis to another machine, obviously you would put the other machine instead of ssh.tardis... anyway, logged into the remote machine, do:

cat ~/tempkey >> ~/.ssh/authorized_keys
rm -f ~/tempkey

That's all you have to do - no more password prompts. And now you know how to use scp - if you're not sure you understand the syntax used above, man scp. The advantage of these two things is in the combination - you will find you can write cron scripts on your home linux box to scp certain files into your webdir at certain intervals for instance, and countless similar uses.

Now assuming you have your website built already on your home box, whether it's windows or linux or whatever, you can easily scp the contents to your webdir without having to set up any frippery with fileservers of any kind, either using linux scp or putty's pscp - for example, scp ~/myhtml/* jimbob@ssh.tardis.ed.ac.uk:/var/autofs/www/users/jimbob/pages/ - without even having to log into tardis (although bear in mind you may have to modify the permissions of the files you copy to be readable to the html daemon). To find out how to do this, read man chmod, but in short, for files you want to chmod 644 [filename] and for directories chmod 755 [filename] (the difference being that directories have to be marked executable for the user to be able to browse to them). Also for certain script files, such as php files, you will want to make the permissions executable (755). Read the man page to find out what these numbers mean and how to use them.

It is also worth mentioning winscp which seems a very popular windows scp client, which can also do sftp. You can get winscp from http://winscp.sourceforge.net/eng/download.php. It is incredibly easy to use - fill in the hostname as ssh.tardis.ed.ac.uk, your username and password as themselves (duh), and select scp at the bottom instead of sftp. You'll get a nice graphical interface reminiscent of most windows ftp clients - the left shows your local machine, the right shows your tardis homedir, and you can simply drag and drop from one side to the other. For advanced usage have a look at its help system. Very very easy :)

Next - how to download stuff and browse the internet from the shell.

Next: Web browsing using links and wget