So far I’ve spotted 2 APs in the Masters area, and another AP in the SIT lecture theatre. All you have to do is to find the access point (named “usyd”), and connect to it. Then, you can connect to the internet via VPN or SSH, just follow our tutorials.

ET

You will need an SFTP client.

Windows: FileZilla

Mac OSX: Cyberduck

All Linux distros should be able to connect by SFTP without additional software. Try typing sftp://user@host into the location bar of the file manager.
Connnect using

Host: ftp.ug.it.usyd.edu.au
Username Your SIT username
Password: Your SIT password
Port: 22
Protocol: SFTP

Make sure you connect using SFTP (port 22) rather than FTP (port 21). FTP is very insecure and will transmit your username and password unencrypted over the network.

With any of the above clients you should be able to bookmark the URL so you don’t have to type the hostname every time. Once again, make sure you choose SFTP for security. You can optionally save the password locally.

The instructions in the SSH Tutorial are for use within any unix environment. It’s a good idea to read this anyway, as chances are you’ll be logging in to a Unix SSH server.

SSH Public/Private Keys

In a standard installation of PuTTY, there is a tool named PuTTYgen. This is the alternative tool to the Unix ssh-keygen command which generates a public/private key pair.

Generating the public/private key pair

When PuTTYgen is run, you will be presented with a dialog box that asks you to move your mouse over the it to generate some randomness. All you need to do at this stage is move your mouse so that the cursor moves over the dialog box. Continue to move the cursor until the progress bar reaches 100%.

Afterwards, click on the “Save private key” button to output your private key to a .ppk file. Store this file in a safe location on your computer. Click on the “Save public key” button to output your public key to file. The contents of this file is equivalent to the id_rsa.pub file generated using ssh-keygen, which should be appended to the ~/.ssh/authorized_keys file on the SSH server.

Using the key/pair

To use a generated key pair when you connect to a server, you will need to reference the private key (.ppk file) when you configure the PuTTY SSH session.

Starting PuTTY, you will see a hierarchy of settings on the left hand side of the window. The settings page that we are concerned with is located under Connection > SSH > Auth. When you have selected “Auth”, you will notice that the settings page on the right hand side will change. Click on the “Browse” button for “Private key file for authentication”, then locate and select the .ppk file you have generated earlier. After the key is selected, your connection to the server will then attempt the public/private key authentication method.

Optionally, you may provide a default username to enter when you connect to the server under “Login details” on the page at Connection > Data.

Web Proxy Port Forwarding

See the background information on the SSH Port Forwarding.

Choose a host to connect to using SSH, e.g. congo1.ug.it.usyd.edu.au (or just congo1) on the standard port 22.

Go to Connection->SSH->Tunnels and set: Source port: 8000 Destination www-cache.it.usyd.edu.au:8000 Don’t forget to click add!

Click open at the bottom to start the connection. Now you can set your browser to proxy through localhost:8000 and it’ll go through the SIT web cache.

Please read this page in it’s entirety. It’s very useful to understand how these techniques work.

Background

SIT means School of Information Technologies. This tutorial will only be useful if you’re an SIT student. UCC means University Computing Centre. They do lots of things, including supplying wireless networks for people to connect to throughout the university.

If you connect to a wireless network in a building like Wentworth, chances are it’s the UCC network. They supply a rather annoying (to me) VPN client which you’re supposed to use to access external sites through their wireless.

A proxy, for our purposes, means a computer that has greater network access than you, and can make requests on your behalf and return the result.

Procedure

The UCC wireless gives you limited connectivity without their VPN client. Thankfully this connectivity includes the ability to SSH to computers on the SIT network.

The SIT runs a web proxy, which requires an SIT username/password and allows access to web pages on the internet. The server is www-cache.it.usyd.edu.au and runs on port 8000. These are the settings you use when you’re directly connected to the SIT network, eg using a computer in the labs.

Note that your SIT internet quota is separate and in addition to your UCC quota. So if you’ve run out of your SIT web quota, you can still connect to the internet using VPN, and keep surfing the net with your UCC internet quota.

You cannot connect directly to the SIT web proxy from the wireless, and you cannot SSH directly to the SIT web proxy. However you can SSH to one of the congos, say congo1. SSH has a nice feature called TCP tunneling. Basically what it does is allow you to forward connections to a port on your computer (localhost) to a port on a remote computer, through an SSH connection. Here’s a diagram:

You connect to congo1 from your laptop.

[laptop]  <-ssh connection->  [congo1]

You want to use congo1 as a proxy to connect to the SIT web proxy. Nice eh?

         (forwarded connection
          piggybacks over SSH)
[laptop]  <-ssh connection->  [congo1]
                                | (forwarded connection)
             [www-cache.it.usyd.edu.au]

Details

Individual forwarding command:

ssh -L 1234:desthost:4321 userXYXY@proxyhost

To set this up, you run one command. See above for details on the options.
ssh -L 8000:www-cache.it.usyd.edu.au:8000 userXXXX@congo1.ug.it.usyd.edu.au
Now you have an SSH tunnel. Whenever you connect to localhost:8000 the connection will be forwarded through congo1 to www-cache.it.usyd.edu.au:8000

So you need to configure your web browser to use as the proxy: Host: localhost Port: 8000

This can be simplified by using the ssh config file (see see SUITS tutorial) instead of typing out this long command.

Host sitproxy
    HostName congo1.ug.it.usyd.edu.au
    User userXXXX
    LocalForward 8000 www-cache.it.usyd.edu.au:8000

Which can then be used via

$ ssh sitproxy


Jabber (Google Talk) Quick HOWTO

The SIT network allows unproxied outgoing connections on port 443 to all hosts. This port is usually used for HTTPS, that’s secure HTTP. Many Jabber servers (google talk, jabber.org.au) also listen on this port.

You can take advantage of this by proxying your Jabber connections from the UCC wireless through one of the congos. Run this command for google talk, or modify it as appropriate for your Jabber server.

ssh -L 5222:talk.google.com:443 userXXXX@congo1.ug.it.usyd.edu.au

Then go into your Jabber client and set it to connect to a specific host/port. Host: localhost Port: 5222

Postgrad Account

For those with a postgraduate account, you can connect through a postgraduate server, avoiding the proxy/download limit issues.

This page documents the OpenSSH software installed by default on almost all Unix operating systems. Including Linux and Mac OS X. Please see SSH PuTTY for information on using SSH on Windows.

Connecting to a remote host

To connect to a host, say congo1.ug.it.usyd.edu.au on the SIT network, you can type a command like this:
$ ssh user1111@congo1.ug.it.usyd.edu.au

Since the server is in the School of IT, locally the command:

$ ssh user1111@congo1 also works

It is also possible to implicitly specify the username. Eg, if the account you’re logged in to at the moment has the username userXYXY, then typing these two commands are equivalent:

$ ssh userXYXY@host
$ ssh host

You can type exit to end this effect.

SSH Public/Private Keys

Basic Principles

You generate a public/private keypair. The private key, as its name suggests, should remain on your computer, and not be shared with anybody. Your public key can be given to other people. Anybody who has your public key can encrypt a message such that it can only be decrypted using the matching private key. You can trust that this works.

For a more thorough explanation, see the Wikipedia article: Public-Key Cryptography

Generating a public/private key pair

What does this have to do with SSH? Well, for each computer account you have, you create a public/private key pair. Do that with this command:
$ ssh-keygen -t rsa -b 4096
That means create a 4096 bit RSA key. Answer yes to all the prompts. I generally don’t bother setting a passphrase. This will then mean you end up with these two files:

~/.ssh/id_rsa # Private key
~/.ssh/id_rsa.pub # Public key


Using the key pair

You now need to create a file called ~/.ssh/authorized_keys. In this file you put a list of the public keys that are authorised to connect to this account without a password.

Example: On your home machine, create a public/private keypair. Log in to your account on the SIT machines and create a file called
~/.ssh/authorized_keys
You may need to create the directory ~/.ssh first. Note that ~ (tilde) means your home directory. Put the contents of the public key you created on your home machine into the authorized_keys file on the SIT machines.

Now you can connect to the school computers without a password.

SSH Config File

There’s a wonderful file that few people use: ~/.ssh/config

You can look up documentation for it in the manpage ssh_config. Here are some examples of things that can go in there:

# This is a useful rule that lets you log in to congo1 by just typing
# $ ssh congo1
# instead of
# $ ssh userXXXX@congo1.ug.it.usyd.edu.au
Host congo1
    User userXXXX
    HostName congo1.ug.it.usyd.edu.au

# Another useful rule for setting up X11 forwarding
Host ugrad
    HostName congo1.ug.it.usyd.edu.au
    User userXXXX
    ForwardX11 yes


Once you have an alias like congo1setup, this alias can be used in scp too. For example, to copy a file called foo from userXXXX’s home directory into the local /tmp directory:

$ scp congo1:~/foo /tmp/