fakephysicist
Posts Tags Categories About
fakephysicist

SSH Basics

fakephysicist   
         

SSH is a protocol that allows you to connect to a remote computer. It is widely used in remote computing, such as connecting to a remote server or running Jupyter Lab in a remote host.

First check for existing SSH keys on your computer by running:

ls -al ~/.ssh
# Lists the files in your .ssh directory, if they exist

Check the directory listing to see if you have files named either id_ed25519.pub or id_ed25519.pub. If you don’t have either of those files then read on, otherwise skip the next section.

  1. Open Terminal.

  2. Paste the text below, substituting in your GitHub email address. This creates a new ssh key, using the provided email as a label.

    ssh-keygen -t ed25519 -C "your_email@example.com"

  1. Start the ssh-agent in the background.

    eval "$(ssh-agent -s)"

  2. Add your SSH private key to the ssh-agent. If you created your key with a different name, or if you are adding an existing key that has a different name, replace id_ed25519 in the command with the name of your private key file.

    ssh-add ~/.ssh/id_ed25519

For a detailed explanation, refer to my previous post.

In summary:

  1. Generate a key pair in the local SSH client.
  2. Activate the ssh-agent and link the private key to it.

In Windows, this process can be executed in PowerShell:

# Generate a key pair
ssh-keygen -t ed25519

# By default, the ssh-agent service is disabled. Configure it to start automatically. Ensure you're running as an Administrator.
Get-Service ssh-agent | Set-Service -StartupType Automatic

# Activate the service
Start-Service ssh-agent

# This should return a status of Running
Get-Service ssh-agent

# Load your key files into ssh-agent
ssh-add $env:USERPROFILE\.ssh\id_ed25519
# Set the sshd service to start automatically
Get-Service -Name sshd | Set-Service -StartupType Automatic

# Activate the sshd service
Start-Service sshd

Your public key, \.ssh\id_ed25519.pub, should be placed on the server in a text file named administrators_authorized_keys located in C:\ProgramData\ssh\.

For example, to use PowerShell as the default shell:

New-ItemProperty -Path "HKLM:\SOFTWARE\OpenSSH" -Name DefaultShell -Value "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -PropertyType String -Force

In Windows, sshd reads configuration data from `%programdata%\ssh\sshd_config`` by default.

You can modify the configuration file to change the default port, for example:

# Port 22 is the default port for SSH
Port 22

You can also disable password authentication to prevent brute-force attacks:

# Disable password authentication
PasswordAuthentication no

You can enable public key authentication:

# Enable public key authentication
PubkeyAuthentication yes
ssh <username>@<hostname>

To connect, you need to know the username and hostname of the remote host.

The username typically matches the account name of the remote host, retrievable by:

echo $env:USERNAME

However, if you’re using a Microsoft account to log in, the username might be the associated email address.

The hostname, which is the IP address of the remote host, can be retrieved with:

ipconfig

Try enable Port 22

netsh advfirewall firewall add rule name="Open SSH Port 22" dir=in action=allow protocol=TCP localport=22 remoteip=any

Try enabling Remote server listen on socket in VS Code.

For a comprehensive guide, refer here.

Since Windows uses port 22 by default for SSH, consider changing the SSH port in WSL2 to 2222 to prevent conflicts.

# Install openssh-server
sudo apt install openssh-server

# Modify the SSH configuration to use port 2222
sudo sed -i -E 's,^#?Port.*$,Port 2222,' /etc/ssh/sshd_config
sudo service ssh restart

# Allow passwordless sudo for the current user to start the SSH service
sudo sh -c "echo '${USER} ALL=(root) NOPASSWD: /usr/sbin/service ssh start' >/etc/sudoers.d/service-ssh-start"

# Start the SSH service without requiring a password
sudo /usr/sbin/service ssh start
New-NetFirewallRule -Name sshd -DisplayName 'OpenSSH Server (sshd) for WSL' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 2222

Create a CMD script to initiate the SSHD service in WSL2.

@echo off
setlocal

C:\Windows\System32\bash.exe -c "sudo /usr/sbin/service ssh start"

C:\Windows\System32\netsh.exe interface portproxy delete v4tov4 listenport=2022 listenaddress=0.0.0.0 protocol=tcp

for /f %%i in ('wsl hostname -I') do set IP=%%i
C:\Windows\System32\netsh.exe interface portproxy add v4tov4 listenport=2022 listenaddress=0.0.0.0 connectport=2022 connectaddress=%IP%

endlocal
ssh -p 2222 <username>@<hostname>

Note that the username here is distinct from the Windows host username; it pertains to the Linux system. Determine it using:

whoami

The hostname, however, remains consistent with the Windows host.

VS Code Remote - SSH

Edit the ~/.ssh/config on the local client:

Host <hostname>
    HostName <nickname_windows>
    User <username_windows>
    Port 22

Host <hostname>
    HostName <nickname_wsl>
    User <username_wsl>
    Port 2222

Use ssh to run jupyter lab on a remote host and access it from a local browser.

If you designate <remote_port> for the remote and <local_port> for the local, redirect the traffic as:

ssh -L <local_port>:localhost:<remote_port> <username>@<hostname>
jupyter lab --no-browser --port=<remote_port>

For more details, consult this link.

Navigate to the directory you wish to sync:

croc send --code <code> .

To receive the files:

croc --yes --overwrite <code>

To avoid the SSH passphrase prompt, you can use

ssh-add

to add the key to the ssh-agent cache.

 SshVscode
 |