Connecting with Secure Shell
Secure shell (SSH) is used to connect to command line sessions on remote systems using a secure (encrypted) connection. There are many different SSH clients available for a range of computing devices but the basic details you will need for your SSH client are:
Host Name | unix.ncl.ac.uk |
Port Number | 22 |
Username | (your campus username without any 'campus' or '@newcastle.ac.uk' parts) |
Authentication Type | Password (if connecting from on-campus) / SSH Key (if connecting from off-campus) |
Connecting from off-campus
To connect to the timesharing service from off-campus you must use SSH key authentication instead of password authentication. Every SSH client tends to handle key authentication slightly differently but the general process is:
- Create an SSH key pair with your SSH software
- Copy the public key to the timesharing service and add to your ~/.ssh/authorized_keys file
- Use the private key to authenticate in your SSH software
Using key authentication with OpenSSH (Linux, MacOS)
First, create an SSH key pair on your computer:
mypc$ ssh-keygen -f mykey
Enter a strong passphrase to protect the private key when prompted. This will create two files called "mykey" (the private key) and "mykey.pub" (the public key). The private key should be kept on your computer(s) only and not distributed.
Now push the public key to the timesharing server:
mypc$ ssh-copy-id -i mykey.pub <myuserid>@unix.ncl.ac.uk
(the ssh-copy-id command copies your public key to a remote server and automatically adds it to the authorized_key file - because it uses password authentication you must run this step while connected to the on-campus network)
You can now use SSH key authentication to log into the time sharing service. Use the ssh command's '-i' switch to indicate that you want to use a private key:
mypc$ ssh -i mykey <myuserid>@unix.ncl.ac.uk
Optionally, you can configure OpenSSH to always use your key for ssh, scp, sftp, etc by creating or editing the client configuration file on your computer ($HOME/.ssh/config). Add an entry like this:
Host unix.ncl.ac.uk
User <your campus login ID>
IdentityFile <path to your private key>
Using key authentication with PuTTY (Windows)
First, start the "PuTTYGen" utility provided with PuTTY and click on "Generate" - follow the instructions to generate the key. If your installation of PuTTY doesn't include PuTTYGen you can download the latest version from the PuTTY download page.
In the "Public key for pasting into OpenSSH authorized_keys file" text box, right click, "Select All" then right click, "Copy" to copy the OpenSSH public key to your clipboard.
Next, enter a strong passphrase to protect your private key in the "Key Passphrase" and "Confirm Passphrase" boxes.
Finally, save your keys on your computer by clicking on "Save public key" and "Save private key".
Now, start PuTTY and log into unix.ncl.ac.uk as usual. Create a ".ssh" directory in your home directory if it doesn't already exist:
aidan$ mkdir -p ~/.ssh && chmod 700 ~/.ssh
Using the editor of your choice, edit or create the "authorized_keys" file in your ".ssh" directory, eg:
aidan$ nano ~/.ssh/authorized_keys
Right-click in the PuTTY window to paste the OpenSSH public key data you copied into your clipboard earlier. Save the file.
Set the correct permissions on the file
aidan$ chmod 600 ~/.ssh/authorized_keys
You can now configure PuTTY to use your private key for authentication. In the main PuTTY screen navigate to Connection -> SSH -> Auth -> Private Key and select the private key you saved earlier.
Now navigate to Connection -> Data -> Auto-login username and set your campus username.
Return to the main PuTTY session page, add the hostname and save the session settings with a descriptive name.
Using key authentication with MobaXterm (Windows)
MobaXterm uses PuTTY-format keys, so to create your SSH keypair, follow the "PuTTYGen" instructions above. Once you have generated your keys and copied the public key data to the timesharing server you can create a new SSH session (or modify an existing one) in MobaXterm to use them.
Right click in the "User Sessions" pane and create or modify a session.
On the "SSH" pane, click on the "Advanced SSH Settings" tab and tick "Use private key". Click on the adjacent blue document icon to search for your PuTTY private key you generated earlier and select it.
Save the session and connect as usual.
Troubleshooting Tips
- Ensure that the permissions on your ".ssh" directory (chmod 700) and "authorized_keys" file (chmod 600) on the timesharing server are correct
- Check that the data in the ~/.ssh/authorized_keys file on the timesharing server matches the original public key exactly
- Make sure your public key is in OpenSSH format: if it was generated with a different client it may need to be converted