Using ssh / mosh

How to log in

To log in to a computing server from your NTNU computer, run ssh HOSTNAME in the terminal window. For example, to log in to syvert0, run:

ssh syvert0.math.ntnu.no

On your personal computer, where your local username most likely differs from your NTNU username, you will need to specify your username as well (replace USERNAME below with your NTNU username):

ssh USERNAME@syvert0.math.ntnu.no

The first time you connect to a server, you will be asked to confirm that you want to connect:

The authenticity of host 'syvert0.math.ntnu.no (2001:700:300:1426:6017:75ff:fe5b:d92f)' can't be established.
ECDSA key fingerprint is SHA256:tW7vCaMqp7jJJP3bwTaVbH072zwEDXO4/aVcPegBdFU.
Are you sure you want to continue connecting (yes/no/[fingerprint])?

Type yes and press ENTER to continue. You will see a message saying that your local computer has saved a copy of the server's public key and won't ask you again.

Warning: Permanently added 'syvert0.math.ntnu.no' (ECDSA) to the list of known hosts.

NOTE: The first time you connect to a new server, you should do so from a trusted network (eduroam, wired network on campus, or while using VPN) 1).

You'll then be asked to enter your password. Your password will not be visible on the screen (not even as ********).

USERNAME@syvert0.math.ntnu.no's password:

After logging in, observe that your command line prompt has changed:

syvert0:~$
  ^     ^
  |     |
  |     ` The tilde means that your current working directory
  |       is your home directory.
  |
  ` The prompt shows which computer you're currently logged in to.

When finished, type

logout

to log out from the server. You can also type exit or press Ctrl+D.

Where to log in

Our computing servers are listed in this article.

Use mosh instead of ssh if you can

When using regular SSH, you will usually lose your connection to the server every time your computer goes to sleep, if you close the lid of your laptop, move between buildings, or lose network access for a another reason.

Mosh works much like ssh does, but supports roaming and is able to transparently re-connect after a network outage. Mosh only works if it's installed on both your computer and the server, however.

If your computer has mosh installed, and the server you are connecting to also has mosh installed, you can connect using mosh instead of ssh. For example:

mosh syvert0.math.ntnu.no

You can download mosh from https://mosh.org or from the software folder on the department's shared network drive.

Using tmux to keep your computation running in the background

mosh fixes only part of the problem; avoiding getting logged out by mistake if you lose network access. It does not make sure that your computation keeps running uninterrupted after you disconnect, either by choice or as a result of network problems.

tmux helps you keep your programs alive even after disconnecting from the server.

Read more about tmux in the article Using tmux.

In case of connection errors

Q: SSH prints an error message and doesn't let me connect, what should I do?

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:mYtt5N4XqTH7LRojLLtJooI6gbSPmPtOpy3UpBpyhlw.
Please contact your system administrator.

A: This should never happen when connecting to our servers, unless you actually are being eavesdropped on. Please do as follows:

  1. If you are not on campus, start VPN and try again. If this fixes the problem, the network you are currently using can not be trusted.
  2. If starting VPN does not get rid of the error message, or if it appears while you are on campus, please contact drift [at] math [dot] ntnu [dot] no.

Connecting to internal servers

Some of the servers you want to connect to are only available from within NTNU. To access these from outside NTNU, you have two options:

Either: Start VPN, then connect to the host by ssh.

Or instead: Log in to login.math.ntnu.no or login.ansatt.ntnu.no first. From there, use ssh to connect to the internal host you want to use. You can do this in one step by running ssh -J login.math.ntnu.no HOSTNAME on your laptop, for example:

ssh -J login.math.ntnu.no idun-login1.hpc.ntnu.no

If you are using git, you may also want to use the -A option to ssh when connecting to internal, trusted hosts. With ssh -A, you carry your ssh keys with you, so that you can run git push / git pull on the internal server without having to enter your password.

Example .ssh/config

You can tell your laptop to automatically use -A and/or -J login.math.ntnu.no when connecting to a host.

To do this, create a ~/.ssh/config file on your laptop with the contents:

Host idun idun-login1 idun-login2 idun-login3
  HostName %h.hpc.ntnu.no
  ProxyJump login.math.ntnu.no
  ForwardAgent yes

Host syvert0 syvert1 syvert2
  HostName %h.math.ntnu.no
  # ProxyJump is not necessary here, as these servers are available from the Internet.
  ForwardAgent yes

With this file in place, you can:

  • Use the short name when connecting: ssh syvert0 instead of ssh syvert0.math.ntnu.no.
  • Automatically log in through login.math.ntnu.no when connecting to IDUN. (No need to use VPN. ProxyJump is equivalent to ssh -J.)
  • Bring your ssh keys with you, so that you still can use passwordless ssh on the host you log in to.
    This is useful if you use Git, you can then push and pull without having to enter your passord every time.
1)
SSH works by "trust on first use". This is to avoid a man-in-the-middle attack
2022-11-22, Per Kristian Hove