Difference between revisions of "Ssh at ncmm"

From medicin.ncmm.IT
Jump to: navigation, search
(ssh for NCMM people)
(No difference)

Revision as of 21:54, 29 March 2023

General info about ssh at UiO

ssh logins from the outside world to UiO's network are only allowed to a small selected number of hosts, all of which require two-factor authentication for login. In order to ssh from at home to one of NCMM's machines you need to go through one of these central login machines.

NCMM config file

We provide an ~/.ssh/config file that simplifies a number of things for typical use by NCMM members:

  • you can use short hostnames (e.g., `ssh biotin4` instead of `ssh biotin4.hpc.uio.no`)
  • you do not need to manually specify your UiO user name on the commandline, even if it differs from your local user name
  • when off-campus, the configuration will automatically first go to a UiO login machine and then from there go to your target
  • the connection to the UiO login machine is held up for 10 minutes after logging off, so a subsequent login shortly thereafter does not require you to go through two-factor authentication again

Put the following into your ~/.ssh/config file - make sure to replace MYUIOUSERNAME with your UiO user name and ec-MYUIOUSERNAME with your educloud user name if you use Educloud/Fox: 

# NCMM ~/.ssh/config

# define jumphost - we give it an alias name ("uio-loginhost")
# so if this ever changes we only need to change the settings
# in a single location

Host uio-loginhost
        HostName login.uio.no


# Control* *only* when coming from off-campus (it's mainly because of 2FA) - SO:
Match host login.uio.no  !exec "ifconfig -a | egrep -q 'inet 129.240' || egrep -q '^search.* internal.ncmm(| $)' /etc/resolv.conf"
        ControlMaster auto
        ControlPath ~/.ssh/controlsock-%r@%h:%p
        # for compatibility with GNOME file manager use the following instead
        # ControlPath /run/user/1000/gvfsd-sftp/%C 
        ControlPersist 10m


# expand hostnames
Host biotin2 biotin3 biotin4
        Hostname %h.hpc.uio.no


Host hfaistos mathelier2 kuijjer2 waszak1
        Hostname %h.uio.no


# neither on uio fastnett nor internal network?  => jump through uio jumphost
Match host biotin2.hpc.uio.no,biotin3.hpc.uio.no,biotin4.hpc.uio.no,hfaistos.uio.no,mathelier2.uio.no,kuijjer2.uio.no,waszak1.uio.no  !exec "ifconfig -a | egrep -q 'inet 129.240' || egrep -q '^search.* internal.ncmm(| $)' /etc/resolv.conf"
        ProxyJump uio-loginhost


# default settings
Host uio-loginhost,biotin2.hpc.uio.no,biotin3.hpc.uio.no,biotin4.hpc.uio.no,hfaistos.uio.no,mathelier2.uio.no,kuijjer2.uio.no,waszak1.uio.no
        User MYUIOUSERNAME


Host fox.educloud.no fox
        Hostname fox.educloud.no
        User ec-MYUIOUSERNAME
        ControlMaster auto
        ControlPath ~/.ssh/controlsock-%r@%h:%p
        # for compatibility with GNOME file manager use the following instead
        # ControlPath /run/user/1000/gvfsd-sftp/%C 
        ControlPersist 10m


# other default settings
Host *
        IdentityFile ~/.ssh/id_ed25519
Retrieved from "https://wiki.uio.no/medicin/ncmm/IT/index.php?title=Ssh_at_ncmm&oldid=460"