Shell Access

From SonicWiki
Jump to: navigation, search

2018 Updates

After over a decade, we have updated our shell server to a much more modern system. There are changes, including:

  • All network directory mounts are handled using sshfs -- NFS is not used to access user directories.
  • There is no longer direct access to email spool directories -- please use IMAP.
  • Two-factor Authentication is now supported using Google Authenticator
  • PINE is not supported, please use alpine.
  • While traditional UNIX email folders are supported by mutt and alpine, we recommend moving these types of folders to IMAP-based folders. Please see below for details.
  • Shell users are compartmentalized into chroot environments, and a user will only be able to see their own processes in ps.
  • If you've compiled your own software a long time ago, you may need to recompile it to run it on the new server.

For more information regarding the transition from the old shell server (Bolt.sonic.net) to the new shell server (sh.sonic.net), please visit:

  The 2018 Shell Transition Page


How do I connect to my shell account?

For security reasons, new shell users need to confirm their identity via telephone before enabling shell access. To do this please contact technical support. This does not need to be re-done for access to the new shell server: if you have access to bolt.sonic.net, then you have access to sh.sonic.net.

As of 2018, Sonic does not support telnet access to either shell server. Please use ssh.

A free ssh client for Windows is available: putty.

Key fingerprints for the shell server:

  • ECDSA key fingerprint is SHA256:3Shjz0z7pf5EhaJuPaq4Dij92qFd34dRl9pbeNZAtWk.
  • ECDSA key fingerprint is MD5:72:68:03:a1:6c:c3:48:5c:13:04:b7:4d:91:b3:5c:5d.


How do I configure my connection software?

Configure your ssh client (such as putty) to connect to hostname sh.sonic.net .


How do I manage two-factor authentication?

The shell server now supports google authenticator for two-factor authentication.

Setup:

  • Install the google authenticator app on your phone, tablet, or whatnot.
  • On sh.sonic.net, run sonic-google-authenticator.sh and start answering questions.
  • When the QR code appears on the terminal, use the Google Authenticator app on your device to "scan in a barcode".
  • Finish answering the questions.
  • As the script finishes, it will run sync_google_authenticator.sh to tell sh.sonic.net to set up the new key for your account.

Disable:

  • Move your .google_authenticator file to the side, then run the sync script on its own:
$ mv .google_authenticator save.google_authenticator
$ sync_google_authenticator.sh

Re-enable:

  • Copy your saved file to .google_authenticator, then re-run the sync script:
$ cp -a save.google_authenticator .google_authenticator
$ sync_google_authenticator.sh


How do I manage email on the new shell server?

The shell server has both mutt and alpine. The system has help commands for configuring this software:

  • mutt_help.sh
  • alpine_help.sh


How do I change my password?

Use the password changing tool in our member tools area, linked to from the Password FAQ page. If you change your password, remember to go back into any software that has your password stored and change it there also.


What do I do if I forget my password?

The Password FAQ includes instructions for this eventuality. We cannot look up passwords, so if you can't remember it, it will be necessary to use the procedure outlined in the Password FAQ.


Where can I find more help if I need it?

The Sonic Labs Forum can provide help and discussion regarding the shell server. For security issues, email shellmaster@sonic.net.

A how-to document from the last century

Our (Unix) modes FAQ

Remember that Unix-like operating systems, such as Linux, have extensive online documentation -- both on the web and the command line. Important commands to learn are "man", "apropos", and "whatis".

For example, to learn about commands apropos to directories, try:

$ apropos directory # everything that has a man page that mentions "directory" in the synopsis
$ apropos directory | grep '(1)' # limit this to section 1 of the manual (user commands)