Using bastion.service.rug.nl to connect to your PC at work

Similar documents
SSH with private/public key authentication

Install and configure SSH server

Configuring for SFTP March 2013

Secure Shell. The Protocol

A SHORT INTRODUCTION TO BITNAMI WITH CLOUD & HEAT. Version

TS-800. Configuring SSH Client Software in UNIX and Windows Environments for Use with the SFTP Access Method in SAS 9.2, SAS 9.3, and SAS 9.

WinSCP PuTTY as an alternative to F-Secure July 11, 2006

Securing Windows Remote Desktop with CopSSH

SSH. Introduction. SSH Private Key

Guide to the Configuration and Use of SFTP Clients for Uploading Digital Treatment Planning Data to IROC RI

SSH, SCP, SFTP, Denyhosts. Süha TUNA Res. Assist.

TELNET CLIENT 5.11 SSH SUPPORT

Securing Windows Remote Desktop with CopSSH

Miami University RedHawk Cluster Connecting to the Cluster Using Windows

SSH and Basic Commands

CASHNet Secure File Transfer Instructions

File transfer clients manual File Delivery Services

Step One: Installing Rsnapshot and Configuring SSH Keys

SSH! Keep it secret. Keep it safe

ASX SFTP External User Guide

File Transfer Examples. Running commands on other computers and transferring files between computers

Security Configuration Guide P/N Rev A05

Market Data Platform Real Time. SNAPSHOT DATA Capital Market

SSH The Secure Shell

Using WinSCP to Transfer Data with Florida SHOTS

If you prefer to use your own SSH client, configure NG Admin with the path to the executable:

How to FTP (How to upload files on a web-server)

Upgrading Redwood Engine Software. Version 2.0.x to 3.1.0

SSH access to databases at DIMDI

Remote Access to Unix Machines

Back Up Linux And Windows Systems With BackupPC

Using SFTP on the z/os Platform

Homework #7 Amazon Elastic Compute Cloud Web Services

Source Code Management for Continuous Integration and Deployment. Version 1.0 DO NOT DISTRIBUTE

Nessus Training Session 2 - Scanning and Reporting

Joint Venture Hospital Laboratories. Secure File Transfer Protocol (SFTP) Secure Socket Shell (SSH) User s Guide for plmweb.jvhl.

Adobe Marketing Cloud Using FTP and sftp with the Adobe Marketing Cloud

IBM WebSphere Application Server Version 7.0

Lab 8.3.3b Configuring a Remote Router Using SSH

Guide to the Configuration and Use of SFTP Clients for Uploading Digital Treatment Planning Data to ITC

Cloud Server powered by Mac OS X. Getting Started Guide. Cloud Server. powered by Mac OS X. AKJZNAzsqknsxxkjnsjx Getting Started Guide Page 1

SSH Key Exchange: Windows client to Unix/Linux server

EventTracker Windows syslog User Guide

HOW TO CREATE A SLICE IN GENI?

Tunnel VNC through SSH Tutorial Version 1

Distributed convex Belief Propagation Amazon EC2 Tutorial

Adafruit's Raspberry Pi Lesson 6. Using SSH

RETRIEVING NMR DATA JB Stothers NMR Facility Materials Science Addition 0216 Department of Chemistry Western University

FUGU - SFTP FOR MACS- REFERENCE GUIDE

Installation. Wayne Nucleus Point-of-Sale (POS) System Secure FTP Back-Office Interface Version 1.02 R1. P/N 000-W Rev 05

Secure File Transfer Installation. Sender Recipient Attached FIles Pages Date. Development Internal/External None 11 6/23/08

FUJITSU Cloud IaaS Trusted Public S5 Connecting to a Virtual Machine (VM)

Secure access to the DESY network using SSH

Clearswift Information Governance

Handle Tool. User Manual

How to upload large files to a JTAC Case

Overview. Remote access and file transfer. SSH clients by platform. Logging in remotely

Using Microsoft s CA Server with SonicWALL Devices

Unifying Information Security. Implementing TLS on the CLEARSWIFT SECURE Gateway

v4: How to create a BartPE Rescue CD for Macrium Reflect

AWS Quick Start Guide. Launch a Linux Virtual Machine Version

Uploading and Downloading Files to the HIS Server. Application Requirements

How to backup a remote MySQL server with ZRM over the Internet

How to Tunnel Remote Desktop Through SSH on a Windows Computer

Fugu April An Open-Source Mac OS X Frontend for OpenSSH's sftp client. The Edible Part of the Blowfish

Laboration 3 - Administration

axsguard Gatekeeper Command Line Interface How To v1.6

Automated Offsite Backup with rdiff-backup

LiteCommerce Advanced Security Module. Version 2.8

Secure File Transfer Protocol User Guide. Date Created: November 10, 2009 Date Updated: April 14, 2014 Version: 1.7

LoadMaster SSL Certificate Quickstart Guide

Hadoop Basics with InfoSphere BigInsights

Introductory Note 711 & 811. Remote Access to Computer Science Linux Files Using Secure Shell Protocols

WinSCP for Windows: Using SFTP to upload files to a server

CloudCIX Bootcamp. The essential IaaS getting started guide.

SSH and FTP on Ubuntu WNYLUG Neal Chapman 09/09/2009

Virtual Appliance Setup Guide

Creating an ESS instance on the Amazon Cloud

FILE TRANSFER PROTOCOL (FTP) SITE

IPMI Firmware Update (AMI) In WEB-GUI/DOS/WIN/Linux

2 Advanced Session... Properties 3 Session profile... wizard. 5 Application... preferences. 3 ASCII / Binary... Transfer

STATISTICA VERSION 10 STATISTICA ENTERPRISE SERVER INSTALLATION INSTRUCTIONS

Keystone 600N5 SERVER and STAND-ALONE INSTALLATION INSTRUCTIONS

Setting up Kerberos, AFS, and Putty on Windows Vista/Windows 7

Windows Clients and GoPrint Print Queues

Configure Backup Server for Cisco Unified Communications Manager

Quick Connect. Overview. Client Instructions. LabTech

QUANTIFY INSTALLATION GUIDE

Hadoop Installation MapReduce Examples Jake Karnes

STATISTICA VERSION 9 STATISTICA ENTERPRISE INSTALLATION INSTRUCTIONS FOR USE WITH TERMINAL SERVER

CafePilot has 3 components: the Client, Server and Service Request Monitor (or SRM for short).

PT Activity: Configure Cisco Routers for Syslog, NTP, and SSH Operations

GETTING STARTED WITH FLEXI-CLOUD

Transcription:

Using bastion.service.rug.nl to connect to your PC at work This document consists of three parts: 1. Connecting to your PC at work through the Bastion-host using SSH. Which step do you take to connect your pc at work making use of a ssh key-pair. 2. Bastion How-To using WinSCP in Windows How do you use WinSCP to connect to your pc at work and transfer files between your work pc and the one at home 3. Using your bastion key-pair with Putty How to convert your bastion ssh key-pair with PuTTYgen so you can use it with PuTTY.

I. Connecting to your PC at work through the Bastion-host using SSH. You first have to generate the keys from a PC inside the RuG network. In this manual we've used 'p123456' as an example, this should be replaced with your personal p-number. 1. Generating your key-pair On your Linux PC at work, type the following to connect to the Bastion-host for the first time: $ ssh -p 2222 p123456@bastion.service.rug.nl You will be prompted to enter your password, do so! In the background a home directory and a SSH key-pair are generated for you on the Bastion-host. When it's done you'll receive a prompt on the Bastion-host, "p123456@bastion:~$". To prevent abuse of your private key, you can add a pass-phrase to it. We haven't put a passphrase on your private key by default. Use the following command on the Bastion-host to create a pass-phrase on your private key: $ ssh-keygen -p 2. Copy key-pair to your workstation The keys we've just generated can be found in the directory, "/home/p123456/.ssh/". You should see a file 'id_dsa' and 'id_dsa.pub' there. To make sure we can connect from the Bastion-host to your pc at work again, we have to copy the public key(id_dsa.pub) to your workstation.!make a backup of any keys already in your ~/.ssh, or use another directory, because this command will overwrite them! To download a copy, do the following on the Bastion-host (replace 'PC-Work.fac.rug.nl' with your personal PC name or IP-address): $ scp ~/.ssh/id_dsa* p123456@pc-work.fac.rug.nl:/home/p123456/.ssh/ We've also copied the personal key with this command, so you can copy that to an usb-drive to take home later on. 3. Testing your key-pair Now to test that it actually works type the following on the Bastion-host prompt (again... replace 'p123456' and 'PC-Work.fac.rug.nl' with your personal info): $ ssh p123456@pc-work.fac.rug.nl The authenticity of host 'PC-Work.fac.rug.nl' can't be established. DSA key fingerprint is a2:da:22:45:c3:f2:67:97:1b:86:12:a3:3e:c3:4a:d9. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'PC-Work.fac.rug.nl' (DSA) to the list of known hosts. Since this is the first time we're connecting the identity hasn't been verified yet, so enter 'yes' when the question appears if you want to continue connecting. Now the Bastion-host identity is verified on your 'PC-Work' and the question won't appear again. You should receive your own (PC-Work) prompt now, "p123456@pc-work.fac.rug.nl:~$". This is it, now your connected to your own PC through the Bastion-host.

4. Taking your key home The only thing which remains now is to copy your personal key(id_dsa), which we copied to '/home/p123456/.ssh/' in step 2, to a usb-drive and take it home. Depending on your operating system and software at home you'll have to copy the key to different locations. We can't explain this properly, because there are too many different operating systems and programs for making a SSH connection. But we can always try to help, if you ask us.

II. Bastion How-To using WinSCP in Windows Part 1 On the following link, download the 'Installation package' for "WinSCP" and install it: http://winscp.net/download/winscp432setup.exe Start "WinSCP". Under 'Host name:' enter: bastion.service.rug.nl Under 'Port number:' enter: 2222 Under 'User name:' and 'Password:' enter your personal p<number> and password. Now click on 'Login'. You ll receive a warning message: Answer by clicking 'Yes'.

You are now in your home directory on the Bastion host. In the directory '.ssh' (on the right side), you ll find the key-pair that was just generated for you. There are two files there named, 'id_dsa' and 'id_dsa.pub'. Copy these two files to your local hard drive, e.g. in a new SSH directory in your 'My Documents'.

Part 2 Next you'll need another program, PuTTYgen, to make the private key readable by Windows applications. You can download it here: http://the.earth.li/~sgtatham/putty/latest/x86/puttygen.exe Start "PuTTYgen". Click the 'Load' button. Next to 'Files of type:' select 'All Files (*.*)'. Now browse to where you saved your key-pair, select 'id_dsa' and click 'Open'. You ll receive conformation when it s done.

Now to make your private key safer(in case you lose the memory stick on which you've copied it) you can enter a passphrase here, but it isn't mandatory. Click the 'Save private key' button and save the key where you like, e.g. in a new SSH directory in your 'My Documents'.

Part 3 This last step is to connect to your PC at work. Start "WinSCP" again. Under 'Host name:' enter: <Hostname.domain or IP-number of your PC at work> Under 'Port number:' enter: 22 Under 'User name:' and 'Password:' enter your personal p<number> and password. Under 'Private key file:' enter the path to where you ve just saved the new private key file with "PuTTYgen". When you click on 'Login' now, you ll connect through the Bastion host, to your PC at work.

III. Using your bastion key-pair with Putty To use public key authentication, the first step is to generate a pair of private and public keys on the Linux side. I would assume that you login as a user called "p123456" and your machine is called PC-Work.fac.rug.nl (replace 'p123456' and 'PC-Work.fac.rug.nl' with your personal info) 1. Login Linux as user "p123456". You could do it at the Linux console or via telnet. 2. Execute `ssh-keygen` to generate a version 2 public and private key pair into directory /home/user/.ssh. The passphrase is optional (but preferred). P123456@ PC-Work.fac.rug.nl:~$ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/p123456/.ssh/id_rsa): /home/p123456/.ssh/id_rsa already exists. Overwrite (y/n)? y Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/p123456/.ssh/id_rsa. Your public key has been saved in /home/p123456/.ssh/id_rsa.pub. The key fingerprint is: ec:f4:3f:b5:fe:2f:de:22:6c:42:8c:38:ad:6c:5e:96 P123456@server 3.Execute `cd /home/p123456/.ssh` 4. You should see 2 files: id_rsa and id_rsa.pub. Now execute the following command: cp id_rsa.pub authorized_keys 5. Copy /home/p123456/.ssh/id_rsa from Linux to Windows. Converting the OpenSSH private key to Putty format Next, we head to the Windows side. In step 4, you created two key files (id_rsa and id_rsa.pub). Putty cannot directly open OpenSSH keys. We need to convert id_rsa to id_rsa.ppk using a program called puttygen.exe. 6. At the Windows side, download puttygen.exe from Putty website: http://www.chiark.greenend.org.uk/~sgtatham/putty/ 7. Execute puttygen.exe 8. Click File->Load Private Key, load the file "id_rsa" from Step 5. Enter the passphrase if you used it in step 2.

9. Now the key has been loaded as in the figure above. Hit the button "Save private key". The converted key would be saved as "id_rsa.ppk". Logging in Openssh using id_rsa.ppk Download putty.exe from Putty website. It's time to really login OpenSSH using putty.exe http://linux-sxs.org/images/openssh.putty.0.jpg on Windows side. The steps here would be a little bit more complicated. 10. Invoke putty.exe 10.1. Click "Session" in the sidebar.

10.1.1. Enter ip address of your server (e.g., 192.168.1.2) 10.1.2. Click "SSH" in the Protocol option 10.2. Choose "SSH" under "Connection" in the sidebar 10.2.1. In "Preferred SSH protocol version", select "2 only" 10.2.2. click "Auth" under "SSH" 10.2.2.1. Hit the Browse button, select the file "id_rsa.ppk" from Step 9. 10.3. hit "Session" again in step 10.1

10.3.1. Enter a name (e.g. "p123456.session") in the textbox directly under "Saved Sessions". 10.3.2. Hit the "Save" button. The name "p123456.session" would appear in the listbox of "Saved Sessions". 10.4. Double-click "p123456.session". Now you would be presented with a login screen for OpenSSH. 10.4.1. Enter the linux user name "p123456" 10.4.2. Enter the passphrase if you specified it in step 2. Login as: p123456 Authenticating with public key "importedopenssh-key" Passphrase for key "imported- openssh-key": Last login: Wed May 31 12:35:00 2006 from 192.168.1.10 p123456@server:~$ 11. You have successfully logged into your Linux server via OpenSSH.