Winter 2019 - January to April 2019 - Updated 2019-03-05 02:15 EST
This file gives you the information needed to do a text-based Remote Login connection using the SSH protocol to the Course Linux Server (CLS).
While these instructions are prepared to connect you with the Course Linux Server for this course, the instructions also apply when making a Remote Login connection to any machine. Simply substitute that other machine’s name or IP address in the instructions below.
Any issues you have regarding the Course Linux Server must be dealt with only through your Linux instructor. Neither Algonquin ITS nor the Help Desk know anything about this CLS Linux machine. All issues, including password resetting, must be resolved directly with your Linux instructor.
If you are having problems, here’s how to Ask Questions and Report Problems well. Read this before you send your question to your instructor!
The Course Linux Server runs the Denyhosts intrusion protection package and will lock out any IP address that appears to be attacking the machine. Your login attempt will fail if you:
If you fail to log in too many times, your IP address (not your account name) will be locked out of the server and nothing you can do will let you (or anyone else at that IP address) log in from that IP address again until you ask your instructor to reset it, as explained below.
You will know your IP address is locked out if the connection to the CLS fails and closes before even asking for your login or password. (It might say “Network error: Software caused connection abort”.)
If you see the COURSE LINUX SERVER banner or are asked for your login userid or password, your IP address is not yet locked out of the server.
If your IP address is really blocked, you won’t see any banner message or login or password prompt and the connection will drop.
If your IP address does get locked out by Denyhosts, you must send your actual public IP address to your instructor by EMail to get your IP address unblocked again. See below for how to find your public IP address. Your request may take a few days to process.
If your IP address is locked out, you can login again if you move to a different IP address, e.g. go to a friend’s house, go to school, or go to a different coffee shop or library.
IP addresses are never locked out at school, so you can always connect and submit an assignment at school.
Assignment deadlines are not extended if you lock out your home IP address, since you can always move locations to get a different IP address.
To find out your real public IPv4 address, do not look at the IP address
of your local machine since the local machine almost certainly is on a
private home NAT local network with a Private RFC1918 Network Address,
such as 192.168.0.1
. Use a web tool such as http://whatismyipaddress.com/
to tell you your public IPv4 (not IPv6) address.
Send the public IPv4 address to your instructor and request an un-block.
Assignment deadlines are not extended if you lock out your home IP address, since you can always move locations to get a different IP address, e.g. you can always work at the College.
All access to the Course Linux Server is through a network Remote Login. You will need your Algonquin 8-character userid (the same userid you use for Brightspace and the Algonquin network), a special password (not your Brightspace password), and the network address of the server.
Your 8-character login userid must be all lower-case letters; do not use any capital letters.
There are two network addresses for the CLS, accessible in one of three ways. You must use the correct address or else your connection may disconnect in the middle of a session:
cst8207.idallen.ca
IndexThe Course Linux Server is located on a public IPv4 network address
at cst8207.idallen.ca
.
This public address is visible anywhere on the Internet (e.g. from
your home, library, or coffee shop), giving you full
access to the machine without needing to use the Algonquin
VPN.
Use this public address cst8207.idallen.ca
while off-campus, e.g. at home.
The public address will also work temporarily while on campus, but your session may disconnect in the middle if you leave it idle. Do not use this public address while on-campus at Algonquin College. Use the private address given below instead.
If you have problems connecting (e.g. connection closed), try the Network Diagnostics.
cst8207-alg.idallen.ca
IndexIf you access the machine from on-campus at Algonquin College, you should
instead use the [Private] RFC1918 address cst8207-alg.idallen.ca
that only works on-campus at Algonquin College (or via the Algonquin
VPN.
Due to network configuration problems at Algonquin (session
time-outs and dropped connections), use only the private address
cst8207-alg.idallen.ca
when on campus.
Use this private address cst8207-alg.idallen.ca
while on-campus at Algonquin College.
Your connection will time-out and fail if you try to use this private address while off-campus, e.g. at home. You cannot use the private address at home or anywhere off-campus; it doesn’t work.
If you have problems connecting (e.g. connection closed), try the Network Diagnostics.
Rarely the College network connecting to the Public Address from home is broken, but the internal College network is working. In these rare cases, you can often start up the Algonquin VPN software at home to connect to the College network, and then use the Private Address to connect through the VPN to the CLS. This is usually slower than connecting directly to the Public Address, but it may be the only method available.
Use the private address cst8207-alg.idallen.ca
when you are using the
Algonquin VPN.
All access to the Course Linux Server is through a network Remote Login. You will need your Algonquin 8-character userid (the same userid you use for Brightspace) and a special password (not your Brightspace password), and the network address of the server.
You must log in to the Course Linux Server using the remote terminal prococol SSH and you can transfer files using programs such as SFTP or SCP that use variations of the SSH protocol.
The CLS does not use your Algonquin network password. Your
instructor can tell you your special Course Linux Server password. If you
need your password reset, see your Linux instructor; do not go to ITS.
Change your password when you first log in by typing the command name passwd
.
(Hey! Remember your password!)
You log in to this machine differently, depending on whether you are running a Unix/Linix/OSX/BSD/Cygwin system or a Windows system.
Choose the section below that corresponds to the system from which you are making the Remote Login connection:
ssh
for Unix/Linux.Terminal
and ssh
on Apple Macintosh.If you have problems connecting (e.g. connection closed), try the Network Diagnostics.
For Windows users before Windows 10, scroll down to the Microsoft Windows PuTTY section.
Use this section if you are using a Unix/Linux command line:
To login to the Course Linux Server from the shell prompt at another Unix machine (including from Fedora, Ubuntu, SUSE, Knoppix, BSD, from a Macintosh OSX Terminal, from Windows Cygwin, or from the Windows 10 Linux subsystem), use an SSH command line similar to the one below.
You may find some parts of these Lynda.com videos useful for using SSH from a command line. These links require you to have created a free account on lynda.com via the Algonquin Lynda.com Link:
cst8207-alg.idallen.ca
or cst8207.idallen.ca
Use the model SSH command line below, with these notes:
Type your usual eight-character Algonquin userid (the same userid
you use for Brightspace). Do not use abcd0001
! Replace the userid
abcd0001
, below, with your usual Algonquin userid. Your 8-character
login userid must be all lower-case letters; do not use any capital
letters.
Choose the correct host name in your SSH command below:
cst8207-alg.idallen.ca
cst8207.idallen.ca
On your first connection, you will be asked to accept the server encryption key. Answer yes (use the full word) to accept the host key, if asked “Are you sure”.
Make sure the login banner says COURSE LINUX SERVER
when you connect!
If this is not true, you are trying to log in to the wrong machine.
If you use the correct host name and don’t see any banner but get an immediate disconnection, your IP address is probably locked out. See the section above on Getting locked out of the server.
When it asks for your password, use your special Course Linux Server password. The Course Linux Server does not use your Algonquin network or Brightspace password. The password will not echo as asterisks on your screen as you type it; you will be typing your password “blind”.
Your instructor can tell you your special Course Linux Server password. If you need your password reset, see your Linux instructor; do not go to ITS.
Your SSH command line will look similar to this (you must make the above changes first):
$ ssh abcd0001@cst8207-alg.idallen.ca
Are you sure you want to continue connecting (yes/no)? yes
*** WINTER 2019 COURSE LINUX SERVER 19W ***
abcd0001@cst8207.idallen.ca's password:
Welcome to Ubuntu 16.04.3 LTS (GNU/Linux 4.10.0-33-generic x86_64)
-bash-4.3$
When you have logged in successfully, you will see a your CLS BASH shell
prompt (default bash-4.3$
). You can type Linux commands at this prompt.
When you are done with your session on the CLS, type exit
to log
out of the shell and close SSH. Do not simply close the Terminal
program; always exit
the shell first to avoid leaving behind a “ghost”
login on the CLS. (“Ghost” logins do eventually time out and go away.)
If your SSH session times out or gets broken pipe errors, here is a suggestion from Oliver Bett:
Add the following line to your
/etc/ssh/ssh_config
file and it should keep the connection active.ServerAliveInterval 120
I’ve set my interval to 120 seconds and seems to do the trick.
The default SSH Port number is port 22. If you need to use a non-default
Port number when connecting (your instructor will tell you this),
specify the port number on the SSH command line using the -p
option:
$ ssh -p 2222 abcd0001@some.example.com
Make sure the login banner says COURSE LINUX SERVER
when you connect!
If this is not true, you are trying to log in to the wrong machine.
If you use Microsoft Windows, you can download and use the free
PuTTY
terminal program for Microsoft Windows. (You can also us any other SSH-capable
program you like instead of PuTTY, but you’re on your own.)
You may have to do an Internet
search for PuTTY download and download and run the executable first:
putty.exe
After you start PuTTY but before you open your PuTTY connection, make the PuTTY configuration changes given below and save them.
Failure to make these configuration changes may result in your PuTTY session being disconnected in the middle and your session becoming (inactive) (visible on the left in the PuTTY title bar). You may see these error messages:
PuTTY Fatal Error
Network error: Software caused connection abort
Server unexpectedly closed network connection
You may also see an error if you don’t type your userid or password fast enough (within a minute) and Linux disconnects your session.
When this happens, re-start PuTTY and try again. (You can use the PuTTY terminals icon in the top left to get a menu with “Restart session” in it.)
Before you connect using PuTTY the first time, you must set the following PuTTY Configuration options in the PuTTY Configuration dialog box. Read this whole section before you log in!
Failure to make the configuration changes below may result in your laptop keypad not working or your PuTTY session being disconnected in the middle (“Network error: Software caused connection abort”) and your session becoming inactive.
Category: Terminal:
Features (Enabling and disabling advanced terminal features)
Disable application keypad mode: ON
Category: Connection:
Seconds between keepalives: 55
Disable Nagle's algorithm: ON
Enable TCP keepalives: ON
Internet protocol version: IPv4
Category: Window
Appearance: Fonts | Change
(choose only Consolas, Courier, Fixedsys, or Terminal)
(recommended to use the Terminal font)
Colours: Indicate bolded text by changing: Both
Use system colours (optional for black-on-white)
(recommended to select this for black-on-white)
Category: Session:
Host Name (or IP address):
cst8207.idallen.ca (when off-campus, e.g. home)
*OR*
cst8207-alg.idallen.ca (when on campus at Algonquin)
Connection type: SSH
Port: 22
Saved Sessions: (choose your own name; see below)
After making the above configuration settings, save your settings using any name you choose:
Save one configuration session that uses the off-campus Public host name and another configuration session that uses the on-campus host name that uses the [Private] IP address.
If you are on-campus at Algonquin College, you must connect to the CLS
using the [Private] address cst8207-alg.idallen.ca
to avoid connection
problems. The [Private] address only works on-campus at Algonquin College
(or via the VPN).
Read the rest of this section to the end before you first Open a session. Your session will time out and become inactive if you don’t log in within a minute of clicking on Open.
Once you have saved both the on-campus and off-campus settings, choose the correct setting and use the Load button to load it, then use the Open button to start the session and connect to the CLS.
On your first connection, a PuTTY Security Alert dialog box will appear and you will be asked to accept the server’s host encryption key. Click on “yes”:
Next, you will be prompted with the line login as:
to enter
your login userid. Type your usual eight-character Algonquin userid
(the same userid you use for Brightspace). Do not use abcd0001
!
Replace the userid abcd0001
, below, with your usual Algonquin userid.
Your 8-character login userid must be all lower-case letters; do not
use any capital letters.
Make sure the login banner says COURSE LINUX SERVER
when you connect!
If this is not true, you are trying to log in to the wrong machine.
If you use the correct host name and don’t see any banner but get an immediate disconnection, your IP address is probably locked out. See the section above on Getting locked out of the server.
When it asks for your password, use your special Course Linux Server password. The Course Linux Server does not use your Algonquin network or Brightspace password. The password will not echo as asterisks on your screen as you type it; you will be typing your password “blind”.
Your instructor can tell you your special Course Linux Server password. If you need your password reset, see your Linux instructor; do not go to ITS.
Your PuTTY session will look similar to this
(you must make the above changes; do not use abcd0001
):
login as: abcd0001
*** WINTER 2019 COURSE LINUX SERVER 19W ***
abcd0001@cst8207.idallen.ca's password:
Welcome to Ubuntu 16.04.3 LTS (GNU/Linux 4.10.0-33-generic x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
-bash-4.3$
When you have logged in successfully, you will see a Welcome message
and a bash-4.3$
shell prompt.
You can type Linux commands at the shell prompt, e.g. try some of the commands from Assignment #02 such as:
date
,users
,who
,cal
,fortune
,sl
,cmatrix -s
,echo hello
,figlet hello
,toilet hello
, andhistory
. (If the prompt disappears, typeCTRL-C
to interrupt the process.)
When you are done with your session on the CLS, type exit
to log out
of the shell and close PuTTY. Do not simply close PuTTY; always
exit
the shell first to avoid leaving behind a “ghost” login on the CLS.
(“Ghost” logins do eventually time out and go away.)
Optional: If you have IPv6 connectivity where you are, you can experiment using the IPv6 host name
ipv6.cst8207.idallen.ca
andInternet protocol version: IPv6
to connect to the Course Linux Server.
Using the mouse on the little screen icon in the top-left corner of your PuTTY session, you can bring down a menu that lets you change your PuTTY options for the current session. You can then re-save the changed settings to be available for your future sessions.
If you do not re-save the changes options, they will be lost and you will get the old settings when you re-start PuTTY.
Change your password when you first log in by typing the command name passwd
.
(Hey! Remember your password!)
The CLS is on the open Internet and is being attacked both domestically and from foreign countries every hour. The only thing that stops these attackers from gaining access to the machine is your password.
You should change your CLS password when you first connect to the machine. Your password must be easy for you to remember but hard for a computer to generate at random.
Read Guidelines for strong passwords.
Here is one suggestion for choosing a good password from XKCD that uses words instead of letters.
Dilbert Comic: Good Password http://dilbert.com/strip/2005-09-10/
The Course Linux Server supports only secure SCP/SFTP-style file transfers, based on the secure SSH protocol. The server does not have the old insecure FTP protocol installed.
The Class Notes file on File Transfer has the details for file transfer between Linux, Windows, Mac OSX, and Cygwin systems.
Your CLS account can both send and receive electronic mail (EMail).
The CLS has various commands that send EMail to users on other machines, and commands that read EMail that has arrived. Usually the same command name can either send mail or read mail, depending on the arguments used.
Most Unix/Linux systems, including the CLS, come with a command-line
mail sending and reading program named mail
that is a link to one of
these programs:
The CLS currently uses the BSD S-Nail program (the default).
All the above mail programs are somewhat POSIX compliant and have the same basic, common commands and syntax for sending and reading EMail, described below.
The POSIX operating system standard defines how a POSIX-compliant Unix/Linux mail program should work. You can read about the POSIX
mailx
program, which specifies how a compliant mail program should work.
/var/mail
IndexEmail messages arriving for your account on the CLS are stored as blocks
of text sequentially in one single text file that is named for your
userid under system directory /var/mail
(sometimes under /var/spool/mail
).
If you don’t want to learn how to use a Linux mail reading program, you
can simply use less
on your mail file in the above directory, and then
empty the file when you are done: cp /dev/null /var/mail/$USER
from
commandYou can see some information about the EMail messages you might have
waiting in your system mail file by typing the command from
at a
shell prompt. The output format has varied over the years, but always
includes at least the sender of each message:
$ from
From nobody@localhost Mon Dec 14 13:25:10 2018
From root@idallen-ubuntu.idallen.ca Sun Dec 17 18:39:31 2018
From idallen@idallen.ca Sun Dec 17 19:56:08 2018
From denyhosts+CLS@idallen-ubuntu.idallen.ca Sun Dec 17 20:28:45 2018
mail
programThe simplest interactive EMail message reader on Unix/Linux
is usually named just mail
and is usually a link to a
POSIX-compliant
program with
mailx
compatibility. This compatibility means that some basic things are standard:
mail
command with no arguments at the command line to start the
interactive mail reading program. If you have mail messages waiting, you
will enter the mail program and your prompt will change:
mailutils
program prompt with a ?
;
the BSD mailx
program prompts with a &
.1
when you first enter the program)
followed by [Enter]
to display that message.more
or less
. At the pagination prompt, type h
for a list of
pagination commands (pagination commands are different from mail
commands). Inside the pagination program, if needed, type q
to
quit the pagination program and return to the ?
or &
mail
program prompt.d
to delete the current message.q
(not x
, which won’t save your changes).
The CLS currently returns your undeleted EMail back to your spool folder
so it will be there the next time you type mail
.The above mail programs are fairly rudimentary. If you are a power user
and want to learn a proper text-mode Linux mail program, I recommend
using mutt
instead. (Ian! uses mutt
as his
regular mail client.)
Notes on how three mail clients handle undeleted messages:
- For the S-Nail version of
/etc/s-nail.rc
determine whether undeleted messages get moved to filembox
in your HOME directory or kept in your mail spool folder.- For BSD
mailx
, options in/etc/mail.rc
determine whether undeleted messages get moved to filembox
in your HOME directory or kept in your mail spool folder.- For GNU
mailutils
, any undeleted read messages will be moved to the filembox
in your HOME directory. Unread messages will remain in the system spool mailbox location.The CLS currently returns your undeleted EMail back to your spool folder so it will be there the next time you type
All POSIX-compliant
mail
commands can send off-machine EMail text
messages using the same basic command line syntax:
$ mail -s "This is the subject" user@example.com
This is a text message, being read by the mail program from standard input.
To finish the message, you need to send End Of File from the terminal via ^D
^D
$
$ echo "Meet me at home." | mail -s "Meeting place" user1@example.com
$
$ who | mail -s "Here is the who list" user1@example.com user2@example.com
$
The mail
program reads lines of message text from standard input
(e.g. from your keyboard or from a pipe) until EOF, and then sends that
text message to that user (or to multiple users).
If you don’t provide a Subject line with the
-s
option, most mail programs will prompt you for a Subject line. Some also prompt you for a Carbon Copy (Cc
) list of recipients. In some mail clients, while typing a message on standard input, lines beginning with a tilde character (~
) can call up commands to edit the message: see the man page.Do not send images or other binary data on standard input using these simple mail programs. Send only text. If you want to send binary data by EMail, you need to encode the binary data as text first, or use a better EMail client that can do this for you (e.g. the
mutt
EMail program).
mailq
Mail messages sent to users on other machines from the CLS can fail to be sent either because the SMTP port on the other mail server is down temporarily (perhaps because the mail server is down), or because the machine name used in the EMail address is not an SMTP mail server at all (user error), so the SMTP port will never be open.
To see the queued EMail messages on the CLS, run the command: mailq
The mailq
command shows you the queue of all undelivered mail messages
for all users on the machine. (RTFM for more details.)
An outgoing EMail to a server that does not run any EMail service will
sit in the outgoing queue on the CLS for some period of time, usually
five days, until it times out and gets bounced back to your CLS Linux
mailbox under /var/mail/
.
If you see EMail messages of yours queued to incorrect servers that you want deleted right away, you need to get super-user help. Only super-users (your instructors) can delete queued mail messages.
Provide the super-user with a list of your queue EMail IDs that you
want deleted. The super-user will use the postsuper -d
command and
one or more queue IDs to delete specific queued outgoing EMail messages.
public_html
IndexIf you create a directory named “public_html
” in the home directory
of your account, and make it readable and searchable by “others” (the
default), any publicly readable files you put there will be visible
to the web server, and anything inside that public_html
directory
can be browsed (e.g. in Firefox) via a URL similar to this one:
http://cst8207.idallen.ca/~abcd0001/
Replace abcd0001
by your own account userid. There is a tilde character
preceding the account userid, above. For example, for userid idallen
go to this URL: http://cst8207.idallen.ca/~idallen/
The URL syntax above will work to see your CLS web pages from anywhere on the Internet. You can send this link to your family. You can also validate your HTML and CSS pages for errors using this URL.
Note that the public_html
directory name does not appear in
the URL; it is added by the web server when you specify a leading
tilde in front of the account name in the URL. The URL component
/~abcd0001/
is expanded by the web server to look in Linux path
“~abcd0001/public_html/
”, and Linux expands the leading “~abcd0001
”
to be the home directory of the abcd0001 account, which is usually
/home/abcd0001
. So URL path /~abcd0001/
usually expands to be Linux
path /home/abcd0001/public_html/
.
Example: the Unix/Linux file path ~abcd0001/public_html/one/two.txt
(i.e. /home/abcd0001/public_html/one/two.txt
) can be found at this URL
(note how public_html
does not appear in the URL):
http://cst8207.idallen.ca/~abcd0001/one/two.txt
You do not specify the “public_html
” directory in the URL; it is
assumed automatically by the web browser. You do need to remember
to use “public_html
” in your pathnames when actually copying files
to/from the Course Linux Server. (The web server only looks at web
pages that you keep in your public_html
directory.)
Only directories and files under public_html
that have public access
for “other
” will be able to be viewed in the web browser. You must
make sure the files and directories allow public access.
Directories under your public_html
directory must be readable and
searchable (not writable!) by “other
”. Files under your public_html
directory must also be readable (not writable or executable!) by others.
Inaccessible files and directories will generate “Permission Denied”
errors in your web browser. Files and directories with unwanted “write”
permissions will allow other users to delete or erase your web pages.
Don’t do that; you will lose marks for poor security.
I back up your HOME directory regularly on the CLS (currently every
30 minutes). If you delete or change a file, you can probably get back
a previous copy. Read the file /idallen/backups/README.txt
on the CLS.
If you use the VIM editor, you may find hidden .*.swp
files in your
account that contain the latest version of a file you ware editing.
To learn about this file recovery feature in VIM, start VIM and type
:help usr_11
or from the command line, try either of these to get file recovery help:
$ vim -c ':help usr_11'
$ vim '+help usr_11'
or use a Web browser to read https://vimhelp.org/usr_11.txt.html#usr_11.txt
When you are connected to a terminal session on the Course Linux Server, you can find a searchable copy of all the CST8207 Class Notes files for multiple terms under CLS Linux directory:
~idallen/public_html/teaching/
The Linux shells will expand a leading tilde character (“
~
”) in front of a user name~idallen
to be the home directory of theidallen
account, which is currently/home/idallen
, but could change, which is why~idallen
is better than/home/idallen
, since~idallen
is always correct.
Under the above directory on the CLS, pick the sub-directory corresponding
to the course, and under that course directory pick the current term.
The class notes are stored in a notes
sub-directory under the term.
You can search the text files under the notes
directories using shell
GLOB patterns with grep
or fgrep
to find things quickly. It helps to
have short symbolic links to the notes directories created in your own
account HOME directory, so that you don’t have to type the long absolute
pathname every time. You can use the link command ln -s
to make
these symbolic links:
$ cd
$ rm -f oldnotes newnotes
$ ln -s ~idallen/public_html/teaching/cst8207/18f/notes oldnotes
$ ln -s ~idallen/public_html/teaching/cst8207/19w/notes newnotes
The symbolic links you create, above, in your own home directory make
it easier (shorter) to search the various notes
directories without
having to type the long pathname every time. Make sure you use the
correct year and term in the symbolic links pathnames.
Now you can use these symbolic links in your HOME directory as short
pathnames into the respective notes
directories. Use shell GLOB
patterns to select the text files in the notes, via the symlink:
$ ls oldnotes/*.txt | wc -l
90 # number may differ for each school term
$ ls oldnotes/*.txt | head -n 2
oldnotes/000_README.txt # files may differ for each school term
oldnotes/000_network_diagnostics.txt
Use the same GLOB patterns to search the notes using fgrep
with various
useful options such as -i
and -l
(RTFM):
$ fgrep -i -l "recursive" oldnotes/*.txt newnotes/*.txt
[... list of about 20 file names (no content) print here ...]
$ fgrep -i "recursive" newnotes/*.txt
[... about 44 lines of file content print here ...]
The options used above (RTFM) change the way the text searches are done and what output you see. Use the correct options for the results you want. Make note of the options in your List of Commands You Should Know.