Note: If you’re attempting to use GUIs over SSH and having difficulty, please see this page on X11 Forwarding.
Windows
We recommend either MobaXterm or PuTTY as an ssh client. Both of are available free for non-commercial and university use.
MobaXterm is a very powerful ssh client that has tons of functionality and a built-in X server which allows you to seamlessly use X11 Forwarding.
PuTTY provides support for both shell access and file transfer. If you want FTP-like functionality, also download psftp.exe.
As of January 18, there is a bug manifesting in Windows SSH clients on connecting to EECS servers: “Corrupted MAC on input”. This is a known bug in a library used by Windows SSH clients. It is manifesting now because we disabled a number of SSH ciphers in response to the Terrapin vulnerability. There is no known fix. The workaround is to explicitly specify a MAC algorithm when connecting to any EECS server. On command line, that’s:
ssh -m hmac-sha2-512 -X [your-username]@homework.eecs.tufts.edu
If that fails, you can find out what MAC algorithms your client supports with
ssh -Q mac
The EECS servers support
hmac-sha1
hmac-sha1-96
hmac-sha2-256
hmac-sha2-512
hmac-md5
hmac-md5-96
umac-64@openssh.com
umac-128@openssh.com
hmac-sha1-etm@openssh.com
hmac-sha1-96-etm@openssh.com
hmac-sha2-256-etm@openssh.com
hmac-sha2-512-etm@openssh.com
hmac-md5-etm@openssh.com
hmac-md5-96-etm@openssh.com
umac-64-etm@openssh.com
umac-128-etm@openssh.com
We recommend against using any of the ones containing ‘sha1’ or ‘md5’, as we plan to disable those in the near future.
Macintosh OS X
SSH and SCP directly from Terminal via ssh username@hostname. For file transfer, use the command scp, or sftp if you prefer FTP-like functionality. (To find Terminal, open Hard Drive->Applications Folder->Utilities Folder->Terminal)
Linux
SSH and SCP directly from a terminal via ssh username@hostname. For file transfer, use the command scp, or sftp if you prefer FTP-like functionality.
Okay, Got it! Now where do I SSH to?
EECS has several systems which you may access from either on or off-campus. You can see a full list of our available servers here.
SSH keys
SSH keys will let you log in without a password. This does not prevent you from needing to change your password when notified! To set up SSH keys for within EECS, which will let you log in from one of the EECS machines to another without a password:
% ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/h/[username]/.ssh/id_rsa):
Created directory '/h/[username]/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /h/[username]/.ssh/id_rsa.
Your public key has been saved in /h/[username]/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:dgr/PF3mOQs9vAo73Ct/b/4YRXWF4PMxmoXwhnNXQX8 [username]@vm-hw07
The key's randomart image is:
+---[RSA 3072]----+
| ..o*+ .=|
| +=.o. o|
| o=o= E|
| +*+= |
| S ..o+.o.|
| + ..o|
| . . ..+.|
| . . +=B|
| .o*X&|
+----[SHA256]-----+
Once you have your key generated, you can create an allowed_keys file to let you use your new key for logging in:
% cp ~/.ssh/id_rsa.pub ~/.ssh/authorized_keys
You should now be able to log in to any other EECS host without a password:
% ssh homework
Last login: Thu Sep 21 16:29:51 2023 from 130.64.23.13
Disk quotas for user [username] (uid [number]):
Filesystem space quota limit grace files quota limit grace
vs-home:/cs_ugrad
182M 9216M 10240M 580 900k 1000k
If you want to use the same key to log in from a non-EECS host, you’ll need to bring your new ~/.ssh/id_rsa private key to that host. For Linux or MacOS machines, you should be able to copy id_rsa to ~/.ssh/id_rsa on your own machine and have it just work. For Windows, you’ll need to consult the documentation on how to import a private key into your preferred Windows SSH client.