HowTo: SSH
Posted: March 7, 2009
One may use Secure Shell (SSH) in order to remotely connect to other computers running the SSH daemon. All CS students may remotely connect to the cs.uri.edu network in this fashion. It is relatively easy to connect to a server regardless of what operating system you are using.
For the purposes of this Howto, we will be refering to london.cs.uri.edu as the target server (the one that you will be connecting to).
Connecting to a Server from Windows
In order to connect to london via SSH, you first need an SSH client. If you’re running Windows, we recommend using PuTTY. PuTTY is a free SSH client and is flexible enough for what most people need. You may download PuTTY here.
After opening the PuTTY client file, you will be presented with a connection window (Figure 1.1). After making sure that SSH is the selected protocol and that port 22 is the port displayed in the input box, insert london.cs.uri.edu into the Host Name input box. Click “Open”.
At this point, if you have never SSH’d into london (or any other server, for that matter) from the machine you are connecting from, a window will pop up (Figure 1.2). Click “Yes”.
After you click “Yes”, the terminal window that popped up will appear. There will be a line that says login as: . Enter your username and hit Enter. You should see some nice ASCII art telling you what server you are logging into. You will now be asked for your password. Enter your password and hit Enter. Assuming you didn’t mess up your password, you should now be logged in!
One quick note: Don’t worry if you can’t see asterixes (”*”) when you type your password. This is a security trick that most Linux systems use. In reality, you are actually typing your password. However, by not showing up on screen, it makes it difficult for anyone who is looking over your shoulder (or at your monitor) to accurately guess what your password’s length is.
Connecting to a Server from Linux or Macintosh
Connecting to a server from a Linux machine is simple. If you don’t have SSH installed, then you might want to go ahead and install it. You may find an SSH client here. Similiarly, if you are using a Mac, then you should be able to execute ssh without any difficulty.
If you haven’t already done so, open up a console. Let’s assume that your username on the computer you are working on is called “david”, and that your cs.uri.edu account username is also david.
david@computer ~ $
There are two ways that you can go about connecting.
david@computer ~ $ ssh david@london.cs.uri.edu
The above example works fine. You can also use the -l flag after ssh.
david@computer ~ $ ssh -l david london.cs.uri.edu
That accomplishes the same thing as well.
However, let’s now assume that your cs.uri.edu account username is not david, but instead djones.
david@computer ~ $ ssh london.cs.uri.edu
That does not work! Why? If you do not specify any flags or a username when you enter the CS information, SSH will assume that you are connecting to london using your current username. So, unless your personal username is identical to your cs.uri.edu account, you need to explicitally specify what your cs.uri.edu username is. In other words, you should do this:
david@computer ~ $ ssh djones@london.cs.uri.edu
Or…
david@computer ~ $ ssh -l djones london.cs.uri.edu
So, what does it actually look like when you successfully ssh into london?
aschenck@celeborn ~ $ ssh london.cs.uri.edu LONDON.cs.uri.edu Password: Last login: Mon Sep 19 18:33:49 2005 from lab49.cs.uri.edu Problems? mailto:sysstaff@cs.uri.edu Have a nice day. aschenck@london ~ $
HowTo: PuTTy
Posted:
PuTTY, being the flexible tool that it is, can be used to connect from a Windows-based computer to other computers through SSH as well as other protocols. This Howto will help you utilize PuTTY so that you can connect to the CS network with ease.
Startup
Go ahead and open PuTTY. You will be presented with a configuration screen. There are things that you need to know before we get too far into PuTTY.
Host Name (or IP address)
The Host Name box is where you will enter in the server’s hostname (or IP address). If we wanted to connect to london.cs.uri.edu, we would insert london.cs.uri.edu into the input box. If you are already in Tyler Hall (say, the Envision Lab), then the cs.uri.edu part is not necessary.
Port
The port that you choose will, for the vast majority of the time, be 22 (the SSH port).
Protocol
The protocol that you will be using for the vast majority of the time is SSH. You need not worry yourself with raw protocol; if you are so inclined, you may read up on it in PuTTY’s user manual.
Load, Save or Delete a stored Session
For your convenience, you can save session connection information. First, enter in an appropriate hostname and a savename (TIP: You can enter username@hostname to prevent the username prompt from appearing after the connection is established). Now click “Save”. When you want to recall your custom session, then click on the savename and then click “Load”.
Close Window on Exit
This is more of a personal preference than anything; “Always” means that if your session closes, then PuTTY will close, too. “Never” is the reverse of that: PuTTY will not close when your session closes. “Only on clean exit” means that PuTTY will close if the session that you were running doesn’t blow up or end abnormally.
HowTo: SCP
Posted:
Like SSH, one may use Secure Copy (SCP) in order to remotely connect to a computer. The major difference between SSH and SCP is that while SSH allows a user to manipulate a computer through a terminal, SCP allows a user to transfer files to and from said computer. All CS students may transfer files to and from their computer and their home directory in this fashion.
For the purposes of this Howto, we will be refering to london.cs.uri.edu as the target server (the one you will be connecting to).
For Windows Users: WinSCP
Like SSH, a user must have an SCP client in order to make transfers using SCP. If you are running Windows, we recommend using WinSCP. You may download it from here.
After running the WinSCP executable, a login window will appear (Figure 1.1). Ensure that port 22 is selected, and in the Host name input box type london.cs.uri.edu. Likewise, insert your username into the User name input box (we used jdoe in the example) and insert your password.
Go ahead and click “Login”. After you have logged in, you will be presented with two sets of files and folders on the right and on the left: your local computer and the remote computer, respectively (Figure 1.2). To make file transfers, click and drag a file either window to the other. When you are about to make a transfer, a dialog box will appear. You may click “Copy” to execute the transfer.
For Linux Users: SCP
Linux users may do the same thing as above through the command prompt. Let’s assume that we are logged in on any *nix machine (even MacOS X). We have a file called “foo.txt” that we want to transfer to our home directory on london. Through the scp command, we can send this file to london:
auser@somemachine ~ $ ls foo.txt foo.txt auser@somemachine ~ $ scp foo.txt yourcsusername@london.cs.uri.edu:foo.txt
You will be prompted for your password. Remember that you will not see any asterisks or characters when you type your password.
Assuming that the file transfers properly, you should see something like this:
foo.txt 100% 0 0.0KB/s 00:00
If you wanted to transfer the entirety of a folder, you could use the -r flag at the end of scp. Example:
auser@somemachine ~ $ scp -r ~/path/to/directory/ yourcsusername@london:path/to/directory/
It is worth noting that scp works pretty much identically to cp.
For MacOS X Users: CyberDuck
While the Linux instructions will also work (Mac OS X has scp, available through Applications:Utilities:Terminal), there is a nice graphical interface called Cyberduck.
HowTo: Public HTML
Posted:
Anyone with an account on the CS Linux Servers, is given free space to create their own website, by making use of thier “public HTML” folder.
Instructions
* If you haven’t already done so, create a folder in your home directory called “public_html” . Newer accounts should have this folder automatically created for them.
* Check and make sure that your home directory and public_html folder have the correct permissions set, or else the contents of the folder will not be accessible to the outside world.
aschenck@london ~ $ cd
aschenck@london ~ $ mkdir public_html
aschenck@london ~ $ ls -ld . public_html
drwx—— 2 aschenck ugrad 4096 Sep 24 13:45 .
drwxr-xr-x 2 aschenck ugrad 4096 Sep 24 13:45 public_html
* What does this all mean, anyway? Well, when the user executed mkdir public_html, they created a directory called “public_html”. The mkdir command is creates directories and ls to views the contents. (Node the -d argument tells ls to list the directory itself, instead of the contents of that directory, and the -l tells it to give more detail than just the name).
* Look at the first part of the output of ls -ld public_html. The “drwxr-xr-x” means that the directory public_html is readable, writeable, and executable by the owner (in this case, aschenck), readable, not writable, and executable by the group (in this case, ugrad), and readable, not writable, and executable by everyone else. If the last three characters show “–x”, then you’re all set. Otherwise, execute these command:
aschenck@london ~ $ chmod 0701 ~
aschenck@london ~ $ chmod 0701 ~/public_html
* This sets execute permissions to other users (for a directory, that means they can change to it (required by the webserver)), and then removes read permissions from other users (so people can’t get directory listings). Note that 0701 is the octal version of rwx—–x.
* To upload material, use “HowTo: SCP” or sftp.
* If you want a directory to appear instead of “access forbidden”, you need to give other users read permission (chmod o+r).
* If you want to make a page appear instead of a directory when you go to http://www.cs.uri.edu/~yourusername, add a file in your public_html directory called “index.html” or “index.php”. If you want to create dynamic pages, the CS servers have PHP and Python installed.
HowTo: .htaccess
Posted:
When you are creating or expanding your webspace under pubic_html, an .htaccess file might provide some additional flexibility and functionality, such as requiring a password for a certain directory or enabling CGI programs in one directory while disabling them in others.
General Instructions
First off, it is worth clarifying a potentially confusing notion. .htaccess is not a type of file extension; it is the file. When you are authoring your .htaccess file under Notepad (if you are a Windows user), then make sure that you save the file as “.htaccess”, verbatim.
When you insert a .htaccess file to a directory, that directory and all of its subdirectories will be affected. However, if there is an .htaccess in a subdirectory of a directory that has a .htaccess file in the first place, then the subdirectory’s file will override the one found higher up the directory tree.
Example: Authentication
If you wish to password protect a directory (say, public_html/priv), start up Notepad (if you’re in Windows) or nano (if you’re in Linux and don’t know vim). Enter in the following information:
AuthName “Authenticated Directory” AuthType Basic AuthUserFile /full/path/to/.htpasswd Require valid-user
AuthName “foo” is just the title of the section of your webspace that you are password-protecting. AuthUserFile should be the full path to your password file (which we’ll get to in just a moment) in Linux format. So, if you are an undergraduate and your username was “jdoe”, then the full path to your home directory would be “/home/ugrad/jdoe”.
Now you need to create a password file called .htpasswd. You can create this .htpasswd file via apache’s htpasswd2 program. To do this, change to the directory in which you want to create the .htpasswd file. Next enter the command as follows:
htpasswd2 -c .htpasswd jdoe
assuming that you are creating a user called jdoe. Since the file does not exist we must use the -c to tell the program to create this file.
Warning: If you use -c when there is already a file there, it will remove the .htpasswd file you have and create a new one. If you want to add a user to the file remove the -c from the previous command.
After you enter this command, you will be prompted to enter a password for the user. Lets assume we entered the password “mypasswordstinksbecauseitsmadeupofwords”. Now when we look at the contents of the file we see that it contains the following line:
jdoe:6IEGX/R6pNXt2
Now if anyone happens to find a way to open that file, they still do not know the password you are using.
HowTo: GPG
Posted:
If you wish to sign your e-mails with a security key (and be able to read key-guarded messages), then you may utilize the GNU Privacy Guard (GPG).
Creating a Key
First, log in to the CS network with a Linux terminal.
jdoe@london ~ $ gpg –gen-key
The program will ask you a few simple questions: what your name is, what you want your comment to be, if anything, and what your e-mail address is (use your cs.uri.edu address). After this, you will need to enter your passphrase. Your passphrase is akin to a password. It should be treated like a password, as well (so nothing easily guessable please).
Once you hit enter, it’ll start generating the key. You may take this time to do something random on the computer, like playing a game, working on homework, or just banging on the keyboard typing a bunch of random letters and symbols. Doing so increases entropy and causes a more random result.
The next command will allow you to search the central database of all PGP keys.
echo “keyserver hkp://pgp.mit.edu” > .gnupg/gpg.conf
You should send your key to this server with:
gpg –send-keys yourusername@cs.uri.edu
Retrieving Other Keys
You should also do the following to be able to verify messages send from sysstaff:
gpg –recv-key 547EE720
To look for other people who have uploaded their keys, use:
gpg –search-keys @cs.uri.edu
Note that you can also use that command to pick keys to receive. Having other peoples keys means you can (a) verify messages they sign and (b) send encrypted messages to them.
Exporting the Key
If you want to export your public key to a file, you would type:
gpg –export –armor –output .pgpkey your_userid_or_keyid > file_name
If you run this from your home directory, it will be available through the finger command. You could also mail this file to someone, and then they could import it into their keyring (see next section).
Importing Keys
To import a file into your keyring, use:
gpg –import file_name
Note that if you are using mutt on the shell servers with the provided configuration file, new keys on signed messages are automatically imported when you read the message.
HowTo: Forward Email
Posted:
You may forward your e-mail from yourname@cs.uri.edu to any other account. It’s simple and can be set up within moments.
The existence of a file in your CS home directory called .forward controls where your e-mail will be forwarded to. If the file doesn’t exist or is empty, then your e-mail will not get forwarded.
Instructions for Windows Users
1. Start Notepad. This can be done by clicking the Start button, clicking “Run”, and typing notepad. Alternatively, click the Start button, click “All Programs” or “Program Files”, click “Accessories”, and click “Notepad”.
2. Type in the target e-mail address. Your cs.uri.edu e-mail account will be forwarded to the address you type here.Be sure to include the quotes
3. Click “File” and then click “Save As”. Name the file “.forward” and save it to your home directory. Be sure to include the quotes when naming the file.
4. You’re done.
Instructions for Linux Users
1. Log in to london.cs.uri.edu.
2. Ensure that you are in your home directory by typing cd ~
3. Open the text editor nano (if you don’t know vim) by typing nano .forward
4. Type in the target e-mail address. Your cs.uri.edu e-mail account will be forwarded to the address you type here.
5. Save the file by pressing “Control” plus “O”.
6. You may now press “Control” plus “X” to exit nano.
Or simply:
london ~ $ echo “myother@email.com” > ~/.forward
HowTo: Change Passwords
Posted:
If you need/want to change your password at any point, you may do so.
Changing your Password Under Linux
From the Linux servers (see Howto:SSH) you may use passwd in order to change your password, however, changing your password in this manner will not change your Windows login password. If you primarily use Windows in the department, we strongly recommend that you use a Windows-based computer to change your password.
auser@lima ~ $ passwd Enter login(LDAP) password: New UNIX password: Retype new UNIX password: Password successfully changed. auser@lima ~ $
Resetting a Lost Password
If you need to reset a lost password and you are an undergraduate, then you must come down to Tyler Hall and speak to whoever is on duty in the Envision Lab. If you are a graduate student or a member of the faculty, then you must talk to a member of the system staff.
When coming down to the lab to reset a password, please bring your URI photo identification card so we can verify who you are. Password resets will not be done if the user requesting the reset is not present.
Changing your Password Under Windows
First, log in to any machine in the CS domain using your existing username and password. After doing so, press “Control”, “Alt”, and “Delete” all at once.
Go ahead and click on “Change Password…”. You may now go ahead and enter your new password. 
HowTo: CVS
Posted:
CVS is Concurrent Version Control. It can be used to control the versioning of source and document files.
It may be used to house all documents generated in one’s academic work. The benefits to this are that one has all versions of all programs/documents produced and may easily roll back to a previous version. One will also have an easy way of keeping work in sync across multiple machines.
Getting Started
First you need to create your cvs repository directory. E.g.
mkdir ~/cvs
Now we need to add two lines to our .bashrc file located in our home directory. The first line tells CVS to conduct its transactions over the SSH protocol. The second line tells CVS where the repository is located.
echo “export CVS_RSH=/usr/bin/ssh” >> ~/.bashrc echo “export CVSROOT=yourusername@london.cs.uri.edu:/home/ugrad/yourusername/cvs” >> ~/.bashrc
Now just to make sure that your additions to .bashrc went through correctly:
cat ~/.bashrc
If you don’t see the two lines there then go ahead and edit the file in your favorite editor (vim, emacs). Before you continue you should logoff the server and then reconnect. The .bashrc file only runs at logon. If you do not disconnect and reconnect CVS won’t know where the repository is located.
Initial Repository Creation
In your home directory make a directory called school.
mkdir school
Then inside the school directory make a subdirectory designating the current semester.
cd school mkdir spring2005
Now change into that directory and create the initial repository.
cd spring2005 cvs import -m “Initial importation of spring 2005 coursework” spring2005 brandon start
What you have done is created a spring2005 repository with vendortag brandon and starttag start.
Adding Courses to the Semester Repository
Now lets checkout our new spring2005 repository. From the school directory run:
cvs checkout spring2005
Change into that directory and create some course directories.
cd spring2005 mkdir csc212 csc350 csc412 csc402
Now add each directory to the repository.
cvs add csc212 csc350 csc412 csc402
Now commit to push the changes back to the repository.
cvs commit
Our First Programming Assignment
CSC212 has asked you to write a rather difficult Hello World program for lab 1. You’ve written some initial code for your program but want to add it to the repository before implementing an untested algorithm. First upload or move the directory containing your code to your school/csc212/ directory. Assume the lab directory was called lab1 with Hello.java being the program you are working on. To add this data to the repository, do the following:
cd ~/school/spring2005/csc212/ cvs add lab1 cvs add lab1/Hello.java cvs commit
Now you’ll notice that CVS will open an editor window and ask you to write some comments about this version. Write something about it like My initial commit. Program doesn’t work as required. These messages will help you to later sort out the changes you made during different commits. CVS will give you some messages and then your program will be added to the repository. Upload successive versions to the same location and simply issue a
cvs commit
to save those revisions to the repository.
Conclusion
You’re now using version control to maintain your academic work. As an aside you can also commit binary files to CVS but you’ll lose some of CVS capabilities like the ability to show the differences between two versions of the same file. Check the cvs manpage and homepage for additional information. Good luck.
HowTo: Control Spam
Posted:
The department servers use Spamassassin and Procmail in the mail delivery process. You can control how these programs work by editing the user configuration files for each.
Spam Assassin’s user configuration file is ~/.spamassassin/user_prefs
Procmail’s user configuration file is ~/.procmailrc
Please note that Procmail is called after Spam Assassin, which is why you can filter for Spam Assassin headers (as in the examples below). This also means if you try to use procmail for whitelisting but the user sends something that scores really high (10 or above), the message will still either bounce or be lost. In practice, this rarely happens.
Spam Assassin
Although you can add any of the directives as documented on the Spam Assassin website, the most useful are listed here.
required_score 6.31 whitelist_from myotheraccount@example.org blacklist_from spammer@example.com
The “required_score” will change the value at which messages are flagged as spam in the “Subject:” line. 6.31 is our current setting. You should check your message headers (X-Spam-Score:) to see what your highest scoring ham (real) email is and set this value to that plus .5 just to be safe.
The other two lines will add emails to the whitelist (allows all email from that address) or the blacklist (deny all email from that address). Only one email is allowed per line, but those lines may be repeated.
Procmail
Procmail is a much more flexible program then what is mentioned here. Read the procmailrc man page (not on shell servers, see procmailrc(5) on die.net) for more information about how rules work and what else you can do with them. The following rules are only for simple spam management.
Say you wish to keep emails marked as spam (to later check for false positives), but you don’t want to see that spam in your Inbox folder. You can create a rule such as:
:0 * ^X-Spam-Status: Yes .spam/
which will deliver the email to a folder called “spam” instead of your Inbox. Note that the period at the beginning of the name is required if you want to view the folder via IMAP (including webmail).
Here’s an example of whitelisting via Procmail:
:0 * ^From whitelisted@example.org $DEFAULT
Here’s an example of blacklisting via Procmail:
:0 * ^From blacklisted@example.com /dev/null
