On many Linux/Unix computers at the FB3, you can log in via SSH. This page provides instructions for using this service, as well as a list of host keys from known SSH servers in the faculty network.

The login via SSH is done exclusively via public key authentication.

This is a non-exhaustive list of FB3 computers that can be accessed via SSH:

login.informatik.uni-bremen.de

Login server with Linux.

login-smartos.informatik.uni-bremen.de

Login server on a SmartOS zone.

login-freebsd.informatik.uni-bremen.de

Login server with FreeBSD.

(x01-x10).informatik.uni-bremen.de

Linux computers in the practicum area.

(m01-m06).informatik.uni-bremen.de

macOS computers (Intel) in the Praktikumspool.

(mm1-mm5).informatik.uni-bremen.de

macOS-Rechner (ARM) in the Praktikumspool.

Current list of host keys for FB3 computers in OpenSSH format: ssh_known_hosts

FB3 computers that can be accessed via SSH typically mount various NFS file shares from the network, which can be found under /home. Among others, this includes the home directories and the personal websites.

This allows remote access via SFTP through SSH.

It should be noted that not all available directories under /home may always be listed. These will be automatically mounted when accessing the path.

For example, it may happen that ls /home does not show an entry for wwwu, but cd /home/wwwu/$USER still works (also, wwwu will be displayed in /home after accessing it once).

OpenSSH is part of the operating system in current Windows versions but may need to be activated. See here for a guide on how to do this.

For the login, a public and a private key are required. The public key is stored on the SSH server and can be published or shared with others without concern, while the private key is solely possessed by the client and should be kept secret under all circumstances.

To generate a key pair, the following command can be executed on the client machine:

ssh-keygen -t ed25519

It generates the files id_ed25519 (private key) and /.ssh/id_ed25519.pub (public key) in the directory ~/.ssh. With the parameter -f $FILENAME, the file names and paths can be customized.

The command prompts for a so-called passphrase to be entered. This is used to encrypt the private key, so it can only be used in conjunction with the passphrase.

Warning:

Skipping a passphrase poses a significant security risk. If the private key falls into the wrong hands, it can be easily used for authentication without any further action required.

If you place a public key in your home directory, you can automatically log in to all FB3 computers that mount it (and allow login via SSH).

Using the example of the key pair generated above, you need to insert the contents of the file id_ed25519.pub (NOT id_ed25519) into the file .ssh/authorized_keys. If the .ssh directory does not exist, you can easily create it as follows:

mkdir ~/.ssh
chmod 700 .ssh

If you are not on-site to place your public key directly on a computer, you can instead use the FB3 user tools. The public keys stored there are not placed in the home directory but are saved in a database, so you may only be able to log in to certain computers (see the text on the linked page).

If you used the default path for the key files when generating the key pair, the SSH client will automatically detect and try to use the private key.

If you chose a different path or filename, you can specify the path to the private key as follows:

ssh -i /pfad/zum/privaten/schlüssel zielhost

Alternatively, you can use the configuration file ~/.ssh/config. See the OpenSSH documentation for more information on this.