SSH clients

SSH or Secure SHell is a network protocol that allows you to connect to a computer via a secure connection. SSH is primarily used to provide a text-based command-line interface to execute commands. SCP (Secure CoPy) and SFTP (Secure File Transfer Protocol) are file transfer protocols based on SSH.

1. Command line clients (Linux and Mac OS X)

Linux and Mac OS X (and other Unix versions) usually come pre-installed with the clients ssh, scp and sftp. For the Linux SSH client OpenSSH the commands are simple (case and quotes are important!):

ssh [<netid>@]linux-bastion.tudelft.nl

scp -p '<local file>' "[<netid>@]linux-bastion.tudelft.nl:'<remote destination>'"
scp -p -r '<local folder>' "[<netid>@]linux-bastion.tudelft.nl:'<remote destination>'"
scp -p "[<netid>@]linux-bastion.tudelft.nl:'<remote file>'" '<local destination>' 
scp -p -r "[<netid>@]linux-bastion.tudelft.nl:'<remote folder>'" '<local destination>'

sftp [<netid>@]linux-bastion.tudelft.nl

E.g.: scp -p -r '/data/<netid>/My Files' "bastion:'/staff-bulk/ewi/mm/PRLab/<netid>/My Files'"
If <netid> is not specified, your current username is used.

1.1. Configuration

1.1.1. Define connections

For the Linux SSH client OpenSSH you can define often recurring connections by placing a section like the follwoing in the configuration file ~/.ssh/config on your local computer:

Host bastion
  Hostname linux-bastion.tudelft.nl
  User <netid>
You can then simply use ssh bastion. For example:
netid@local:~> ssh bastion
Last login: Thu Jan 1 00:00:00 1970 from local

[netid@srv227 ~]$

1.1.2. SSH Session Multiplexing

Some SSH clients support multiple sessions over a single connection. You have to enter your password once to make the connection, and can then open multiple sessions (a.k.a. shells, terminals, ...) to that computer, or even transfer files, over the same connection. This is especially convenient when connecting to the Linux bastion server from the outside (where you have to type your password always). Note: the first connection (the master) will stay open until all other sessions have been closed.

For the Linux SSH client OpenSSH you enable session multiplexing by placing the following lines in the configuration file ~/.ssh/config on your local computer and on the Linux bastion server:

Host *
  ControlMaster auto
  ControlPath /tmp/ssh-%r@%h:%p

1.1.3. SSH Client Support for Kerberos Authentication

Between some TU Delft installed Linux machines (such as the Bastion and compute servers) entering passwords can be skipped altogether by using Kerberos authentication. By default, the TU Delft Linux desktops do not allow Kerberos authentication for SSH logins, however they can be reconfigured to enable Kerberos authentication.

Both your SSH client and the remote computer must have been configured to support Kerberos authentication to log in. For the Linux SSH client OpenSSH you enable Kerberos authentication by placing the following lines in the configuration file ~/.ssh/config on the Linux bastion server:

Host *
  GSSAPIAuthentication yes
  GSSAPIDelegateCredentials yes

2. Graphical clients

For Windows, the (free) graphical clients PuTTY (SSH) and FileZilla (SFTP) are available. On machines with a TUD-configured Windows installation, you can find PuTTY under Start -> All Programs -> Tools -> Putty Suite -> PuTTY and FileZilla under Start -> All Programs -> Internet -> Filezilla FTP Client-> FileZilla.

In Linux, you can use your default file manager (Konqueror or Nautilus) for SFTP, and just run SSH from a terminal. PuTTY (SSH) and FileZilla (SFTP) are available, but have to be installed by hand.

Machines with a TUD-configured Mac OS X installation come with Fetch (SFTP) installed in the Application folder. FileZilla (SFTP) is available, but has to be installed. For SSH, it's probably easiest to just run SSH from a terminal.

2.1. PuTTY Settings

The following screen-shots show the most important settings for using PuTTY with the TU Delft linux servers. Unless otherwise specified, just use the default values.

PuTTY Session Settings
2.1.1. Session Settings

Fill in the name of the TU Delft SSH server linux-bastion.tudelft.nl (student-linux.tudelft.nl for students), and select the SSH protocol (port 22).

PuTTY Connection Data Settings
2.1.2. Connection Data Settings

Specify your username (TU Delft NetID); if your system username is not your NetID, fill in your NetID in the Auto-login username box.

PuTTY Connection SSH Settings
2.1.3. Connection SSH Settings

Select Share SSH connections if possible.

PuTTY Connection SSH Auth GSSAPI Settings
2.1.4. Connection SSH Auth GSSAPI Settings

Select Allow GSSAPI credential delegation.

PuTTY Session Settings
2.1.5. Session Settings

To store these session settings, go back to the session tab, and save the settings under a session name. To activate a stored session, double-click on the session name.

2.2. FileZilla Settings

The following screen-shots show the most important settings for using FileZilla (and WinSCP) with the TU Delft SSH servers. Unless otherwise specified, just use the default values.

2.2.1. Quickconnect Settings

To connect, fill in the name of the TU Delft SSH server linux-bastion.tudelft.nl (student-linux.tudelft.nl for students), your username (NetID) and password, and the port (22), then press the Quickconnect button.

FileZilla Quickconnect Settings

When you start a session to a server that you've never connected to before, you will be asked to confirm the server identity. This identity will be used in future sessions to detect (evil) server changes. If FileZilla detects a change, do not connect, unless you are aware of a server upgrade.

FileZilla Host Key popup
2.2.2. Shares

By default, FileZilla opens your home directory. If you want to access your files in the bulk or group share, you'll have to change the remote directory. Enter the desired directory path into the Remote site (WinSCP: Open directory) field. You need to specify the location in Linux format.

Linux paths
DirectoryPath
Home/home/nfs/<username>
Bulk/tudelft.net/staff-bulk
Group/tudelft.net/staff-groups
Windows home/winhome/<username>
FileZilla connected screen
2.2.3. Bookmarks

If you want, you can create bookmarks with specific local and remote directories to use.

FileZilla Bookmark
2.2.4. Language

On TU Delft installed machines, Filezilla seems to default to the Dutch language. You can change this to English in the Settings ('Bewerken' -> 'Instellingen' -> 'Taal'). You will need to restart FileZilla.

FileZilla Language