Introduction

Macs come with ssh installed. You can use this to login safely and securely to the School of Informatics from elsewhere on the internet.

When using ssh it's important to know how to use it securely, so please read about Host Key Management. (That page is for Linux, but ssh is the same on macOS and Linux.)

For background reading see connecting from outside the University - an overview.

VPN

Before you can use ssh, you must be using a VPN - either the University VPN or the School's OpenVPN. The VPN page can help with that.

Kerberos and GSSAPI

This stage is optional, but we recommend it, because it will help to keep your DICE password safe.

The most secure way to authenticate with the Informatics SSH service is to use GSSAPI (Kerberos). To use this you will need to set up Kerberos on your Mac.

After that, read the instructions for Using GSSAPI (Kerberos) authentication. Those instructions are for Linux, but ssh on the Mac should be configured similarly. (But note that the GSSAPIRenewalForcesRekey option is not supported.)

Once you have configured ssh as shown on that page, you will be able to ssh to School servers without being prompted for your DICE username and password each time you connect.

How to use ssh

To use ssh first start the Terminal application.
The Mac Terminal icon
You can find this in the Utilities folder which is on the Finder's Go menu.

Choosing Utilities from the Finder's Go menu

Once you have a Terminal window running, this is how to use ssh:

ssh username@servername

... replacing username and servername with the correct values.
Replace username with your DICE username - for example s1234567.
Replace servername with the name of the server to connect to.
For example, if your username was s1234567 and you wanted to connect to the Informatics ssh server for students, you would type this in the Terminal window:

ssh s1234567@student.ssh.inf.ed.ac.uk

If you are using Kerberos and GSSAPI, you will now be logged in to an Informatics ssh server. If you aren't using it, you will be prompted for your DICE password at this point.

If you type the wrong password

If you type the wrong password your login will fail.

If you type it wrong several times you will be temporarily locked out.

If this happens to you, just wait a while then try again. If that doesn't help, ask Informatics Computing Support for help.

This is a security measure.

Public Keys

The Public Key Support section of the External Login page explains why using ssh public keys is a bad idea. To remove a public key which you may previously have generated on your Mac, open Terminal once again and type 

rm ~/.ssh/id_rsa*

The key's filenames may be different - see the FILES section of

man ssh-keygen

on your Mac.

Last reviewed: 
14/12/2023