The ssh command is used to connect from one computer to another securely. E.g. to connect to the machine ssh.maths you would type (replace CRSid with your actual CRSid which is also your Maths account name)
ssh -X CRSid@ssh.maths.cam.ac.uk
ssh encrypts its traffic and uses public-key cryptography to prove the identity of the remote machine. It is therefore an improvement on the older commands telnet, rlogin and rsh, which should not be used and are very unlikely to be supported by modern computers.
The -X option means "enable X forwarding" so that you can run graphical applications on the CMS machine.
Note that using X applications over ssh works well only over low latency links. If you experience long delays in application responses use RDP, VNC or hotdesk.
Using ssh also greatly simplifies running X applications remotely since it handles the forwarding of the X connection transparently (and securely). However if you are using a Macbook then in order for your X application to work you will need to download XQuartz.
Similarly, ftp is an insecure way of copying files and has largely been replaced by sftp and scp.
Connecting to a Maths desktop or server from outside the Maths network
In order to connect to devices inside the Maths network you must first connect to our "bastion", or "jump", host ssh.maths.cam.ac.uk. From there you can connect through to the specific server you need.
Fortunately many SSH clients (including the ubiquitous OpenSSH, i.e. what you use when you type "ssh" on virtually all Linux and macOS systems these days) feature built-in support for jump hosts - allowing SSH traffic to a Maths machine to be automatically passed through ssh.maths. No need to compromise your security by copying your private SSH keys to intermediate servers, X forwarding should work fine, and sftp/scp file transfers do not occupy any storage space on the jump hosts.
Here we show how to use SSH with a jump host for OpenSSH, and for the popular Windows SSH client PuTTY.
OpenSSH
For one-off connections, simply use the command-line option -J. Example: in order to connect to the machine myserver.maths you would type (replace CRSid with your actual CRSid which is also your Maths account name)
ssh -J CRSid@ssh.maths.cam.ac.uk CRSid@myserver.maths.cam.ac.uk
If however you would rather save yourself the trouble of having to do this every time, add the following (as usual, replacing CRSid with your actual CRSid) to the file ~/.ssh/config on your computer using a text editor:
Host *.damtp.cam.ac.uk *.dpmms.cam.ac.uk *.maths.cam.ac.uk *.statslab.cam.ac.uk !ssh.maths.cam.ac.uk
ProxyJump CRSid@ssh.maths.cam.ac.uk
PuTTY
You will need PuTTY version 0.77 or newer. While setting up a connection select the panel Connection -> Proxy from the option tree, make sure the option "Proxy type" is set to "SSH to proxy and use port forwarding", and put "ssh.maths.cam.ac.uk" as "Proxy hostname" and "22" as "Port".
Other Uses for SSH
- Why use ssh, syntax of ssh commands
- ssh messages and troubleshooting
- Copying files over the network securely
- ssh tunnelling