SSH

In this course, we will be working on a server rather than on our personal computers, which I'll call "laptops" since most of you will have a laptop. If you happen to have a desktop, just treat the terms as synonyms.

Due to that, we have to use a network connection called SSH.

Terminology

Let's cover a little bit of terminology:

A server is a computer on the Internet that runs 24/7 and provides, uh, services to other computers (called "clients"). Your laptop is a possible client.

Servers usually don't have a monitor, a keyboard, a mouse or any of those things (peripherals) that your laptop has. They usually just have a processor, memory, disks and network cables. They're often mounted in racks with other servers. They might look like this:

Wikimedia Foundation Servers-8055 08
Servers at Wikimedia

(In fact, they might be virtual, meaning that software on a real, physical computer emulates the server. Virtual servers can be migrated from one physical host to another, if their original host needs to power down for maintenance or something.)

Tempest

The server we will be using in CS 204 is called tempest. (The reason it's called tempest is a short, embarrassing story: we thought it was just going to be a temporary name, and we didn't want to call it temp so we decided on tempest. That was many years ago -- not so temporary.) tempest is a machine in the wellesley.edu domain, so its full name is tempest.wellesley.edu. That name is an alias for cs.wellesley.edu.

In fact, tempest is a virtual server, running on some hardware that LTS owns.

Services

Tempest provides lots of services to clients over the network, which you can picture like this:

Server-based-network
Client-Server Network

What kind of services? Things like:

  • web services: Tempest hosts web pages, which means clients can request them and Tempest sends them the requested page. That's how you are reading this page.
  • file services: Users can upload/download files using FTP clients like Fetch or CyberDuck
  • ssh: today's topic

SSH

If you want to run a program on your laptop, you launch the program (maybe double-clicking on some icon) and so forth. Or maybe, for a program like Python, Javac or Java, you open a terminal and run the program by typing the command to the terminal.

But if you need to run the program on tempest, that's not going to work. You need to open up a terminal (also called a shell) that is connected to tempest rather than to your laptop. To do that, we use a program that is usually called SSH (for secure shell).

Running SSH on a Mac

These directions are for running SSH on a Mac. If your laptop is a Windows computer, I suggest using OpenSSH via PowerShell. See Windows 10 ssh-copy-id Hopefully something like that will work on your personal laptop.

SSH is a command, so you'll have to run it via a terminal. As with any program on the Mac, there are many ways to launch the program. You can use the Finder to locate it in the Utilities folder inside the Applications Folder. You'll see an icon that looks like this:

Terminal Icon

Alternatively, what I do is to type Command-space, which brings up the "Spotlight Search" and then I type "terminal" and press return. That works quickly and easily. You can usually abbreviate "terminal" to "term".

Once you have a terminal open, you can use the ssh program. The program takes a command-line argument which is of the form user@host. In the example below, I'm connecting to my account named anderson on the host cs.wellesley.edu (same as tempest):

Last login: Thu Jul 23 16:55:53 on ttys012
sanderso-imac-0719:~ sanderso$ hostname
sanderso-imac-0719
sanderso-imac-0719:~ sanderso$ ssh anderson@cs.wellesley.edu
The authenticity of host 'cs.wellesley.edu (149.130.15.5)' can't be established.
ECDSA key fingerprint is SHA256:3e8AVhpb4iJyRQcgoyyOaeZOEE0BOtOKCw5FfcbUmaI.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'cs.wellesley.edu,149.130.15.5' (ECDSA) to the list of known hosts.
anderson@cs.wellesley.edu's password: 
Last failed login: Mon Jul 20 22:06:58 EDT 2020 from 212.64.69.175 on ssh:notty
There were 5 failed login attempts since the last successful login.
Last login: Wed Jul 15 11:13:02 2020 from pool-108-20-176-82.bstnma.fios.verizon.net
This is the new virtual server running CentOS 7
[anderson@tempest ~]$ hostname
tempest
[anderson@tempest ~]$ whoami
anderson
[anderson@tempest ~]$ logout
Connection to cs.wellesley.edu closed.
sanderso-imac-0719:~ sanderso$ hostname
sanderso-imac-0719
sanderso-imac-0719:~ sanderso$ whoami
sanderso
sanderso-imac-0719:~ sanderso$ ssh anderson@cs.wellesley.edu
anderson@cs.wellesley.edu's password: 
Last login: Thu Jul 23 16:57:26 2020 from pool-108-20-176-82.bstnma.fios.verizon.net
This is the new virtual server running CentOS 7
[anderson@tempest ~]$ hostname
tempest
[anderson@tempest ~]$ logout
Connection to cs.wellesley.edu closed.
sanderso-imac-0719:~ sanderso$ hostname
sanderso-imac-0719
sanderso-imac-0719:~ sanderso$

In the transcript above, I used the following commands:

  • hostname, which tells me which machine I'm "talking to." Notice the two different values:
    • sanderso-imac-0719; that's my laptop. (Well, the desktop computer that the college gave me.)
    • tempest; that's our server
  • whoami which tells me who I'm logged in as. Notice two different values:
    • sanderso on my laptop, and
    • anderson on the server
  • logout which ends my remote session and returns me to my laptop.

The important command is, of course, this one:

ssh anderson@cs.wellesley.edu

The first time I used it, I got a complex and scary response:

The authenticity of host 'cs.wellesley.edu (149.130.15.5)' can't be established.
ECDSA key fingerprint is SHA256:3e8AVhpb4iJyRQcgoyyOaeZOEE0BOtOKCw5FfcbUmaI.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'cs.wellesley.edu,149.130.15.5' (ECDSA) to the list of known hosts.

SSH will print this message the first time we connect to a server that we've never connected to before. Basically, there are some security issues that can occur (for example, some malicious person manages to re-directs our SSH connection to some other machine, and this warning would alert us to that fact). Here, it's harmless, and so I just said "yes".

Notice that I didn't get it the second time I ssh'd to Tempest. Yes, "ssh" is a verb.

Accounts

Above, I connected to my personal account on the server, anderson. I can also connect to other accounts that I have the password to, such as the cs204 account. That works exactly the same way:

sanderso-imac-0719:~ sanderso$ ssh cs204@cs.wellesley.edu
cs204@cs.wellesley.edu's password: 
Last login: Thu Jul 23 17:28:17 2020 from pool-108-20-176-82.bstnma.fios.verizon.net
This is the new virtual server running CentOS 7
[cs204@tempest ~]$ logout
Connection to cs.wellesley.edu closed.
sanderso-imac-0719:~ sanderso$

Notice that the "prompt" after I logged in reminds me who I am logged in as and where I'm logged in: cs204@tempest

In this course, you'll use your personal account for assignments and you'll create a team account for your semester project. You'll share the team account with your teammates. So you will have occasion to use two different accounts on the server.

Reason

Why do we have to work on the server? The main reason is that when we create our web applications, the files have to be on Tempest and the processes have to be running on Tempest. Tempest also hosts our database software, so we access that data using an ssh connection. Essentially, our laptop is only providing a keyboard, monitor and mouse: all the real work is happening on Tempest

Conclusion

That's it for now. We'll use SSH a zillion times this semester, so plan to get comfortable with this. Soon, we'll learn a way to streamline our use of SSH and avoid having to type our password a zillion times.