Getting Setup for Remote Access – Windows

Overview

This guide is designed to get your Windows system setup so that you can do your coursework from either on-campus or off-campus on the Rhodes CS computing environment. You will need to configure your local machine so that it can be used to login to the remote CS server.

Useful Software

PowerShell

PowerShell is a command-line interface that is bundled with all currently supported Windows versions. It consists of a shell program and an associated scripting language. If you are using an older version of Windows that does not come with PowerShell installed by default, you can install it by following these instructions.

You can launch a PowerShell session from either the Start Menu or Run Command.

Launching PowerShell Using the Start Menu

  • Click Start, type PowerShell, and then click Windows PowerShell.

Launching PowerShell Using the Run Command

  • Press the Windows key and R together (Win+R), type PowerShell, and then press Enter.

image-20240125-161506.png

If successful, you should see a new window that looks like the following:

image-20240125-163638.png

Initial Login

To access the CS server, we will need to use the SSH (Secure Shell) command to connect from your local computer to the CS server (cslogin). Due to security restrictions, you will need to be on campus to access the cslogin server until you have setup encryption keys (see below). SSH will not work from off-campus the first time you login.

Launch your terminal program (e.g., PowerShell) and type the following command to log in to the CS server. You will need to replace the "userid" with your username.

$ ssh userid@cslogin.arc.rhodes.edu

Your userid should be the username in your Rhodes email. For example, if your Rhodes ID is doej-21@rhodes.edu, in the terminal you would type:

$ ssh doej-21@cslogin.arc.rhodes.edu

Note that the initial dollar sign and space $ are included to indicate that the rest of the code snippet is a command meant to be entered at a prompt. In the above example ssh doej-21@cslogin.arc.rhodes.edu is all you would enter into PowerShell.

You will be prompted for your password, which will be your regular Rhodes One Login password.

Note that SSH does not echo back the characters you type for added security!

Once you have typed your password, press Enter. After a short delay, you should see the command prompt on the remote CS server.

Now would be a great time to learn some Basic Command-Line Skills and Tools.

Setting Up SSH Keys

The SSH program is used for more than remote access to a Linux server. It is used in a variety of forms anywhere an application wants to do secure, authenticated, and encrypted communication. Mostly, we use passwords as a mechanism for you to guarantee that you are who you say you are. There are some problems with passwords:

  • you have to remember them

  • you have to type them in all the time

  • if anyone else gets your password, they can masquerade as you

  • if you re-use your password, this makes it all worse

To fix these problems, SSH supports encryption keys. To get started, you create a new pair of keys: a public key and a private key. Any message encrypted (written) with one key can only be decrypted (read) with the other key. The private key is protected by a passphrase (i.e. a password), but anyone can use your public key. In general, the public key is just that: public. If anyone on the Internet uses your public key to encrypt something, it can only be read with the private key (which is you). Likewise, if you encrypt something with your private key, then anyone on the Internet can read it, but they will know for a fact that you sent it (because only you can use your private key).

Creating SSH Keys

First off, start by creating an SSH keypair by entering the following command into a local PowerShell prompt.

If you are still connected via ssh to cslogin your PowerShell prompt will begin with userid@cslogin. To end the ssh session and return you to your local PowerShell prompt enter the command $ exit. The prompt should now begin with PS C:\Users\username>.

$ ssh-keygen -t rsa -b 4096

This will prompt you to make a passphrase. This is similar to a password, but should be longer and stronger. Make it something you won’t forget, but don’t worry – you won’t be typing it all the time like a normal password.

Next, you need to copy the public key to the cslogin machine. If it gets a login request that was encrypted with your private key then it will know that it’s really you and let you login.

Copying Public Key (PowerShell)

PowerShell lacks the equivalent of the ssh-copy-id utility that is installed by default with SSH on Linux and MacOS. As a workaround, you can execute the following two commands from your PowerShell terminal.

$ $cmd = "mkdir -p ~/.ssh; cat | tr -d '\r' >> ~/.ssh/authorized_keys"

Replace “userid” with your username before executing the following!

$ cat ~/.ssh/id_rsa.pub | ssh userid@cslogin.arc.rhodes.edu "$cmd"

Note that ~ is a reference to your home directory. This shell expansion works in Linux/Unix shells (like BASH and zsh) and PowerShell.

These commands are doing a lot! Here is a breakdown for the curious:

  1. the first command assigns a set of commands to be run later to the local PowerShell variable $cmd

  2. the second command:

    1. uses cat to read your public key, the local file id_rsa.pub

    2. opens an ssh connection to the remote server cslogin

    3. | pipes the contents of id_rsa.pub through the ssh connection and sends the commands assigned to the $cmd variable to be run on the remote server.

    4. mkdir creates a new directory on the remote server called .ssh (if it doesn't already exist)

    5. cat | sends the piped stream of data from id_rsa.pub through the tr command which translates the line termination characters from DOS-style ("\r\n") to Unix-style ("\n")

    6. >> appends the newly formatted public key into a remote file called authorized_keys

Now, whenever you log in to cslogin over SSH you will be prompted for your passphrase rather than your password.

Refinements (Optional)

SSH Agent

If you would prefer not to type in your passphrase every login, you can start-up a background service called the SSH Agent that will do this on your behalf. The basic idea is that you authenticate yourself to the SSH agent once, then it unlocks your private key whenever you need it.

Starting the SSH Agent

By default, the SSH Agent is not running on most Windows systems. To start it, you need to open PowerShell in Administrator Mode.

  • Click Start, type PowerShell, right-click Windows PowerShell, and then click Run as administrator.

You can then run the following command from the PowerShell terminal:

Set-Service ssh-agent -StartupType Automatic Start-Service ssh-agent

Once this is complete, the SSH agent should be running, and it will automatically start-up next time you reboot your system.

Registering your SSH Private Key

To authenticate yourself to the SSH agent, you need to add your keys to the agent.

Do this from a regular (non-privileged) PowerShell session using the command:

$ ssh-add

Type in your passphrase and you’re all set.

Now, at this point you should be all done with the required configuration on your local host. You will still need to setup more SSH keys on cslogin so that you can securely exchange files with GitHub:

Configuring and Using Git