SSH

Basics

SSH (Secure SHell) access to the campus network from off-campus via the education server solIt is possible to connect via an encrypted communication channel using

Server name

sol.edu.cc.uec.ac.jp

Account

UEC Account

Type of login (authentication)

SSH login (authentication) methods include

The two methods are described above. The key pair method is more secure.

Note

In the future, access to the campus from off-campus will be limited to authentication by key pairs in stages.

Required software

The SSH client software for Windows is

There are.

On most UNIX, macOS, and Windows systems,

  • the OpenSSH ssh command

is installed as standard and can be used.

Login with password

In this section, we introduce three methods of logging in with a password:

  • using the OpenSSH ssh command (UNIX, macOS, Windows10)

  • using PuTTY (Windows)

  • Tera Term (Windows)

.

The OpenSSH ssh command (UNIX, macOS, Windows10)

  1. Launch a terminal program (xterm, kterm, gnome-terminal, terminal, etc.).

  2. Connects to the server and performs authentication.

  • Enter the ssh command as follows.

    %ssh UECアカウント名@sol.edu.cc.uec.ac.jp
    
  1. You will be asked for the password for your UEC account.

Note

To log out (disconnect), execute the exit command. If the window does not close, click on the ``x’’ in the upper right corner, for example.

PuTTY (Windows)

  1. Click on the SSH checkbox and specify SSH as the protocol.

  2. In the “Host Name(or IP address)” field, enter sol.edu.cc.uec.ac.jp. In the “port” field, enter 22.

../../_images/putty_01.png
  1. Click the “Open” button at the bottom right. If there are no problems, the connection will be established.

  2. Enter your user name after “login as:”.

  3. Enter your password or passphrase after “password:”. The password characters you enter will not be displayed.

Note

To log out (disconnect), execute the exit command. If the window does not close, click on the ``x’’ in the upper right corner, for example.

Tera Term (Windows)

  1. The “New Connection” window will be displayed. Enter sol.edu.cc.uec.ac.jp in the “Host” field, 22 in the “TCP Port” field, and click the “OK” button.

../../_images/teraterm_01.png
  1. A security window will appear, click the “Continue” button.

  2. If the server name is correct, the “SSH Authentication” screen will be displayed. Enter your user name and password respectively.

Warning

For security reasons, it is recommended that you uncheck the “Store password in memory” checkbox.

../../_images/teraterm_02.png
  1. Click the “OK” button to log in to the target server.

Note

To log out (disconnect), execute the exit command. If the window does not close, click on the ``x’’ in the upper right corner, for example.

Login with key pair (public key and private key)

Basic flow

Generate a pair (key pair) of public key and private key. The public key is registered in the system (Sol) to which the user is logging in, and then, during authentication The public key is registered in the system (Sol) to which the user is logging in,and the private key is referenced on the PC from which the user is logging in during authentication to verify the key.

Warning

If there is a risk that your private key has been revealed to others, follow this procedure to re-generate and re-register the key pair. Public key may be known to others without any problem due to the key pair mechanism, but we recommend that you register it only with trusted servers.

Generating and registering a key pair

Putty (Windows)

  1. Start “PuTTYgen”.

  2. Click the “Generate” button, and move the mouse randomly on the window to generate random numbers.

../../_images/puttyKeygen_01.png
  1. The string in the text box at the bottom of “Public key for ~~~” is the public key.

../../_images/puttyKeygen_02.png
  1. Enter your passphrase in the “Key passphrase” and “Confirm passphrase” fields, as shown in the image above. The recommended length is 12 characters or more, according to the university regulations. The passphrase is used for login.

    Note

    The passphrase is the password that is set for the key pair; it is different from the password for the UEC account.

  2. Click “Save public key” and “Save private key” to save the public key and private key, respectively. In this example, the public key is sol_rsa.pub and the private key is sol_rsa.ppk.

  3. Register the public key to the server (sol.edu.cc.uec.ac.jp) where you want to login. Copy the saved public key to the clipboard. Log in to the PuTTY or Tera Term login server with your password according to the procedure described in Logging in with a password, and paste the copied public key into ~/.ssh/authorized_keys.

Using the OpenSSH ssh command (UNIX, macOS, Windows10)

  1. Create a key pair from a terminal program (xterm, kterm, gnome-terminal, terminal, PowerSHell, etc.) using the ssh-keygen command.

% ssh-keygen (Enter)
Generating public/private rsa key pair.
Enter file in which to save the key (/homedir/.ssh/id_rsa): (キーの保存場所.通常はそのまま Enter)
Enter passphrase (empty for no passphrase): (パスフレーズを入力)
Enter same passphrase again: (パスフレーズを再入力)
Your identification has been saved in /homedir/.ssh/id_rsa.
<略>
  1. Confirm that id_rsa (the private key) and id_rsa.pub (the public key) have been created in the ~/.ssh/ folder.

    % ls ~/.ssh/
    id_rsa  id_rsa.pub
    
  2. Register the public key to the target server. You can use the ssh-copy-id command to register the public key you just created (id_rsa.pub ) to ~/.ssh/authorized_keys on the server you are logging into, as shown below.

% ssh-copy-id <UECアカウント名>@sol.edu.cc.uec.ac.jp

Caution

This operation is not available in Windows 10, so please do it manually.

Login

Note

The following is a method of logging in using a key pair. You need to do key pair generation and registration in advance. For login by password, see Login by password .

Tera Term (Windows)

To use public key authentication with Tera Term, enter the passphrase you entered when generating the key in the パスフレーズ(P): field of the following image, check the RSA/DSA/ECDSA 鍵を使う checkbox, and click the 秘密鍵 button to select the private key.

../../_images/teraterm_02.png

using PuTTY (Windows)

To perform public key authentication with PuTTY, open the Connection -> SSH -> Auth page as shown in the following image from the sidebar of the connection screen, and click the “Browse…” button. Button to select the private key you have saved.

../../_images/puttyKeygen_03.png

using the OpenSSH ssh command (UNIX, macOS, Windows10)

  1. Use the ssh-keygen command on a terminal program (xterm, kterm, gnome-terminal, terminal, etc.) to create a key pair.

% ssh-keygen (Enter)
Generating public/private rsa key pair.
Enter file in which to save the key (/homedir/.ssh/id_rsa): (キーの保存場所.通常はそのまま Enter)
Enter passphrase (empty for no passphrase): (パスフレーズを入力)
Enter same passphrase again: (パスフレーズを再入力)
Your identification has been saved in /homedir/.ssh/id_rsa.
<略>
  1. Make sure that id_rsa (your private key) and id_rsa.pub (your public key) are created in the folder ~/.ssh/.

% ls ~/.ssh/
id_rsa  id_rsa.pub
  1. Register the public key with the target server.

In order to register your public key with the server, you need to copy the contents of the public key you just created to ~/.ssh/authorized_keys on the server. (Copy the contents, not the file.)

% ssh-copy-id <UECアカウント名>@sol.edu.cc.uec.ac.jp
  1. Log in with a passphrase

If the key exchange is successful, you will be prompted to enter the passphrase you set in 1. instead of the password of your UEC account when logging in with the ssh command.

ssh <UECアカウント名>@sol.edu.cc.uec.ac.jp
Enter passphrase for key '/homedir/.ssh/id_rsa': (パスフレーズを入力)

Accessing internal websites with SSH tunneling

This procedure assumes the following environment.

Warning

Please update your OS and software before starting the procedure if you have older version of them.

OS
  • Windows 10 1903 or later

  • macOS 10.15 (Catalina) or later

Web browser
  • Firefox 74 or later

You can do the same thing in other environments, but the Information Technology Center cannot provide support. Please use at your own discretion.

How to use

Please follow the steps below.

1. Install the Firefox Web browser

  1. Click Firefoxをダウンロード from https://www.mozilla.org/ja/ to download the Firefox installer .

  2. Run the downloaded Firefox installer, and install in accordance with the directions on the screen.

2. Configure the Web browser to view the campus-exclusive sites

  1. Open the command window

Open the command window using the following method. The command window is PowerShell in the case of Windows and :guilabel:terminal in the case of the macOS. These have already been installed by default.

For Windows 10

Open スタートメニュー win10_windows, and enter powershell from the keyboard. Click Windows PowerShell from among the displayed items.

../../_images/guidance_run_powershell.png
For macOS

Click and run Finder macos_finder from the Dockメニュー Click :guilabel:`アプリケーション \(\Rightarrow\) ユーティリティ \(\Rightarrow\) ターミナル.

../../_images/guidance_run_terminal.png
  1. Enter the command to access from the command window

Once the command window is open, enter the following line. (If you click the sphinx_copy icon on the right, this is copied to the clipboard). At the point input ends, do not press the Enter key yet.:

ssh sol.edu.cc.uec.ac.jp -L 8080:proxy.uec.ac.jp:8080 -l UECアカウント

Replace UECアカウント in the above with your UEC Account ID and finally, press the Enter key (Enter or Return)

You will be prompted to enter your password. Enter your UEC account password** and press Enter at the end.

Hint

When entering the password, the input characters and “*” are not displayed.

Only when entering this command for the first time:

Are you sure you want to continue connecting (yes/no)?

The above may be displayed. Enter yes and press the Enter key.

If you connect successfully, the string Welcome to sol.cc.uec.ac.jp in ITC2018. will be displayed in the command window. Do not close the command window until this procedure is complete.

Hint

Example of case when UEC account is “x2000000”:

../../_images/guidance_ssh_tunnel_example.png
  1. Configure Firefox to access the campus site

Start up Firefox and click the menu icon firefox59_menu (top-left corner) \(\Rightarrow\) オプション (in case of macOS, 設定) in order.

../../_images/guidance_ff_launch.png

Scroll down to the bottom of the open settings tab, and click on the 接続設定 button.

../../_images/guidance_open_ff_settings.png

Perform the following operations on the opened page:

  • Check 手動でプロキシーを設定する

  • Enter “localhost” in HTTP プロキシー, and enter 8080 for ポート immediately to the right.

  • Check このプロキシーを FTP と HTTPS でも使用する

  • Finally, click the OK button

../../_images/guidance_ff_proxy_setting.png
  1. Check that you can access the campus site.

Enter the following in the Firefox top address bar, and input Enter (if you click the sphinx_copy icon on the right, it will be copied to the clipboard).

https://www.cc.uec.ac.jp/in/

If 学内ネットワークからアクセスされました.学内専用ページの参照が可能です. is displayed, and you can view the page, then setup is complete.

../../_images/guidance_ff_check_proxy_setting.png

3. [Important] Restore the browser settings after finishing the operation

Warning

After you have finised using the internal website, you must restore the proxy settings of your browser.If you skip this step, you may not be able to view the site you nomally use properly.

Start Firefox, and click the menu icon (top-left corner) \(\Rightarrow\) options (in case of macOS, settings) \(\Rightarrow\) connection settings… button (scroll to bottom of screen) in order.

Perform the following operations on the opened page:

  • Check Use system proxy settings

  • Finally, click the OK button

../../_images/guidance_ff_proxy_unset.png

To confirm the setting are restored properly, visit some website you normally use.

FAQ