ARCHIVED: Using SSH on Libra at IU

Note: UITS will retire Libra in spring 2009. Accounts are available on Quarry, a general-purpose Unix computing environment. For more, see ARCHIVED: About the Libra retirement.

On this page:

Introduction

To connect to the Libra cluster from your Windows, Macintosh, or Unix or Linux workstation, you will need to have an SSH version 2 client installed. For security reasons, telnet, rlogin, and rsh are not permitted. See At IU, what SSH/SFTP clients are supported and where can I get them? Also, OpenSSH source code is available locally. (This site mirrors http://www.openssh.org/.)

Note: The following information is valid for OpenSSH Version 2 only.

SSH connections to Libra from your Unix workstation

  1. Launch your terminal application (e.g., xterm or rxvt).

  2. Enter ssh -X username@libra.uits.iu.edu , where username is your IU Network ID username.

    Note: The -X option for SSH enables automatic X11 forwarding, so you can run X Window applications and have them display on your local workstation.

  3. When prompted for a password, enter your Network ID passphrase.

SSH connections to Libra in Windows

Follow the instructions for your installed SSH client and use these settings:

  • Host name: libra.uits.iu.edu
  • Username: your IU Network ID username
  • Password: your IU Network ID passphrase

SSH connections to Libra in Windows using the SSH Secure Shell client

The SSH Secure Shell client is no longer available for download from IUware. However, if you have already downloaded the client, you may continue to use it. Connect to Libra as follows:

  1. Double-click the SSH Secure Shell Client icon (not the SSH Secure File Transfer Client icon).

  2. In the SSH client window that appears, at the upper left, click Quick Connect.

  3. In the dialog box that appears, enter the hostname libra.uits.iu.edu and your Network ID username. Click Connect.

  4. In the dialog box that appears, enter your Network ID passphrase and click OK.

You should then be connected to the Libra cluster and see the login banner and your shell prompt.

Intranode SSH connections on Libra

To use SSH to log in or execute remote commands from one Libra node to another, first log into any interactive Libra node and set up your SSH key by entering:

/opt/freeware/bin/ssh-keygen -b 1024 -t rsa

The public and private keys resulting from this command will be stored in your ~/.ssh directory as id_rsa.pub and id_rsa.

On Libra, SSH is configured to allow you to connect either by supplying your system password or by using public key authentication. Connection via .shosts files is disabled.

The following use of public key authentication makes connecting from host to host more convenient, but UITS does not recommend it, since it is less secure (anyone who gains access to your account on the host where both your private and public key are stored could then access the other hosts that use your public key authentication). To use public key authentication:

  1. Log into any interactive Libra node.

  2. Enter: cd ~/.ssh
  3. Enter: cat id_rsa.pub >> authorized_keys2

Converting SSH Secure Shell Client public keys

If you use public keys with the outdated SSH Secure Shell Client, you will need to convert your SSH.com public key to a format that the OpenSSH server on Libra supports:

  1. Using FTP, SFTP, or scp, transfer your SSH.com public keyfile on your workstation to the .ssh subdirectory under your home directory on Libra. On Unix workstations, your SSH.com public key is located in your ~/.ssh2 directory with a filename ending in .pub.

  2. Log into any Libra node and use cd to move to your .ssh directory.

  3. Enter: /miscapps/openssh/bin/ssh-keygen -X -f yourfilename.pub > ssh.com.pubkey
  4. Enter: cat ssh.com.pubkey >> authorized_keys2

This will allow you to use the SSH Secure Shell Client on your workstation to connect to Libra nodes without having to supply a password.