User Tools

Site Tools

Trace:
using_ssh_for_connections_transfer_to_from_sdf

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
using_ssh_for_connections_transfer_to_from_sdf [2021/03/14 01:57] – [connecting to SDF from a network] hc9using_ssh_for_connections_transfer_to_from_sdf [2022/12/05 06:32] (current) hc9
Line 27: Line 27:
 Here we discuss some peculiarities concerning SDF and SSH. Here we discuss some peculiarities concerning SDF and SSH.
  
-==== file and directory permissions ====+=== file and directory permissions ===
  
 [[using_ssh_for_connections_transfer_to_from_sdf#ssh_public_key_authentication|Public key authentication]] will not work, if the home directory (''$HOME'') or the user's ssh directory ''$HOME/.ssh'' are world writable. Your home directory should never be world writable, anyway! [[using_ssh_for_connections_transfer_to_from_sdf#ssh_public_key_authentication|Public key authentication]] will not work, if the home directory (''$HOME'') or the user's ssh directory ''$HOME/.ssh'' are world writable. Your home directory should never be world writable, anyway!
  
-To make sure you have the right permissions, execute the following command in the shell while logged into your account:\\ ''chmod go-w $HOME $HOME/.ssh''+To make sure you have the right permissions, execute the following command in the shell while logged into your account: 
 + 
 +''chmod go-w $HOME $HOME/.ssh''
  
 You should look up ''chmod'' in the manpages, if you don't understand this command. You should look up ''chmod'' in the manpages, if you don't understand this command.
  
-===== special topics =====+=== special topics ===
  
-==== How to enable Port Tunneling and Why ====+===== How to enable Port Tunneling and Why =====
  
 === What is port tunneling good for === === What is port tunneling good for ===
  
-Port tunneling is the ability to tunnel from your internet point for presence back to SDF servers and use the SDF servers like a [[http://en.wikipedia.org/wiki/SOCKS|Socks 4 Proxy]]. This allows your connection to be encrypted via SSL between your internet access point and SDF. This allows your traffic to be more secure if you are on a public internet access point+Port tunneling is the ability to tunnel from your internet point for presence back to SDF servers and use the SDF servers like a [[wp>SOCKS|Socks 4 Proxy]]. This allows your connection to be encrypted via SSL between your internet access point and SDF. This allows your traffic to be more secure if you are on a public internet access point
  
 === What tools are needed === === What tools are needed ===
Line 67: Line 69:
 === How to use the Tunnel you just enabled === === How to use the Tunnel you just enabled ===
  
-I am now going to configure Trillian (A great multi IM chat program) to use the Tunnel. It should be obvious how to configure other applications from these screenshots. \\  First click on the "Trillian Prefernces" and select "Advanced Preferences". Select "Proxy" If you want all your chat services to use the proxy select use one setting for all services checkbox. Otherwise configure this on each service you want to encrypt over the tunnel.+I am now going to configure Trillian (A great multi IM chat program) to use the Tunnel. It should be obvious how to configure other applications from these screenshots. \\  First click on the "Trillian Preferences" and select "Advanced Preferences". Select "Proxy" If you want all your chat services to use the proxy select use one setting for all services checkbox. Otherwise configure this on each service you want to encrypt over the tunnel.
  
 {{:using_ssh_for_connections_transfer_to_from_sdf:trillian.gif?nolink|Trillian screenshot 1}} {{:using_ssh_for_connections_transfer_to_from_sdf:trillian.gif?nolink|Trillian screenshot 1}}
Line 73: Line 75:
 Click on "Close". Now your service should be able to connect through the tunnel. Again this will encrypt all traffic from your Internet Access Point to SDF. Once it leaves SDF it will no longer be encrypted (Unless you are hitting a HTTPS page or something already encrypted). \\ \\  Technically any program that supports a Socks 4 proxy can be used with the tunnel. Click on "Close". Now your service should be able to connect through the tunnel. Again this will encrypt all traffic from your Internet Access Point to SDF. Once it leaves SDF it will no longer be encrypted (Unless you are hitting a HTTPS page or something already encrypted). \\ \\  Technically any program that supports a Socks 4 proxy can be used with the tunnel.
  
-==== SSH Public Key Authentication ====+===== SSH Public Key Authentication =====
  
 These instructions attempt to explain the basic concepts of SSH Public Key Authentication, what it is, and the steps required to use it. These instructions attempt to explain the basic concepts of SSH Public Key Authentication, what it is, and the steps required to use it.
  
-//Note: Please make sure to have set the [[#sdf_permissions|correct permissions]] in your SDF account, before attempting to set up public key authentication!// Also note that there is another way of doing this, explained further down by another user. Your mileage may vary!+//Note: Please make sure to have set the [[#file_and_directory_permissions|correct permissions]] in your SDF account, before attempting to set up public key authentication!// Also note that there is another way of doing this, explained further down by another user. Your mileage may vary!
  
 Logging in with SSH key authentication means that you do not have to use your SDF account password. Instead, you generate a 'key' -- which is two long strings of characters stored in a pair of files -- and these files are used to verify that you are who you say you are. Since your key can reliably identify you, you can authorize the user of this key (you, hopefully) to log in to your SDF account. You can authorize any key you wish, and adding someone's key would allow them to log in to your SDF account, without even using or knowing your password. Logging in with SSH key authentication means that you do not have to use your SDF account password. Instead, you generate a 'key' -- which is two long strings of characters stored in a pair of files -- and these files are used to verify that you are who you say you are. Since your key can reliably identify you, you can authorize the user of this key (you, hopefully) to log in to your SDF account. You can authorize any key you wish, and adding someone's key would allow them to log in to your SDF account, without even using or knowing your password.
Line 99: Line 101:
 You're almost done! Now you need to let the server know about your new key. After you do this, the ssh, scp and sftp programs will use the key files automatically. So (optionally, but it is recommended) save your session, and then connect. Now do the following to authorize your key: You're almost done! Now you need to let the server know about your new key. After you do this, the ssh, scp and sftp programs will use the key files automatically. So (optionally, but it is recommended) save your session, and then connect. Now do the following to authorize your key:
  
-0. Copy the contents in the Key Generator window ("Public key for pasting into OpenSSH authorized_keys file"+  - Copy the contents in the Key Generator window ("Public key for pasting into OpenSSH authorized_keys file"
- +  Log in as normal and run the following commands. 
-1. Log in as normal and run the following commands. +  ''$ mkdir ~/.ssh'' 
- +  ''$ cd ~/.ssh/'' 
-2. ''$ mkdir ~/.ssh'' +  ''$ touch authorized_keys'' 
- +  Open the authorized_keys file you just created in a text editor. 
-3. ''$ cd ~/.ssh/'' +  Paste the contents of that box in to the authorized_keys file. In PuTTY, right click copies and pastes. 
- +  Save the authorized_keys file.
-4. ''$ touch authorized_keys'' +
- +
-5. Open the authorized_keys file you just created in a text editor. +
- +
-6. Paste the contents of that box in to the authorized_keys file. In PuTTY, right click copies and pastes. +
- +
-7. Save the authorized_keys file.+
  
 You should now be able to log in using SSH Key Authentication. You should now be able to log in using SSH Key Authentication.
Line 131: Line 126:
 You now have two new files in the ~/.ssh/ directory. These files are your public and private key and will be named id_rsa.pub and id_rsa respectively. The ssh, scp and sftp programs use these files automatically. To enable the server to recognize your key, follow these steps: You now have two new files in the ~/.ssh/ directory. These files are your public and private key and will be named id_rsa.pub and id_rsa respectively. The ssh, scp and sftp programs use these files automatically. To enable the server to recognize your key, follow these steps:
  
-1. Log in as normal and run the following commands. +  - Log in as normal and run the following commands. 
- +  ''$ mkdir ~/.ssh'' 
-2. ''$ mkdir ~/.ssh'' +  ''$ cd ~/.ssh/'' 
- +  ''$ touch authorized_keys'' 
-3. ''$ cd ~/.ssh/'' +  Open the authorized_keys file you just created in a text editor. 
- +  Paste the contents of your id_dsa.pub file in to the authorized_keys file. 
-4. ''$ touch authorized_keys'' +  Save the authorized_keys file.
- +
-5. Open the authorized_keys file you just created in a text editor. +
- +
-6. Paste the contents of your id_dsa.pub file in to the authorized_keys file. +
- +
-7. Save the authorized_keys file.+
  
 You should now be able to log in using SSH Key Authentication. You should now be able to log in using SSH Key Authentication.
  
-==== connecting to SDF from a network ====+===== connecting to SDF from a network =====
  
 //... or configuring SSH clients to use a SOCKS proxy server// //... or configuring SSH clients to use a SOCKS proxy server//
Line 164: Line 153:
 This client is often supplied by universities to their students. This client is often supplied by universities to their students.
  
-|**1**|Access the settings dialogue under "Edit -> Settings"| +  - Access the settings dialogue under "Edit -> Settings" 
-|**2**|Under the ''Connection'' section, make sure that the tickbox marked Connect through firewall is checked+  Under the ''Connection'' section, make sure that the tickbox marked Connect through firewall is checked. 
- +    {{:using_ssh_for_connections_transfer_to_from_sdf:ssh-connection-setting.png?nolink|}} 
-{{:using_ssh_for_connections_transfer_to_from_sdf:ssh-connection-setting.png?nolink|}} +  Under the ''Firewall'' section (near the bottom of the list) enter your SOCKS proxy settings in the form of ''socks:[host]:[port]'' Illustrated are the settings for TCD. 
- +    {{:using_ssh_for_connections_transfer_to_from_sdf:ssh-firewall-setting.png?nolink|}} 
-|**3**|Under the "Firewallsection (near the bottom of the list) enter your SOCKS proxy settings in the form of ''socks://[host]:[port]'' Illustrated are the settings for TCD.+  -Connect as normal!
- +
-{{:using_ssh_for_connections_transfer_to_from_sdf:ssh-firewall-setting.png?nolink|}} +
- +
-|**4**|Connect as normal!|+
  
 === PuTTY === === PuTTY ===
Line 179: Line 164:
 A popular free SSH client. A popular free SSH client.
  
-|**1**|Select in the left window "Proxy" (located under the "Connection" branch)+  - Select in the left window "Proxy" (located under the "Connection" branch) 
- +    {{:using_ssh_for_connections_transfer_to_from_sdf:ssh-putty-config.png?nolink|}} 
-{{:using_ssh_for_connections_transfer_to_from_sdf:ssh-putty-config.png?nolink|}} +  Enter in your details. Illustrated are those for TCD. 
- +  Connect as normal! (You may want to save these details for future use)
-|**2**|Enter in your details. Illustrated are those for TCD.| +
-|**3**|Connect as normal! (You may want to save these details for future use)|+
  
 === Commandline ssh client === === Commandline ssh client ===
using_ssh_for_connections_transfer_to_from_sdf.1615687035.txt.gz · Last modified: 2021/03/14 01:57 by hc9