SSH & SCP

SSH (Secure SHell) is a way of accessing the command line (or cli for short) of any linux machine connected to a network. You need to either have a user and password on the remote machine, or a public key in the ~/.ssh/authorized_keys file on the remote machine.

Your user and the authorized_keys file gets populated with your public key once you add it to the NaC repo, as outlined in the git handbook and an already existing SysAdmin runs the playbook.

Using Remote SSH with VSCode

There is a Visual Studio Code extension that allows you to edit files on a remote machine and open terminals etc. It is very handy for editing and running Ansible playbooks from the control host.

  • Install the extension "Remote SSH"

  • If prompted, create the config file in .ssh/config

  • Create a new SSH Target with the following:

    ssh <username you added in setup-control-host.yml>@control.netsoc.co -p 2222

  • When prompted, select Linux as the remote OS

Then, you can connect & login with your Github Account to clone Netsoc as Code and to author and push commits.

Contact a SysAdmin to provide you with ansible SSH keys to run playbooks on the infrastructure machines.

.ssh/config

Your SSH targets will be written to this file. If you need to create more complex SSH target configs (for example using a Jump Host), you can open this file directly and add the necessary configuration.

On eduroam, it is likely that your SSH connection to control.netsoc.co will be blocked, as it is not using port 22. To fix this, you can add a Jump Host similar to the following in your .ssh/config file.

Host csgate
    HostName csgate.ucc.ie
    User <your csgate username>
    Port 22

Host control.netsoc.co
    HostName control.netsoc.co
    User <your control host username>
    Port 2222
    ProxyJump csgate

Note: This config sets it so that you first need to SSH into csgate, requiring your csgate password, before then SSHing to control. Be careful not to use the wrong password for either csgate or your SSH key on control.

Logging in with username & password

$ ssh <username>@<hostname> -p <port>

port is generally going to be 22 and will normally not need the -p flag

Logging in with private key

$ ssh -i <path to private key> <username>@<hostname> -p <port>

path to private key will generally be ~/.ssh/id_<signing method>. Port rules apply here too

SCP (Secure CoPy)

SCP uses SSH to copy files from one machine to another.

To copy from local machine to remote:

$ scp -P 22 <source file> <username>@<hostname>:<destination relative to users home>

To copy from remote machine to local:

$ scp -P 22 <username>@<hostname>:<source relative to users home> <destination file>

To copy from one remote host to another remote host:

scp -P 22 <username>@<source hostname>:<source> <username>@<destination hostname>:<destination>

To copy a directory with all its contents, use the -r (Recursive) flag immediately after scp.