 Okay, so I'm going to talk about remote machines and a lot of things that shouldn't know about them. First thing, just to visualize, this is for me for a time in the end. You cannot really get one in macOS, but they're like the sub-approximation, which is for some of the end. But you can say that I'm creating new windows, and it's rearranging everything, so I can see 100% of my stuff. You can mess up what you messed up with, move around automatically, and it's really convenient sometimes. But the thing I'm going to focus right now is going to be talking about remote machines. So if you have a developed software, this is a high-tent at some point, either for your homework or because you were working at a company, you end up not using really your computer because you're really, really great at writing code, but it's probably the best thing if you want to have a web server that needs to run 24-7, it's not cool if it's closed because you're sleeping. Or if you need a computer that has 100 CPUs, you can run your simulation of fluid dynamics. So a lot of the time you can customize a lot of work you're doing with your machine, but then you have 2 SSH into this machine, and it's not configurable, and you don't know how to set up stuff so it works. So I'm just going to go with some really common things that you can pay off now and now. So the first thing you need to know is that you think you will need to be using SSH. What I'm going to be using for the class is not a remote work server, so one thing is if you don't have access to a web server, it can be kind of debugable and stuff. But really cool thing is you can create a computer within your computer, you can cover this in the reverse class, you can have a VM, and the VM will have some IP address, you can SSH into that. The only thing you need to do is you need to have some VM on the SSH server that will be listening for the clients that want to SSH in by default. The link doesn't come with this, but you just install it. That's one of the exercises. There's this process here called SSHD that is running and is listening by default on the port connection. So now once we have that, we can just figure out what is the IP address of this machine. This is the loopback that I've been talking about in another lecture, and what we have here is the interface to my machine, so I can just go ahead and say, let me SSH into the machine, ask me for my password so it doesn't authenticate. And I'm in, and I have this completely different and I'm like weak in the machine. And here we are in a cell, and we can just type commands and go right away. However, SSH is significantly more powerful than that. You don't really need a lot of time to just SSH type a command. You won't maybe only care about the output of that command. So one thing that you can do is you can specify what you want to run when you do that. So here we have the password, and what this is doing is like this SSH is executing the command, is getting the output of that command and is getting it back to the standard output. It means that SSH, you know, this kind of like re-interactive tool is like, you can place like SSH within like pipes. For example, let's say we're here and we can, we want to grab the output so we get like those things that start with have like those, something. And it will go through and like this is like a lot, like it's listing the remote folder and then it's grabbing locally. You can also do the invert, like we can like list the contents that are like in my home folder and then pipe that into SSH and grab cannot be sent in. And therefore all the files that start with the O. So what this is doing is listing the my local folders and I don't know how because I like the wrong address. Let's say this is history. If I do that, that's going to be so much fun as well. So what this is doing is, that was the same, but it's happening in a different thing. This is doing is listing the home folders in my computer, then getting all that output, keeping it through SSH and then running red on the SSH machine. So this console, you can pipe things in amount of SSH. As you have already seen, it's asking me for my password every single time. And that gets like really, really awkward really fast. The way programs have solved this issue is using SSH keys, which if you have already kind of set up something to like get half accounts so you don't have to enter your username or password every time you like push and pull, you probably have a worry. So the way this is our place, there are like within this hidden folder called the SSH. And for the most recent purposes, you have to move mine, but probably you maybe only have like non-posts if you have SSH, which you don't see, do any machine just using your password. Yes, for example, right now, what that file contains is that we just SSH into the VM and it has all these things that specifies that we have agreed SSH, they are not authenticated and we know that. So even someone tries to fake being this person like SSH tweeted, like sometimes you have reinstalled a new server and the geographic key has changed, SSH will tell you something has changed, you may see that, for example, reinstalled a server and you will see it. And the other thing is the SSH config that we will get at the end of the lecture. So let's say I want to create that pair of keys, the pair of keys will be what we want to do is do something like SSH, key name, for example, this is specifying one RSA key, you can also have like an entity core keys and second bodies kind of the size of the key. So I can do that, it's going to generate the pair, it's going to ask me where to server it, the capability, then it's going to be asking me for a password. And this is important because it's really easy to just like go through and specify a password, but that means that like right now that file, if anyone gets out of it, that person has the password for any server where you copy your keys over, right? So we add that kind of depending on where to remove that, will we find it or will we not find it? Because it's like someone that has the value that has the key, we have access to like any server you want to SSH it. You can specify a password for your key, that means that like every time you want to use your key, the key needs to be encrypted, so it can be used, so that it will effectively be asking you to use your password. But we're back to the original problem again, right now I have these really good keys, which are convenient for some of the reasons when I get to, but I can still have to do the passwords. The proper solution that I'm not going to configure now right here and I think I'm really hearing, because I already had some previous setup, is using SSH 80. SSH 80 will ask you for your password once, and you will remember within a SESC, and you cannot give a very kind of example, so you can relate to it. Think about Sudo, when a lot of times you want to use Sudo, and like it asks you for the password once, and then remembers for some time, until it ends up, this will do the same. But for now I have no specified passwords, which means that if I copy my file over the server, I will be able to use SSH without entering my password, because I will copy my public key, I will keep my private key, and that way I will be able to authenticate the scene that I'm the person that copied the key, and go over to SSH 80. So to do that, you can do something really rudimentary, you can do something like, cat in the ssd file, and say I want to access like, copy the public file in the ssd file, you always get the public file, the public key, and then we SSH into this machine, as some user, because depending on which user you choose, you will be copying the key for that user. And then here we can do something like, so you can do something like that. Output is key is what the server is going to be looking when you keep your key, that one is going to be looking. The thing is, you can get some curious, there's already a really new tool called SSH copy B, that will kind of do the thing, so you don't override, instead of appending, you might override, and the server just lost all the history of previous, non-service, SSH copy B will do that for you, and specify different keys to be copied out. So if we do that as a search for a password, now has added the keys, and now I can try to SSH again, and hopefully things are going correctly, I go through it, and without having to put my password, and since I didn't specify a password for the key, then add me for it. The predictiveness, any questions from up? Another thing that you can find yourself doing all over again, is if you have remote server, you're probably adding the files, maybe you're adding the files there, but maybe you have to transfer your data or your code that you already have, so you need to know how to copy files over SSH. You can do this with your inventory, you can remember we have a great, let's say for example, let's go with directory, and create a really simple file, or local text, right? One thing we could do is just like, oh, we can cut this file, SSH there, we can SSH there, and then there we can just T into some, let's say five or something. So what this is doing is typing the file, then open an SSH connection, and then T, if you remember from the data running lecture, is both outputting to the STD out and also to the file. So you can do something like this, and you will work. But probably if you are copying a large amount of files, it gets really bad because then suddenly you have to find all those files, and I'm hoping all of them, there are better tools for that. So in the same way in your computer you will do CP from folder one to folder two. When you have an SSH connection, you can do secure copy, which is SCP, that's what it stands for, and you will do something like folder one, do, and then specify the user, the server, and then where the file, where you want to copy your files over, and you will have to specify that you want to copy just a single file, you want to copy things recursively, etc, etc. One other thing about SCP is that it doesn't, the same way that SCP doesn't know about files that are already there, I think we will recover this in the common land environment. If you are copying a large amount of files and only a few of them have changed, SCP, we won't care. It will just start from the beginning, start copying all over the wire, and that's maybe what you want to do, but a lot of the time, if you are kind of transmitting a lot of files over the network, you want to probably use RC that knows, like, A has a very understanding of if you want to copy same things, if you will know about all the files that are already there and not to copy them, it will also be able to resume, you have to transfer, say, a hundred gigabytes, and that really large files, and in this interactive hard way, RC will be able to figure out what are the times that have already been transferred and resume from that. That's a great handy tool. Next thing, oh, another really common scenario, for example, I can SSH into the VM, and maybe, for example, I want to leave some really long process running. And it will be running, but as soon as I close the security, and as soon as I close the connection, it's gonna die. And depending on how the server is set up, depending on how the server is specified, even if you cannot background it, when the parent process, which is the cell dies, it can take away, like, if sometimes it's the process itself, or sometimes the permission to access files that the parent process have permission to. So, you can do things like background it, and then, like, this only, and things like that. There is, like, a really simple solution, which is doing that, like, not how it kind of takes care of doing all this for you. It will kind of remove the dependency from parent process to child process, and it will background it properly. And the way you can just normally sleep for 100, you can close the connection, we can do where we want, we can get back in again, and when if we search for that process, it's still running. And then, though, you are using some interactive tool, say, really, like, a top, for example, that is displaying you all these values. And if you close your connection, and then resume, maybe you can figure a way of having top, like, the background, or if it seems like a problem that has, like, a behavior, like, oh, but, like, it's going to be tricky to kind of re-attach the output of the program. You can play it to all, but, again, if you have something like an anchor space that is redrawing the entire command line every second or so, it's going to be really easy. For the thing where you can use are called terminal multiplexers. Terminal multiplexer kind of creates a window with no window, and then you have, for example, screen. It looks like nothing has changed, but right now we're in a, in your cell, like, an execute top here, for example, and I can beat that here, like, beat that. Now we're back to the previous cell, we can close the connection, SSH again, and say screen minus R, stands for, like, resume the connection and top is speed running. So if you have, like, some long-running job and something that you've already tried it, it can be really convenient. And also, you have probably seen all of us at some point, like, you've seen something slightly more advanced, which is T-mox, which screen has really basic kind of splitting capabilities. T-mox, a little bit more powerful, allows you to kind of speed the other side and you can create new tabs, like, for example, you can leave, like, top running here too and then you can beat that, can really get out and again, I can just do, like, T-mox A for a touch and I get, like, the same layout that I have before, and I can easily navigate. And if you're, like, like, for example, for my research, I ended up having, like, T-mox, I mean, in the normal style, like, the GPUs that you use for training models, and it just becomes much, because otherwise, you just go and say, like, they're opening a lot of connections or, like, just trying to have a way, or even if you lose connection, everything now keeps working. Any questions or not? Next thing, the next thing is sometimes you might have a program, this is probably from the beginning somewhere you can have, like, some programs will attach themselves to it. So, for example, you have, like, a web server probably attached to the port 8, which is the default for, like, HDB, or they have, like, a SSH server really, like, attached to port 22. Sometimes, if the finger running is going to attach to the remote web server, you're not going to be able to navigate. Like, if I have, like, a remote server, like, a web server, even if you're seeing, I can just go to, like, a local host 80, and, like, that would work. But if you are doing that in a remote machine, another remote machine is not publicly available through the Internet, which is the case for most machines, because, like, like, nobody here don't like machines being just, like, out there in the wild. It's, like, a lot of security you have to figure out how to properly do that. You will probably have a lot of the ports to go through, like, openly through the Internet. The thing you want to do in that case is to do port forward. And I have, I think, listed in the in the course website a really good graphic that, like, kind of explains the things that you can do with them, because you can get, like, this, like, hairy, exact thing. So, over here. So, they're, like, both a local port forwarding. What you're saying is when I try to go to a local port in my machine, like, in my laptop, forward that traffic to the remote machine. And you have the inverse, which is forwarding, which says when the remote machine tries to go to some local port, like, to some, like, just forward that to my machine. So, and now I'm going to give, like, a sort of example of, for example, a really common thing in, you know, scientific computing is you maybe want to do, like, Jupyter notebook. And Jupyter notebook, we, by default, attach to port 88888. But we cannot access easily this machine. So, what we need to do is we're going to stop this, and what we need to do is, when we are SSH team, we're going to specify that we want to forward the 9999 port of my machine to the 8888 port in the remote machine. And now, if we do that, and we run the notebook, we still get this value, and if we navigate to our browser, if I try to type this here, that doesn't work all right, because this is the 888, and I'm forwarding to the 999. And if I do that, I'm right now getting in this browser, this is going through SSH and accessing the 888 port of the remote machine. You can look even more forward to the stuff I'm not going to read into, because you have to edit somewhere more fine. But, for example, say your, like, your work is loading credit, like, for example. You're going to specify, you're going to create, like, an SSH tunnel, and specify in your, like, host configuration files that every time you try to go to credit.com, that traffic, instead of going directly from your computer, gets forwarded through that SSH tunnel and goes from, like, the server. And the in-birth, for example, will, for example, have, like, something like sublime. And you want to sublime, which is more hierarchical, to edit remote files. You can do remote forwarding, which will mean that the remote server will try to access a port, a local port, and that will get forwarded to your computer where doing, say, which changes are being made to the file. You cannot have a local and remote that are useful in different scenarios. Any questions? Is there any permanent way of forwarding the port? Martin, is that the Zara level? Define permanent. Define permanent. Okay, okay. Instead of SSH-ing through to the remote machine every time by specifying the ports that want to forward, is there any way to keep that configuration in a remote machine or in a local host? The thing is, if you keep disconnecting that, like, that connection is going to interrupt, like, no matter, no matter what. So, like, you can have, like, something I'm not going to, I think, like, something like auto SSHs, that we keep, like, reconnecting every time that dude, like, disconnect and you can have, like, some background process that, like, keeps linked with that group. But I haven't grown into that scenario. Yeah, I mean, it really depends on what you mean by always, because the port forwarding happens over your SSH connections, basically multiple, like, same stuff on your single connection, right? So if your connection goes away, all the forwarded connections are also going to go away. There are ways you can say that whenever I SSH to this machine I want to also forward a port. And so if you look at your SSH config, from memory I think you can configure it there to say that always forward the port. And so that might be what you want. I don't think there's anything that will, like, ensure that you re-establish those connections. That's sort of this permanent port forwarding. I don't think that's the case. The next thing is, sometimes you run into, like, some support that is not brilliant to be kind of easy interactive to, like, the online or, like, to rely for some reason or some graphical user interface. One thing that you can always do is do this. You probably have seen these tools where you're doing, like, some remote desktop. Like, you can have, like, what is happening is the remote server is kind of capturing the entire desktop environment and sending it back to you or, like, the deltas more or less. And you have the local software is capturing all your items and sending all that back. But maybe you don't even want your, like, remote server to run, like, an entire desktop environment. So one really thing that you can do is that, like, you can build the SSH to do what is called graphics forwarding. And in Linux, the default environment, which is, like, X11, which can also be installed in Mac, allows you to kind of make the remote server kind of provide all the graphics through the SSH connection and for that to be rendered in your login chain. So, for example, if I specify here the minus X flag and ASSAs and I would be others properly. There we go. And we try to do now pypods, for example. It's going to open here a pypods. And that pypods is not immense. That pypods is going to be forwarded through the SSH connection. And normally I can move it around. I can, like, ask things in the server and that, like, can be convenient. So if you have some server that doesn't really place nicely with the command line, you can do, like, forward the entire thing. And often for that to work the SSH server has to have that enabled. Although I think, by default, most distributions that, like, support the SSH server will have that enabled, like, you have to count, like, some sys admins might be disabled for some reason. Giving back to your point, you can, you know, really have a really good way to have, like, a roaming forwarded. But there is a really good way of having, like, a roaming forwarded. So there is this improvement on top of the SSH, which is called MOS, or a mobile cell. And MOS is slightly more intelligent and will be able to figure out when you have this connection. So say you, like, close your laptop and go home and open your laptop again. Like, A, you're connecting to the server as interrupted, and B, you maybe have to change your network. But, like, MOS will be able to do that. And I can, like, do it here. It will also, like, one of the nice things of, like, SSH keys, now I'm using MOS, which is a very different from SSH, but we also know that it was SSH keys, and I didn't have to put that in the puzzle, because it's usually the same as SSH keys. So I can be running here, something, again, really simple, like, put on the top. Now I can come here into my VM, and I will say, well, maybe I'm going to put, like, a network output in my VM. And, like, the network just dropping my VM. And MOS, in a couple of seconds, should tell me that, like, there was, like, some contact was lost. It tells me there, and, kind of, this is what it's doing right now, and now, like, SSH, right now, we just, like, have closed the connection. But now, if the server comes back up, or, like, the network outputs, it appears MOS continues moving. This is in the first couple seconds. And, again, if you, kind of, move all your environment, like, your editor or your file management to become online, it could be really moving, because you just have, kind of, a permanent connection to your servers. It doesn't work. Unfortunately, MOS doesn't work with, like, 4x or graphics. The last thing I want to cover is the SSH. The SSH compare. We'll get that upon it, but, like, as you have seen, you can end up having, like, a really crazy thing where you can say, oh, maybe I want to do a bunch of stuff through SSH, and you start getting a really good comment. Like, maybe you even want to specify which SSH key you want to be using. And then what user here you're having in the machine, and maybe what the others of the machine it is. And you're, like, you don't want to be typing this thing over and over again. One idea is maybe I could just pollute this entire thing. So, just, like, instead of hunting to type the entire thing, it's, like, the end. This is a better alternative. The better alternative is using the SSH compare. So there's, like, this file here, which is the compare file, which I have just put in the whole thing for the excellent forwarding. But we can just repart the language in host specifications. For example, we can say oh, the user I want to SSH with is Puba. And the host name is that address. And the port I want to SSH to is 22. This is, like, a different one. On the identity I want to use is the SSH or even you can specify the remote forward or specify where you say oh, 999 is forwarded before 888. You can also, as you've seen, have, like, an asterisk on top, but, like, you can't even pass our mats to, like, domains. You can say, oh, I won't save, like, every time I SSH into any I want to be using a different user because I want to use my keywords, which is Puba, for some reason. Like, the SSH1P would figure all that out and now instead of typing a lot of things I just type SSHBM and again the VM and the remote forwarding is done and everything is working. Another great feature of having, like, a proper configuration like SSH1P is not only SSH it's using. Like, all the other programs, like SCP and MOS, we know about these things. You can easily, like, say, oh, I want to MOS into VM and we know. Just figure something to go to the file, read that out, and just and then you want to be careful, like, the SSH1P, in a way, it's a dot file and depending on how paranoid you are you may be fine including that if there's, like, not anything to do with it, but maybe you don't want really people to know these services you are SSH1P. So, bear that in mind when you are, like, including it or not including it into your dot files. The last thing I want to cover is, like, an extra corner case is that sometimes you have, like, some software that you want to be running locally, but doesn't be playing naturally with SSH1P and wants to help, like, some playing higher. Like, wants the things to be as files in your, like, folders in your local file system. What you can do for that is using something like SSH2P, where you can say, oh, let's let me go to laptop, I can make folder controls and I can do something like that. I want to mount what this is saying is I want to mount the remote folder of downloads that is placing the VM host to the local downloads folder. And I do that and right now I can just go into there and it's empty and I can just create, like, a simple file and now if I go into the VM and I like a file explorer and I go into downloads there's the file experience. And, like, if some software, like, you play sniping, like, all of the SSH2P a lot of software will do but if not, you're going to still mount the entire card. Like, even here we're going to see, like, the file as a local file and that's what you're going to have to do. You just unmount it as, like, any you wouldn't mount any month drive indeed, I'm sorry. I think that covers pretty much three months. There's one more thing that's handy to know about and that is something called proxy jumping. So very often, if you're SSH2 a machine, it's like behind a firewall so you need to, this happens a lot in MIT, for example, where you can only access this machine if you're all in the internal network. You could set up a VPN, of course, but setting up a VPN can be its own kind of painful and so often there will be, what's known as a SSH host. This is basically an SSH host that you are allowed to SSH from any external service. For MIT, this is login.csl.mit.edu or dialog.mit.edu. These are externally visible SSH machines and once you have SSH2 those, you can then SSH from those to whatever machine you want to go to. So, of course, for these cases, you can SSH to that machine and then type SSH again but now it becomes really awkward to do like either type in your password on this remote machine or you have to do agent forwarding which basically gives the other machine access to your private key, neither which you might be okay with. So the more recent versions of SSH have support for something called proxy jump where you can say, I want SSH to this remote machine through this machine and it will never show your key material to the machine in between. And in fact it means that, let's say that I have host A and B and I have to SSH through A to get to B. I can set up a proxy jump and then on my machine I will just type SSHB and it will do the right thing. You do this by in your SSH config file. You declare a host called A, you declare a host called B, whatever settings you want for usernames and identity files and ports and that kind of stuff. And then on B you would add the line proxy jump A. And now all you have to do is type SSHB and it will do the right thing. So I need to know about it.