Connecting Machines
How to connect to department machines
On Mac/WSL
- Check you have an Admitto account and collect your password from https://www.ch.cam.ac.uk/computing/admitto-service
- The bastion host barbican.ch.cam.ac.uk requires ssh keys and an MFA token to log in. Instructions can be found here: https://www.ch.cam.ac.uk/computing/network-bastion-host
- In the terminal run the command ssh -X crsid@barbican.ch.cam.ac.uk
- When prompted input your Admitto username (crsid) and password
- Once this has worked run the command ssh -X crsid@machinename in the terminal to log into a particular machine
Set up logging in without a password:
- Generate an ssh key by running the command ssh-keygen in the terminal, as described in detail in the section "Introduction to basic shell commands"
- Use cd ~/.ssh to navigate to the directory holding the keys, and copy the text from the file "id_rsa.pub" beginning with ssh-rsa. This is your public ssh key
- Log into the department barbican machine, and create / navigate to a directory called .ssh
- Use chmod 700 .ssh to set permissions for the directory
- Input vi authorized_keys to open up the vi text editor. Press i, then paste in your public ssh key. Press escape, then type :wq and press enter to write and quit the editor
- Log into the particular machine you want to ssh to, and repeat steps 3 to 5
- Exit back to your machine and navigate to the home directory
- Input vi .ssh/config to open the vi text editor. Press i, then paste in the following, with your crsid and machine name in the places given:
Host barbican
User crsid
Hostname barbican.ch.cam.ac.uk
ForwardAgent yes
ProxyCommand none
Host machinename
Hostname machinename
ProxyCommand ssh barbican -W %h:%p
User crsid
ForwardAgent yes
ServerAliveInterval 60
ServerAliveCountMax 10
Press escape, then input :wq followed by enter to exit the editor.
You can now log straight into barbical with ssh barbican or straight into your machine with ssh machinename. The last two commands stop the ssh being killed if you are idle for too long. The ServerAliveInterval is how many seconds to ping a null packet, and the ServerAliveCountMax are how many consecutive times it needs to fail for the ssh to be killed.
File Transfer Protocol
You may want to transfer files between department machines and your computer. The standard way is to scp via the terminal with commands :
UPLOAD : scp -o ProxyCommand="ssh crsid@barbican.ch.cam.ac.uk nc machinename 22" LocalPath/FileName crsid@machinename.ch.cam.ac.uk:/RemotePath DOWNLOAD : scp -o ProxyCommand="ssh crsid@barbican.ch.cam.ac.uk nc machinename 22" crsid@machinename.ch.cam.ac.uk:/RemotePath/FileName LocalPath
However, a more convenient way is to set up a File Transfer Protocol (FTP) between machines. It can come with a graphic user interface, where you can drag and drop files from the department machine to your computer.
Windows
I recommend the WinSCP software. You can download it from here. Once installed, click New Session, and choose SFTP protocol with :
Hostname = machinename Port number = 22 Username = crsid Leave 'Password' entry empty.
Then click on Advanced..., Tunnel tab, check the Connect through SSH tunnel tickbox and enter:
Hostname = barbican.ch.cam.ac.uk Port number = 22 Username = crsid Leave 'Password' entry empty.
Click OK and click Save, and finally Login. Enter your admitto password twice. You can now navigate in the directories of the remote machine on the right tab, and of your local computer on the left tab, and you can transfer files between the two with a drag and drop. Enjoy !
Mac/Linux
You can download FileZilla for MacOS or linux. The problem is that FileZilla does not support tunnel ssh. To open the connection, you need to use a ssh client like puTTY. On MacOS please follow this guide.
On Linux you can do :
sudo apt-get install -y putty
Open it by typing putty on the terminal. The interface should open. Type the following entries :
in the SSH/Tunnels tab :
Source Port = 3111 Destination = machinename:22 local auto
and click Add. (source port can be any number > 1024)
in the session tab :
Host Name = barbican.ch.cam.ac.uk port = 22 connection type = SSH
Enter a name for this connection in the saved sessions entry, and click Save.
Now click Open. A terminal should open, type your crsid and your admitto password, you're now logged into Barbican (it's normal that it's not your machine).
Now open FileZilla, and enter :
Host = sftp://localhost username = crsid password = admitto password port = 3111
and click Quickconnect. (port needs to be the same as source port in puTTY).
A window will open (Unknown host key), click OK. Hopefully the connection is successful.
You can now navigate in the directories of the remote machine on the right tab, and of your local computer on the left tab, and you can transfer files between the two with a drag and drop. Enjoy !
Using VSCode Remote
Windows
- Find your wsl ssh config file as a Windows path, for example '\\wsl.localhost\Ubuntu\home\<name>\.ssh\config
- Make sure you have the 'Remote SSH' extension installed in VSCode
- In your config file, instead of using the layout above, change it to
Host barbican
User <crsid>
Hostname barbican.ch.cam.ac.uk
ForwardAgent yes
ProxyCommand none
Host <machinename>
Hostname <machinename>
ProxyJump barbican
User <crsid>
ServerAliveInterval 60
ServerAliveCountMax 10
(this has removed the ForwardAgent and ProxyCommand lines and replaced with ProxyJump instead)
- In VSCode, set your ssh config file manually to your path. Your wsl ssh folder can be copied into a Windows path (C:\Users\<user>\<blah>)if VSCode is not happy with the wsl path.
- At the bottom left, the green arrows is where you will be able to connect to remote machines. Click on it, and it should recognise all the hosts in your config file
- Select your host, and you will need to enter your password twice