Learn from a particle physicist

Jan 22, 2020 learning SSH PuTTY MobaXterm Linux

SSH key pairs

Figure taken from https://www.hostinger.com/tutorials/ssh-tutorial-how-does-ssh-work

SSH is the standard method to log into a remote Linux server. There is an SSH server program running in the remote machine monitoring any connection request from other machines. You can use an SSH client command or an SSH GUI to connect to that server:

$ ssh yourUserName@linux.server.name.or.ip

This is a lot of typing. If you log into the server frequently, you can reduce typing by saving some information in an ssh configuration file. If you don’t understand the syntax of the command above, please read Linux 101 first.

Configuration of SSH client

Command line configuration

$ cd # make sure that you are in your home directory
$ mkdir .ssh # make a hidden directory called .ssh
$ chmod 700 .ssh # make it only visible to yourself
$ cd .ssh
$ touch config # create an empty configuration file (only needed in MobaXterm)
$ open config # works in macOS and MobaXterm, use 'mimeopen config' in Linux

Please refer to chmod in wikipedia for detailed usage of chmod. Please read more about text editors, if you don’t know how to edit the config file.

The following is what’s inside of an example config file that specifies a short nickname, “l”, for server, “linux.server.name.or.ip”.

Host l
HostName linux.server.name.or.ip
User YourUserName

Now you can log into the Linux server by only typing

$ ssh l

GUI configurations

Two popular GUI SSH clients that work on Windows are

The default communication port for ssh is 22. It is set from the server side. If there is no specific instruction from your server administrator on the port number, it is mostly the default 22, there is no need for you to change it.

Copy files through SSH

Command-line method

$ scp localFile user@server:path/to/remote/copy #copy local file to remote machine
$ scp user@server:path/to/remote/file localCopy #copy remote file to local machine
$ scp user@server:/absolute/path/to/a/file localCopy #specify full path to a file
$ scp user@server:path/relative/to/your/home/directory/file localCopy

GUI programs

MobaXterm in Windows provides a nice side panel that shows files in the current folder in the terminal. One can drag files in and out of it for copying. Mac users may want to try https://cyberduck.io/, or https://filezilla-project.org/, or https://osxfuse.github.io/. Linux users can try SSHFS.

Edit remote files

Command-line methods

If you are an Emacs or Vim user, both editors provide commands to directly edit remote files.

GUI programs

Double click on a remote file shown in the MobaXterm side panel after you ssh into a remote machine, the file will be open in the MobaTextEditor. When you save your modification of the file, the updated version will be uploaded to the remote machine automatically. The same method works in Cyberduck and Filezilla.

Login without password

The easy way

Normally, a GUI SSH client can save your password to the server so that you don’t have to type it next time. This can also be achieved in the command line through a file called ~/.netrc. You can save your connection information (including the password) in this file:

$ touch ~/.netrc
$ chmod 600 ~/.netrc # hide it from others
$ open ~/.netrc # edit it, put the following into it:
machine remote.server.name.or.ip login username password sZ\#Je/j@3

The right way

Your password is saved as it is in ~/.netrc. A better way is to use SSH keys. The basic idea is that you generate a pair of keys, one is private, one is public. You upload the public one to the server and keep the private one secretly in your ~/.ssh. Next time, when you log into the server, if the two keys match, you will be logged in without typing in your password.

GUI through SSH

We can edit remote files using local editors as we described in the previous section. We can also use remote editors to edit remote files. Many editors can work inside a terminal, others create their own GUI, which have to be displayed in a X Window server.

Windows users can use MobaXterm, Xming, or Cygwin/X to establish an X Window server in your local PC. Mac users can use XQuartz.

Once your X Window server is running, you can let your ssh connection to the remote machine to send remote GUI program windows to your local machine and get displayed on your local X Window server:

$ ssh -X user@server # enable forwarding X connections through ssh
$ gedit remoteFile & # edit a remote file using a remote editor

To avoid typing -X every time, you can add the following line to your existing ~/.ssh/config:

ForwardX11 yes

VNC through SSH

There are two problems in using X-window. First, it is slow. Second, there is no free X-window server in iOS. We need VNC to overcome these problems.

VNC server

You can establish an VNC server in your remote machine following the steps below:

First, you need create a password for your VNC session using the following command:

$ vncpasswd

The password will be saved automatically in ~/.vnc/passwd.

Second, run

$ vncserver

to start an VNC session. The command may also create config, xstartup, a log file and a file containing the process id of the VNC session in ~/.vnc/. The VNC server will create an X Window server at the remote machine with a unique X DISPLAY number, which can be figured out by running

$ vncserver -list

TigerVNC server sessions:

X DISPLAY #     PROCESS ID
:2              10949

The “:2” (including “:”) is the DISPLAY number. Your VNC session is running at port 5900 + the X DISPLAY number, i.e., 5902 in this concrete example.

Last, you can kill this session by

$ vncserver -kill :2

The X DISPLAY number cannot be ignored.

You can put some commands in ~/.vnc/xstartup, which will be run automatically when the VNC server starts. An example xstartup file would contain something like:

xterm # a terminal running in X Window

VNC client

RealVNC provides viewers for most operating systems. MobaXterm includes a VNC client as well:

MobaXterm sessions

These GUI programs provide intuitive interfaces to setup your VNC connection. If there is no space for you to specify the port, you can attach it to the end of the remote machine name:

remote.machine.name.or.id:5902

The port number must match the port number of your VNC server session.

SSH port forwarding

The problem is that an VNC port (590x) is normally not allowed to accept connections from other machines. We need ssh to be the middle man who forwards the connection request to that port through its encrypted connection line, which is called a tunnel. So ssh port forwarding is also called ssh tunneling. You can learn more about it at ssh.com and help.ubuntu.com. I personally like the explanation on stackexchange most.

The following command forwards server.ip.address:5902 to port 56783 in your own PC:

$ ssh -L 56783:127.0.0.1:5902 server.ip.address

The port number 56783 is chosen randomly. But there are some general suggestions on the right range of this number. The IP address 127.0.0.1 is called the loopback address. It is an address pointing to the machine itself, or the so-called localhost. In this example, 127.0.0.1 represents the same machine as server.ip.address.

Port forwarding can also be specified in the ssh config file:

LocalForward 56783 127.0.0.1:5902

After this, you need to make an ssh connection to the server to establish this tunnel. Now when you connect to port 56783 in your own machine, you are actually connected to port 5902 in the remote machine. Since the sole purpose of this connection is to establish the tunnel instead of doing any real work on your remote machine, you can turn on a few options of ssh:

$ ssh -fNT server.ip.address # run ssh in the background

Please man ssh to understand these options. To terminate a tunnel running in the background, use

$ pgrep ssh # find the process id of the running ssh tunnel
$ kill -9 pid # replace pid with the real process id given by the previous command

Port forwarding (MobaSSHTunnel) is also available under MobaXTerm’s tools menu. Another option in Windows to establish an ssh tunnel is to use PuTTY.

SSH jump host

There is an alternative to ssh port forwarding if you use MobaXterm’s VNC session setting:

ssh jump host setting for MobaXterm VNC session

The CLI version of this method can be found in Gentoo wiki.

Window manager

When you establish a connection to the VNC session running on your remote machine through either ssh tunneling or jump host, you will be asked to type in the password you set for your VNC session using the vncpasswd command as mentioned in the previous session. After that, you should be able to see a terminal which does not even have a title bar to drag around. You need a type of programs called X window managers to achieve this simple action. Please refer to wikipedia for more information about the X window manager. Run one of the following commands in the terminal that you see in your VNC session to use one of the many X window managers: