Skip to content

Using SSH

Introduction

SSH is a secure method for remotely accessing the command line of Linux servers. Files can be transferred over the SSH protocol using SFTP, SCP or rsync.

Some of the more advanced SSH techniques described below can be difficult to configure, but the initial effort required is worthwhile for the convenience they offer in the long run. If you run into any problems, please email help@stat.washington.edu, and we'll be happy to assist.

SSH Basics

  • Open a terminal window (the Terminal app in macOS, Windows 11+ and Ubuntu)
  • Enter ssh <your NetID username>@<server name>. For example, ssh yournetid@madrid.stat.washington.edu. If your username on your computer is the same as your NetID username, then you can omit the username (e.g. ssh madrid.stat.washington.edu)
    • The first time you connect to a server, you will see a warning that the server's key isn't known. Hit enter to proceed
    • This warning may also appear if you are connecting to an address that forwards to a specific node you haven't used previously, or the server was upgraded to a new version (which occurs about every two years in Statistics).
  • Enter your NetID password
  • You will now see a command prompt that includes the name of the server. You're connected!

Connecting From Off Campus

For security, many Statistics servers are not directly accessible from the public Internet. This includes the cluster. To access these servers from off campus, first SSH to a publicly accessible ssh.stat.washington.edu server, then SSH from there to a private server:

  • SSH to ssh.stat.washington.edu
  • After you are connected to ssh.stat.washington.edu, use the command line to connect to a private Statistics server. Example: ssh cluster.stat.washington.edu

Automatically Relaying SSH Connections Off Campus

Instead of manually relaying SSH connections as described above, you can configure your terminal emulator or shell to automatically relay connections. This method is most effective when it is combined with public key authentication, as described further down on this page.

  • Create an ~/.ssh directory on your computer, if it does not exist already:
    • mkdir ~/.ssh
    • Ensure the correct file permissions are set: chmod 700 ~/.ssh

  • Create or append the following to the file ~/.ssh/config, replacing yournetid with your actual NetID:

    Host ssh.stat.washington.edu
  User yournetid
Host cluster.stat.washington.edu
  User yournetid
  ProxyJump ssh.stat.washington.edu

  • Test the connection by running ssh cluster.stat.washington.edu.

    • You will be prompted to enter "Yes" on your first connection attempt to an unknown SSH host, and prompted twice for your password. The password prompt can be avoided entirely by configuring public key authentication, as detailed further down.
  • Create an ~/.ssh directory on your computer, if it does not exist already:
    • mkdir ~/.ssh

  • Create or append the following to the file ~/.ssh/config, replacing yournetid with your actual NetID. Make sure the file is saved without a file extension (editors like Notepad will add a .txt extension by default):

    Host ssh.stat.washington.edu
  User yournetid
Host cluster.stat.washington.edu
  User yournetid
  ProxyJump ssh.stat.washington.edu

  • Test the connection by running ssh cluster.stat.washington.edu.

    • You will be prompted to enter "Yes" on your first connection attempt to an unknown SSH host, and prompted twice for your password. The password prompt can be avoided entirely by configuring public key authentication, as detailed further down.
  • Create an ~/.ssh directory on your computer, if it does not exist already:
    • mkdir ~/.ssh
    • Ensure the correct file permissions are set: chmod 700 ~/.ssh

  • Create or append the following to the file ~/.ssh/config, replacing yournetid with your actual NetID:

    Host ssh.stat.washington.edu
  User yournetid
Host cluster.stat.washington.edu
  User yournetid
  ProxyJump ssh.stat.washington.edu

  • Test the connection by running ssh cluster.stat.washington.edu.

    • You will be prompted to enter "Yes" on your first connection attempt to an unknown SSH host, and prompted twice for your password. The password prompt can be avoided entirely by configuring public key authentication, as detailed further down.

Transferring files with SFTP

Transferring Files Using a Graphical Interface

Cyberduck is the recommended SFTP client: https://cyberduck.io/download/

For off campus connections: use Husky OnNet VPN, or configure relaying in ~/.ssh/config (Automatically Relaying SSH Connections Off Campus)

WinSCP is the recommended SFTP client. Download here: https://winscp.net/eng/download.php

From On Campus

Enter the server address (e.g. cluster.stat.washington.edu), your NetID username and password into the prompt, and click Login. There will be a warning the first time you connect to a server, click Yes to proceed.

From Off Campus

Either use the Husky OnNet VPN, or configure connection relaying as detailed below:

  • Enter your host name, user name and password as described above, then click Advanced
  • Go to Connection > Tunnel
    • Check Connect through SSH tunnel
    • Set the Host name to ssh.stat.washington.edu, along with your NetID username and password
    • If you are using public key authentication, leave your password blank, and click the ... button to navigate to your .ppk private key file. Details on setting up public keys are described further down the page.
  • Click Ok to close the advanced settings
  • Save a bookmark with the Save button
  • Click Login, and click Yes for each of the unknown server warnings.
  • The most popular Linux file managers have SFTP included (i.e. Files/Nautilus in Ubuntu/Gnome, Dolphin in KDE and Thunar in XFCE).
  • In the location field of your file manager, enter the server address in the format sftp://<username>@<server address>
  • For off campus connections, you will need to configure relaying in ~/.ssh/config. See Automatically Relaying SSH Connections Off Campus

Transferring Files From the Command Line

SFTP

SFTP is an interactive method of transferring files. It is the simplest method for transferring individual files. Connect with sftp <username>@<servername>. Some basic commands:

  • get <filename> will copy <filename> from the remote server to the local directory (your computer);
  • put <filename> will copy <filename> from the local directory to the remote server;
  • ls performs as normal, but for the remote directory; lls will do ls on the local directory; likewise for cd / lcd and pwd / lpwd;
  • exit will close the sftp connection.

SFTP is not able to transfer directories recursively, although it can use wildcards (e.g. get * will download every file in your current directory). For recursive transfers, use scp or rsync.

SCP

The scp command is very similar to the cp command in Linux. It has similar flags, including -r for recursive copying.

  • An example of copying a directory to a remote host: scp -r ~/mydir/ yournetid@cluster.stat.washington.edu:~/
  • And downloading a file from a server to the current local directory: scp yournetid@cluster.stat.washington.edu:~/myfile.txt .

Rsync

Rsync is the best tool for transferring large directories. Unlike scp, rsync will resume disrupted transfers.

  • To transfer a directory: rsync -av ~/mydir yournetid@cluster.stat.washington.edu:~/
    • Warning: If the source directory includes a trailing / (e.g. ~/mydir/), the contents of the directory will be transferred, rather than the directory itself. This is typically not the desired behavior, since it can make a mess of the remote directory.

SFTP, SCP & Rsync From Off Campus

To transfer files from off campus, see the Automatically Relaying SSH Connections Off Campus section above to create a ~/.ssh/config file. This tunneled connection will work for SFTP and SCP on the command line, as well as some GUI SFTP clients in Linux (like the Thunar and Nautilus file managers).

To open a remote directory in Nautilus (the file manager in Ubuntu), edit the location with Ctrl-L, then enter the address of the server: sftp://<username>@<server address>

Public/Private Key Authentication: Logging In Without Passwords

Using public key authentication allows you to log in without using a password. A pair of files is used in place of a password: a public key stored on the SSH server you are connecting to, and a private key stored on the computer you are SSH'ing from.

Creating Keys

You can generate your keys anywhere, but it's recommended that you generate them on ssh.stat.washington.edu:

  • SSH to ssh.stat.washington.edu (using your password to login)
  • Run ssh-keygen
    • Hit enter twice to accept the default file location and blank passphrase
    • The public key generated is ~/.ssh/id_rsa.pub, the private key is ~/.ssh/id_rsa
  • The SSH server uses the file ~/.ssh/authorized_keys to contain all the public keys that can be used by your user. For use with Statistics servers, only one key will be needed.
    • Copy your public key to authorized_keys to generate that file: cp ~/.ssh/id_rsa.pub ~/.ssh/authorized_keys
  • Copy your public key to Statistics servers with ssh-copy-id. When prompted, use your NetID password:
    • For Madrid & servers sharing Madrid home directories: ssh-copy-id madrid
    • For the cluster: ssh-copy-id cluster
  • Now test your new key: SSH to the server you copied your key to above. If everything worked, you should be logged in without a password prompt.

Copying keys to your computer

  • Open a terminal
  • If the ~/.ssh directory doesn't exist, create it and set permissions:
    • mkdir ~/.ssh
    • On macOS and Linux: chmod 700 ~/.ssh
  • Transfer your private key generated on ssh.stat.washington.edu in the previous section:
    • Warning: If you have an existing ~/.ssh/id_rsa key on your computer that you use to access other servers, this will overwrite it. If you're unsure how to work around this, contact help@stat.washington.edu for assistance.
    • Copy the private key to your computer: scp <username>@ssh.stat.washington.edu:~/.ssh/id_rsa ~/.ssh/
    • Correct permissions on your key: chmod 600 ~/.ssh/id_rsa
  • Test your new key: ssh <username>@stat.washington.edu. If everything worked, you will be logged in without a password prompt.
  • Open a terminal
  • If the ~/.ssh directory doesn't exist, create it and set permissions:
    • mkdir ~/.ssh
  • Transfer your private key generated on ssh.stat.washington.edu in the previous section:
    • Warning: If you have an existing ~/.ssh/id_rsa key on your computer that you use to access other servers, this will overwrite it. If you're unsure how to work around this, contact help@stat.washington.edu for assistance.
    • Copy the private key to your computer: scp <username>@ssh.stat.washington.edu:~/.ssh/id_rsa ~/.ssh/
  • Test your new key: ssh <username>@stat.washington.edu. If everything worked, you will be logged in without a password prompt.

Using keys with WinSCP

WinSCP uses a different key format that was designed for the PuTTY terminal emulator. The first step is to create a PuTTY-compatible version of your private key:

  • Open a terminal, and SSH to ssh.stat.washington.edu.
  • View your key: cat ~/.ssh/id_rsa
  • With the mouse, highlight all the key text (Starting with "-----BEGIN RSA PRIVATE KEY" and ending with "END RSA PRIVATE KEY-----". Copy with Control + Shift + C
  • Open a text editor (e.g. Notepad), paste the key, and save it to a text file.
  • After you've successfully saved the key, close your PuTTY session.
  • Open PuTTYgen:
    • Go to Conversions > Import key
    • Select the file you saved in the previous step.
    • Click Save private key, and save the key in a convenient place on your computer

Using the key in WinSCP:

  • Select an existing saved session, or configure a new one as described in the earlier WinSCP section.
  • Open Advanced
  • Go to SSH > Authentication
  • Next to Private key file, click ... to browse to your key file.
  • Close the advanced settings, save your session, and test logging in.
  • Open a terminal
  • If the ~/.ssh directory doesn't exist, create it and set permissions:
    • mkdir ~/.ssh
    • On macOS and Linux: chmod 700 ~/.ssh
  • Transfer your private key generated on ssh.stat.washington.edu in the previous section:
    • Warning: If you have an existing ~/.ssh/id_rsa key on your computer that you use to access other servers, this will overwrite it. If you're unsure how to work around this, contact help@stat.washington.edu for assistance.
    • Copy the private key to your computer: scp <username>@ssh.stat.washington.edu:~/.ssh/id_rsa ~/.ssh/
    • Correct permissions on your key: chmod 600 ~/.ssh/id_rsa
  • Test your new key: ssh <username>@stat.washington.edu. If everything worked, you will be logged in without a password prompt.