Remote Access by Secure Shell (SSH)

Access to Linux systems at ETH from remote via secure shell (SSH) is generally possible but subject to restrictions by the firewall.

Special Login Hosts

Every D-INFK member and students of the D-INFK can log in to

  • optimus.ethz.ch (RHEL)
  • maximus.inf.ethz.ch (Ubuntu)

which have the same Linux setup as in the public student labs.

Jump Hosts

To access systems that are not reachable from the internet every D-INFK member and students of the D-INFK can use the following SSH jump hosts:

Host name IP address Comment
jumphost.inf.ethz.ch - Alias for jumphost1.inf.ethz.ch
jumphost1.inf.ethz.ch 129.132.227.181 Server 1
jumphost2.inf.ethz.ch 129.132.227.182 Server 2

The jump hosts are only intended for forwarding SSH sessions, not for running computations or storing data. Disk space for the home directory is limited to 2MB each, enough for the SSH configuration and keys.

Preparation

Please make sure that you use the OpenSSH client which is part of all Linux distributions, Windows 10 and macOS.

If you do not have a key pair yet on the system that you use outside ETH (typically your laptop) then you can create one with the following command: 

ssh-keygen

Additionally, add the following line to ~/.ssh/config if you have used a pass phrase to protect the generated key, which is strongly recommended by the way: 

AddKeysToAgent ask

To increase the stability of connections you will also want to add the following two lines to ~/.ssh/config: 

ServerAliveInterval 300
ServerAliveCountMax 12

To enable the generated key pair to log in to both jumphost1.inf.ethz.ch and jumphost2.inf.ethz.ch as your ETH login ETHUSER run: 

ssh-copy-id ETHUSER@jumphost1.inf.ethz.ch
ssh-copy-id ETHUSER@jumphost2.inf.ethz.ch

Simple Use

If you use the jump host just occasionally then no additional configuration is needed. To connect to a host TARGET with your ETH login ETHUSER run: 

ssh -J jumphost.inf.ethz.ch ETHUSER@TARGET

Transparent Use for Hosts at ETH

For regular use you can configure your ssh client to use the jump host whenever you connect to a host at ETH.

Add the following lines at the end of ~/.ssh/config and replace ETHUSER with your ETH login 

Host jumphost.inf.ethz.ch
    User ETHUSER

Host *.ethz.ch !jumphost.inf.ethz.ch
    User ETHUSER
    ProxyJump jumphost.inf.ethz.ch

Use of screen, tmux and mosh

If you have an unreliable network connection or are mobile you should use screen or tmux on the target system that you log into. This will allow you to reconnect to the same session after loss of connectivity and have multiple sessions with one SSH connection.

Please consult the man pages for screen or tmux for more details.

For very flaky connections, e.g., in a train you can use mosh with the jump host as follows: 
mosh ETHUSER@jumphost.inf.ethz.ch ssh ETHUSER@TARGET

Tunneling

Tunneling or port forwarding also works through the jump host. For instance, to forward VNC connections to localhost:5901 to TARGET you would run: 

ssh [-J jumphost.inf.ethz.ch] -L 5901:localhost:5901 ETHUSER@TARGET

Page URL: https://isg.inf.ethz.ch/bin/view/Main/HelpRemoteAccessSSH
2024-12-21
© 2024 Eidgenössische Technische Hochschule Zürich