Difference between revisions of "Network Questions"

From CS Support
Jump to navigation Jump to search
(Created page with "<div id="FileServer"></div> == What network storage is available to me? == All CIS users have storage on the department file server. Anything you place in your home directory...")
 
 
(38 intermediate revisions by 3 users not shown)
Line 2: Line 2:
 
== What network storage is available to me? ==
 
== What network storage is available to me? ==
  
All CIS users have storage on the department file server. Anything you place in your home directory is backed up nightly, with revisions stored going back six months.
+
All CS users have ''home directory'' on the department file server to store files. Anything you place in your home directory is backed up nightly, with revisions stored going back six months.
  
On department linux systems, your home directory is automatically mounted as $HOME.  The full path to your home directory can be found if you use the <code>finger</code> command on yourself on any linux host.
+
=== Linux Systems ===
<code>
+
On department linux systems, your home directory is automatically mounted as <code>$HOME</code>.  The full path of your home directory can be found using the <code>finger</code> command on any linux host.
$ finger testacct
+
<nowiki>
Login: testacct                 Name: Testing Tester
+
finger testacct
Directory: /home/ugrads/testacct       Shell: /bin/bash
+
Login: testacct       Name: Testing Tester
Never logged in.
+
Directory: /home/t/testacct         Shell: /bin/bash
No mail.
+
Never logged in.
No Plan.
+
No mail.
</code>
+
No Plan.</nowiki>
In this case, testacct's home directory is <code>/home/ugrads/testacct</code>.
 
  
On department Windows systems, your home directory should be mounted as the U: drive.  If you are manually mounting a drive, use the URI <code>\\homefiles.cis.ksu.edu\<username></code> where <code><username></code> is your login.
+
In this case, testacct's home directory is <code>/home/t/testacct</code>.
  
If you need a large amount of space temporarily, you can request space in the transient volume (send an email to help@cis.ksu.edu).  There are no quotas on directories in this volume, but there are also no backups made of files here.  Support staff may also ask you to clean files out periodically to make room for others.  On department linux systems, your transient directory will be found in <code>/transient/<username</code>.  On department Windows systems, you can mount the share <code>\\homefiles.cis.ksu.edu\transient\<username></code> to a drive letter of your choosing.
+
=== Windows Systems ===
 +
On department Windows systems, your home directory should be mounted as the U:\ drive.  If you are manually mounting a drive, use the URI <code>\\files.cs.ksu.edu\<username></code> where <code><username></code> is your eID.
 +
 
 +
<div id="Transient"></div>
 +
== Transient Storage ==
 +
If you need a large amount of space temporarily, you can request space in the transient volume (send an email to [mailto:help@cs.ksu.edu help@cs.ksu.edu]).  There are no quotas on directories in this volume, but there are also no backups made of files here.  Support staff may also ask you to clean files out periodically to make room for others.  On department linux systems, your transient directory will be found in <code>/transient/<username></code>.  On department Windows systems, you can mount the share <code>\\files.cs.ksu.edu\transient\<username></code> to a drive letter of your choosing.
  
 
== How do I setup CGI on my web page? ==
 
== How do I setup CGI on my web page? ==
  
This question has been answered in the CIS UserGuide.  Please see the
+
Please see the page on [[Personal Web Pages]].
section on [[Personal_Web_Pages]].
 
  
 
== Why don't you have an FTP server? ==
 
== Why don't you have an FTP server? ==
Line 28: Line 31:
 
FTP is a ''very'' old protocol. It was designed before security considerations were a major part of protocol design. As such, passwords to the FTP server are sent in plain text---any clever user on the network can snoop your packets and steal your password. This would allow that user to gain access to your account, which is an unacceptable violation of our security.
 
FTP is a ''very'' old protocol. It was designed before security considerations were a major part of protocol design. As such, passwords to the FTP server are sent in plain text---any clever user on the network can snoop your packets and steal your password. This would allow that user to gain access to your account, which is an unacceptable violation of our security.
  
If you need to access your home directory from a remote location, there are two different methods for doing so. See the documentation in the CIS Systems UserGuide for Remote Access or in the FrequentlyAskedQuestions about how to access your home directory from a non-CIS computer.
+
If you need to access your home directory from a remote location, there are two different methods for doing so. See the documentation in the CS Systems UserGuide for Remote Access or in the FrequentlyAskedQuestions about how to access your home directory from a non-CS computer.
  
 
== How do I use HTTP authentication? ==
 
== How do I use HTTP authentication? ==
Line 35: Line 38:
 
follow these steps from a linux shell (you will want to change <code>passwordProtectedDir</code> to whatever name you want and use your own usernames).  <code><your_home_dir_path></code> is the full path to your home directory.  If you don't know what this is, use the finger command from the command prompt of any linux host ("<code>finger <eid></code>", where <code><eid></code> is your eID).
 
follow these steps from a linux shell (you will want to change <code>passwordProtectedDir</code> to whatever name you want and use your own usernames).  <code><your_home_dir_path></code> is the full path to your home directory.  If you don't know what this is, use the finger command from the command prompt of any linux host ("<code>finger <eid></code>", where <code><eid></code> is your eID).
  
<code>
+
<nowiki>
cd ~/public_html/
+
cd ~/public_html/
mkdir passwordProtectedDir
+
mkdir passwordProtectedDir
cd passwordProtectedDir
+
cd passwordProtectedDir
htpasswd -c .htpasswd user_who_gets_access
+
htpasswd -c .htpasswd user_who_gets_access
htpasswd .htpasswd other_user
+
htpasswd .htpasswd other_user
cat << EOF > ~/public_html/passwordProtectedDir/.htaccess
+
cat << EOF > ~/public_html/passwordProtectedDir/.htaccess
AuthType Basic
+
AuthType Basic
AuthName "Checking Password"
+
AuthName "Checking Password"
AuthUserFile <your_home_dir_path>/public_html/passwordProtectedDir/.htpasswd
+
AuthUserFile <your_home_dir_path>/public_html/passwordProtectedDir/.htpasswd
Require valid-user
+
Require valid-user
EOF
+
EOF</nowiki>
</code>
 
  
 
Now create any files you want in the directory and set permissions appropriately.
 
Now create any files you want in the directory and set permissions appropriately.
  
<code>
+
<nowiki>
chmod o+rx ~/public_html/passwordProtectedDir
+
chmod o+rx ~/public_html/passwordProtectedDir
chmod o+r ~/public_html/passwordProtectedDir/*.*
+
chmod o+r ~/public_html/passwordProtectedDir/*.*</nowiki>
</code>
 
  
If you would like your files to only be password protected off-campus, use
+
If you would like your files to only be password protected off-campus, use this command to make your htaccess file.
this command to make your htaccess file.
 
  
<code>
+
<nowiki>
cat << EOF > ~/public_html/passwordProtectedDir/.htaccess
+
cat << EOF > ~/public_html/passwordProtectedDir/.htaccess
AuthType Basic
+
AuthType Basic
AuthName "Checking Password"
+
AuthName "Checking Password"
AuthUserFile <your_home_dir_path>/public_html/passwordProtectedDir/.htpasswd
+
AuthUserFile <your_home_dir_path>/public_html/passwordProtectedDir/.htpasswd
Require valid-user
+
Require valid-user
Order Allow,Deny
+
Order Allow,Deny
# This restricts access without a password to the KSU network
+
# This restricts access without a password to the KSU network
Allow from 12# 130.0.0/16
+
Allow from 12# 130.0.0/16
# This restricts access without a password to the CIS network
+
# This restricts access without a password to the CS network
#Allow from 12# 130.8.0/22
+
#Allow from 12# 130.8.0/22
Satisfy any
+
Satisfy any
EOF
+
EOF</nowiki>
</code>
 
  
 
== Why am I getting 500 Interal Server Error on all my scripts? ==
 
== Why am I getting 500 Interal Server Error on all my scripts? ==
Line 83: Line 82:
 
<li>Your script must be stored in your home directory in the subdirectory named <code>public_html/cgi-bin</code>. You cannot place your scripts anywhere else.</li>
 
<li>Your script must be stored in your home directory in the subdirectory named <code>public_html/cgi-bin</code>. You cannot place your scripts anywhere else.</li>
 
<li>You must make sure that your home directory, the <code>public_html</code> directory, and the <code>cgi-bin</code> directory are not group or other writable:</li>
 
<li>You must make sure that your home directory, the <code>public_html</code> directory, and the <code>cgi-bin</code> directory are not group or other writable:</li>
<code>
 
 
  chmod 755 ~
 
  chmod 755 ~
 
  chmod 755 ~/public_html
 
  chmod 755 ~/public_html
 
  chmod 755 ~/public_html/cgi-bin
 
  chmod 755 ~/public_html/cgi-bin
</code>
 
 
<li> Finally, you must make sure your scripts are executable, but not group or other writable:</li>
 
<li> Finally, you must make sure your scripts are executable, but not group or other writable:</li>
<code>
 
 
  chmod 755 ~/public_html/cgi-bin/my-script.cgi
 
  chmod 755 ~/public_html/cgi-bin/my-script.cgi
</code>
 
 
<li> If you have problems, try checking the end of the logs for additional information while pressing reload on your browser:</li>
 
<li> If you have problems, try checking the end of the logs for additional information while pressing reload on your browser:</li>
<code>
 
 
  tail -f /web/logs/error_log /web/logs/suexec_log
 
  tail -f /web/logs/error_log /web/logs/suexec_log
</code>
 
 
</ol>
 
</ol>
  
Line 103: Line 96:
 
<li>Your script must be stored in your home directory under the directory named <code>public_html</code> or a subdirectory of that directory.</li>
 
<li>Your script must be stored in your home directory under the directory named <code>public_html</code> or a subdirectory of that directory.</li>
 
<li>You must make sure that your home directory, the <code>public_html</code> directory, and every directory above your PHP script is accessible but not group or other writable:</li>
 
<li>You must make sure that your home directory, the <code>public_html</code> directory, and every directory above your PHP script is accessible but not group or other writable:</li>
<code>
 
 
  chmod 755 ~
 
  chmod 755 ~
 
  chmod 755 ~/public_html
 
  chmod 755 ~/public_html
 
  chmod 755 ~/public_html/otherdir
 
  chmod 755 ~/public_html/otherdir
</code>
 
 
<li>Finally, you must make sure your scripts are readable, but not group or other writable:</li>
 
<li>Finally, you must make sure your scripts are readable, but not group or other writable:</li>
<code>
 
 
  chmod 644 ~/public_html/index.php
 
  chmod 644 ~/public_html/index.php
 
  chmod 644 ~/public_html/otherdir/index.php
 
  chmod 644 ~/public_html/otherdir/index.php
</code>
 
 
<li>If you have problems, try checking the end of the logs for additional information while pressing reload on your browser:</li>
 
<li>If you have problems, try checking the end of the logs for additional information while pressing reload on your browser:</li>
<code>
 
 
  tail -f /common/weblogs/polara/error.log /common/weblogs/polara/suphp.log
 
  tail -f /common/weblogs/polara/error.log /common/weblogs/polara/suphp.log
</code>
 
 
</ol>
 
</ol>
  
 
== How do I setup ssh keys? ==
 
== How do I setup ssh keys? ==
  
To setup ssh keys for authentication between CIS Linux and Solaris hosts,
+
===Linux/MacOS & Powershell===
follow these steps
+
Note: If you can run the command <code>ssh-keygen.exe</code> in powershell without receiving an error you can follow these instructions, just be sure to replace any "~" with "$HOME" and "/" with "\" when you seem them. Otherwise follow the putty instructions below.
 +
<ol>
 +
<li>Open a terminal and run the command <code>ssh-keygen -t rsa</code>.</li>
 +
<li>You will be asked to specify the keys file path, the default will likely be<code>/home/username/.ssh/id_rsa </code>. If you specify a different path it must be global.</li>
 +
<li>Next you will be asked for a password to encrypt your key with. If you don't want to encrypt your key you can leave the filed blank and press enter, if you use a password it should be different from your users password. </li>
 +
<li> There should now be two new files <code>id_rsa</code> and <code>id_rsa.pub</code>in the folder <code>~/.ssh/</code>. (This document will assume you used default file paths)</li>
 +
<li>Next you will need to run the command <code>ssh-copy-id -i ~/.ssh/id_rsa.pub username@cslinux.cs.ksu.edu</code>, you will be prompted for your password and after that you should be done. If you have issues with this command you can follow step 5, otherwise you can skip to step 6.</li>
 +
<li>You will need to copy the contents of your public key (the .pub file) from your local machine into the file <code>~/.ssh/authorized_keys</code> on the server you want to ssh into, this should just be one long string on a single line. You can use scp to copy the file over and append it to the authorized_keys file, or you can copy it to your clipboard and paste it with a text editor.</li>
 +
<li>With your public key copied over as long as you have your private key in the folder <code>~/.ssh/</code>. Close and reopen your terminal and you should be able to login as normal but without entering your password, or only entering your specified decryption password.</li>
 +
<li>If you gave your key a non default path you will need to tell your SSH client where to find your key by editing or creating the file <code>~/.ssh/config</code> and adding the line <code> IdentityFile /path/to/private_key</code>. For more information on SSH client configurations check the man page for <code>ssh_config</code>.</li>
 +
</ol>
  
<code>
+
===Putty===
chmod go-w ~
+
To set up ssh keys on windows hosts first make sure you have both putty and puttygen installed [https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html here].
cd ~/.ssh/
 
chmod 700 .
 
ssh-keygen -t dsa
 
cat id_dsa.pub >> authorized_keys
 
chmod 600 *
 
</code>
 
  
== How do I access the wireless network in Nichols? ==
+
<ol>
 
+
<li>Open puttygen, make sure RSA is selected at the bottom and click generate.
The CIS Wireless network is now managed by the K-State Computing and Telecommunications Services (CTS) networking department. To gain access to the network, you will need to have a valid [http://eid.ksu.edu K-State eID] and follow [http://www.ksu.edu/cns/itswireless/ these instructions] listed on the CTS website.
+
<p>[[File:puttygen.JPG]]</li>
 +
<li>Click Save private key and click yes when it asks if its okay to create a key without a password. Put this file away somewhere (Do not just drop it on your desktop).</li>
 +
<li>Then select everything in the text box labeled "Public key for pasting into OpenSSH authorized_key file" and copy it to a file somewhere near your private key.
 +
<p>[[File:Puttygenerated.jpg]]
 +
<p>
 +
You are done working on your windows host for now, you will need to ssh into the machine you want to set up keys on.</li>
 +
<li>Open the file <code>~/.ssh/authorized_keys</code> (if this file doesn't exist you can make it). The key should just be one very long string on a single line.</li>
 +
<li>Run the commands <code>chmod 700 ~/.ssh/</code> and <code>chmod 600 ~/.ssh/authorized_keys</code>
 +
You are now done setting up the keys and you can log out of this machine. The only thing you need to do from here on is specify which private key to use next time you log on.</li>
 +
<li>Open putty and select auth under the ssh drop down on the left.</li>
 +
<li>Select browse at the bottom of the list and navigate to you the .ppk file you made in step 2
 +
<p>[[File:SelectKeys.jpg]]</li>
 +
<li>Return to the session tab on the left, enter the address of the machine you want to connect to and click the open button.</li>
 +
<li>You should be prompted for your username but you should not need to type your password and you should be authenticated.</li>
 +
</ol>
  
 
== How do I access the campus VPN? ==
 
== How do I access the campus VPN? ==
  
Please see the K-State page on how to download, install, and use the VPN client for off-campus connection.
+
See [[:Remote_Access#Access_Through_Campus_VPN | Access Through Campus VPN]]
 
 
http://www.ksu.edu/its/security/vpn/
 
 
 
== How do I login remotely to CIS resources? ==
 
 
 
As of August, 2012, ITS Security team is blocking remote access to desktop computers from off-campus.  Only certain systems will be available from off-campus.
 
 
 
Windows (Remote Desktop):
 
* remote.cis.ksu.edu (uses your CIS login)
 
* remote-ksu.cis.ksu.edu (uses your KSU eID login)
 
 
 
Linux (SSH):
 
* cislinux.cis.ksu.edu
 
 
 
There are no publicly-accessible Mac hosts in our department, only systems that are owned or used by individuals or projects.
 
  
'''Wireless users please note:''' For SSH or RDP access to our remote access servers, you must not be connected to the "KSU Guest" wireless network.  This network only allows web traffic (http/https) and nothing else.  You must be connected to "KSU Wireless" or "KSU Housing" if you are on-campus.
+
== How do I login remotely to CS resources? ==
  
If you need access to any other CIS system and don't want to go through one of the above hosts first, you may install the campus VPN client on your remote systems (home desktops, laptops, etc), which you can download [http://www.ksu.edu/its/security/vpn/ here].  When you run it, you should login with your KSU eID and connect using the "Full Tunnel" option.  This routes all your desktop network traffic through the KSU network, effectively putting your desktop behind the campus firewall.  You can now use Remote Desktop or SSH client to connect to any CIS system.
+
See [[Remote Access]]

Latest revision as of 16:12, 9 March 2022

What network storage is available to me?

All CS users have home directory on the department file server to store files. Anything you place in your home directory is backed up nightly, with revisions stored going back six months.

Linux Systems

On department linux systems, your home directory is automatically mounted as $HOME. The full path of your home directory can be found using the finger command on any linux host.

finger testacct
Login: testacct       			Name: Testing Tester
Directory: /home/t/testacct         	Shell: /bin/bash
Never logged in.
No mail.
No Plan.

In this case, testacct's home directory is /home/t/testacct.

Windows Systems

On department Windows systems, your home directory should be mounted as the U:\ drive. If you are manually mounting a drive, use the URI \\files.cs.ksu.edu\<username> where <username> is your eID.

Transient Storage

If you need a large amount of space temporarily, you can request space in the transient volume (send an email to help@cs.ksu.edu). There are no quotas on directories in this volume, but there are also no backups made of files here. Support staff may also ask you to clean files out periodically to make room for others. On department linux systems, your transient directory will be found in /transient/<username>. On department Windows systems, you can mount the share \\files.cs.ksu.edu\transient\<username> to a drive letter of your choosing.

How do I setup CGI on my web page?

Please see the page on Personal Web Pages.

Why don't you have an FTP server?

FTP is a very old protocol. It was designed before security considerations were a major part of protocol design. As such, passwords to the FTP server are sent in plain text---any clever user on the network can snoop your packets and steal your password. This would allow that user to gain access to your account, which is an unacceptable violation of our security.

If you need to access your home directory from a remote location, there are two different methods for doing so. See the documentation in the CS Systems UserGuide for Remote Access or in the FrequentlyAskedQuestions about how to access your home directory from a non-CS computer.

How do I use HTTP authentication?

To setup password authentication for a directory in your personal web space follow these steps from a linux shell (you will want to change passwordProtectedDir to whatever name you want and use your own usernames). <your_home_dir_path> is the full path to your home directory. If you don't know what this is, use the finger command from the command prompt of any linux host ("finger <eid>", where <eid> is your eID).

cd ~/public_html/
mkdir passwordProtectedDir
cd passwordProtectedDir
htpasswd -c .htpasswd user_who_gets_access
htpasswd .htpasswd other_user
cat << EOF > ~/public_html/passwordProtectedDir/.htaccess
AuthType Basic
AuthName "Checking Password"
AuthUserFile <your_home_dir_path>/public_html/passwordProtectedDir/.htpasswd
Require valid-user
EOF

Now create any files you want in the directory and set permissions appropriately.

chmod o+rx ~/public_html/passwordProtectedDir
chmod o+r ~/public_html/passwordProtectedDir/*.*

If you would like your files to only be password protected off-campus, use this command to make your htaccess file.

cat << EOF > ~/public_html/passwordProtectedDir/.htaccess
AuthType Basic
AuthName "Checking Password"
AuthUserFile <your_home_dir_path>/public_html/passwordProtectedDir/.htpasswd
Require valid-user
Order Allow,Deny
# This restricts access without a password to the KSU network
Allow from 12# 130.0.0/16
# This restricts access without a password to the CS network
#Allow from 12# 130.8.0/22
Satisfy any
EOF

Why am I getting 500 Interal Server Error on all my scripts?

We use programs named suexec and suphp to make sure that all of your scripts run as you. This allows your scripts to access files that would normally be private and inaccessible by the web server. However, for security these programs will not allow your scripts to run unless the permissions set on your files and on the directories containing them are safe.

For CGI scripts, you must make sure the following are true:

  1. Your script must be stored in your home directory in the subdirectory named public_html/cgi-bin. You cannot place your scripts anywhere else.
  2. You must make sure that your home directory, the public_html directory, and the cgi-bin directory are not group or other writable:
  3. chmod 755 ~ chmod 755 ~/public_html chmod 755 ~/public_html/cgi-bin
  4. Finally, you must make sure your scripts are executable, but not group or other writable:
  5. chmod 755 ~/public_html/cgi-bin/my-script.cgi
  6. If you have problems, try checking the end of the logs for additional information while pressing reload on your browser:
  7. tail -f /web/logs/error_log /web/logs/suexec_log

For PHP scripts, you must make sure the following are true:

  1. Your script must be stored in your home directory under the directory named public_html or a subdirectory of that directory.
  2. You must make sure that your home directory, the public_html directory, and every directory above your PHP script is accessible but not group or other writable:
  3. chmod 755 ~ chmod 755 ~/public_html chmod 755 ~/public_html/otherdir
  4. Finally, you must make sure your scripts are readable, but not group or other writable:
  5. chmod 644 ~/public_html/index.php chmod 644 ~/public_html/otherdir/index.php
  6. If you have problems, try checking the end of the logs for additional information while pressing reload on your browser:
  7. tail -f /common/weblogs/polara/error.log /common/weblogs/polara/suphp.log

How do I setup ssh keys?

Linux/MacOS & Powershell

Note: If you can run the command ssh-keygen.exe in powershell without receiving an error you can follow these instructions, just be sure to replace any "~" with "$HOME" and "/" with "\" when you seem them. Otherwise follow the putty instructions below.

  1. Open a terminal and run the command ssh-keygen -t rsa.
  2. You will be asked to specify the keys file path, the default will likely be/home/username/.ssh/id_rsa . If you specify a different path it must be global.
  3. Next you will be asked for a password to encrypt your key with. If you don't want to encrypt your key you can leave the filed blank and press enter, if you use a password it should be different from your users password.
  4. There should now be two new files id_rsa and id_rsa.pubin the folder ~/.ssh/. (This document will assume you used default file paths)
  5. Next you will need to run the command ssh-copy-id -i ~/.ssh/id_rsa.pub username@cslinux.cs.ksu.edu, you will be prompted for your password and after that you should be done. If you have issues with this command you can follow step 5, otherwise you can skip to step 6.
  6. You will need to copy the contents of your public key (the .pub file) from your local machine into the file ~/.ssh/authorized_keys on the server you want to ssh into, this should just be one long string on a single line. You can use scp to copy the file over and append it to the authorized_keys file, or you can copy it to your clipboard and paste it with a text editor.
  7. With your public key copied over as long as you have your private key in the folder ~/.ssh/. Close and reopen your terminal and you should be able to login as normal but without entering your password, or only entering your specified decryption password.
  8. If you gave your key a non default path you will need to tell your SSH client where to find your key by editing or creating the file ~/.ssh/config and adding the line IdentityFile /path/to/private_key. For more information on SSH client configurations check the man page for ssh_config.

Putty

To set up ssh keys on windows hosts first make sure you have both putty and puttygen installed here.

  1. Open puttygen, make sure RSA is selected at the bottom and click generate.

    Puttygen.JPG

  2. Click Save private key and click yes when it asks if its okay to create a key without a password. Put this file away somewhere (Do not just drop it on your desktop).
  3. Then select everything in the text box labeled "Public key for pasting into OpenSSH authorized_key file" and copy it to a file somewhere near your private key.

    Puttygenerated.jpg

    You are done working on your windows host for now, you will need to ssh into the machine you want to set up keys on.

  4. Open the file ~/.ssh/authorized_keys (if this file doesn't exist you can make it). The key should just be one very long string on a single line.
  5. Run the commands chmod 700 ~/.ssh/ and chmod 600 ~/.ssh/authorized_keys You are now done setting up the keys and you can log out of this machine. The only thing you need to do from here on is specify which private key to use next time you log on.
  6. Open putty and select auth under the ssh drop down on the left.
  7. Select browse at the bottom of the list and navigate to you the .ppk file you made in step 2

    SelectKeys.jpg

  8. Return to the session tab on the left, enter the address of the machine you want to connect to and click the open button.
  9. You should be prompted for your username but you should not need to type your password and you should be authenticated.

How do I access the campus VPN?

See Access Through Campus VPN

How do I login remotely to CS resources?

See Remote Access