An ssh config file just saves shortcuts for complicated ssh commands you wouldn't want to type in every time. Let's build a new config file up gradually. On Mac, open up a terminal, and we will use nano, which is the simplest terminal text editor:
nano ~/.ssh/config
On Windows, open a Powershell terminal window, and we can use notepad:
notepad.exe $HOME/.ssh/config
Either way, let's start by adding these lines to the top of our config file:
Host sphinx
User username
HostName sphinx.physics.hmc.edu
This makes it so we can just type 'ssh sphinx' instead of 'ssh sphinx.physics.hmc.edu' (you can also choose your own fun names!) and sets our username (replace 'username' with your own!) so we don't have to write it in at login. More usefully, Below that let's now write:
Host hr8799
User username
HostName hr8799.physics.hmc.edu
ProxyJump sphinx
where again you should replace 'username' with your own. To log into hr8799 and all our other workstations, we need to first log in through sphinx from our laptop, which is a real pain. The ProxyJump command above automates that step. Below, write an analogous block for each of the other workstations, e.g., replacing both instances of hr8799 with trappist1. Your config file should now have a simpler entry for sphinx, and a more complicated entry like the above (including a ProxyJump) for each of the other workstations (hr8799, trappist1, kepler11). Now close the file (Ctrl+X in nano on Mac, which will prompt you to save). On Windows, notepad will automatically add a wrong .txt extension to this file so after we save and quit notepad, we need to remove the extension with the following Powershell command (open a new terminal to make sure it's running on your own laptop and you're not ssh'ed into one of the workstations):
mv $HOME/.ssh/config.txt $HOME/.ssh/config
Now on both Mac and Windows, when you type 'ssh hr8799', you should be able to log in directly (without having to log into sphinx first).
Finally, we can automate the step of logging in with our username and password each time by creating a public / private key pair. The idea is that you keep your private key on your own computer and never share it (would give others access to any workstations where you've put your public key), but you copy your public key onto every workstation you'd like to access. When you try to login to the workstation, the public key for your laptop stored on the workstation is verified against the private key on your laptop, instead of entering a password. To create a key pair, we first open a terminal window. If you are coming from another tutorial, check whether your terminal window is running on your own machine, or whether you're logged into one of the workstations (e.g., sphinx). If the latter, enter exit to take you back to your own machine or just open a new terminal window. Then
ssh-keygen -t rsa
On Windows this will first prompt you for where you want to put the file. Press enter to accept the default. Then on both Mac and Windows, it will prompt you for a passphrase. Press enter twice to NOT have a passphrase. This will create an id_rsa (private key) and id_rsa.pub (public key) file in the .ssh directory in your home folder (on Mac and Linux, ~ in a filepath refers to your home directory, on Windows it's $HOME). We now need to paste the contents of id_rsa.pub into ~/.ssh/authorized_keys (a file containing the public keys of all authorized users) on each of the workstations you want to use. On Mac we can do this with (run the command one time for each of the workstations, afterward replacing sphinx with hr8799, trappist1, kepler11):
cat ~/.ssh/id_rsa.pub | ssh sphinx 'cat >> ~/.ssh/authorized_keys'
On Windows you would use:
cat $HOME/.ssh/id_rsa.pub | ssh sphinx 'cat >> ~/.ssh/authorized_keys'
This will prompt you for your password like before, but once done, try to ssh into any of the workstations, and you should get logged in automatically!
Finally, you'll be using Github a lot, so let's set up your public keys there too. If you don't do this now, you'll run into a lot of confusion and issues down the line. Our goal is to put our laptop's public key on Github so we don't have to authenticate with our password each time. Open a new terminal / Powershell on your laptop, and on Mac run
cat ~/.ssh/id_rsa.pub
On Windows run
cat $HOME/.ssh/id_rsa.pub
This will print out the contents of your public key on the terminal. Select it with your mouse and copy. Now log into your Github account in a browser (or make a new account on www.github.com), then after logging in, click on the top right icon for your user, and click on Settings near the bottom. On the next page, in the left bar under Access, slick on SSH and GPG keys. Click the green button at the top right for New SSH key, write any name you'd like to use for your laptop, paste the key in the text box under Key, and click Add SSH Key.
This put your laptop's public key on Github, which allows you to push and pull changes from your laptop to Github without entering a password. We also need to do this from whatever workstations you use. To put your hr8799 public key on your Github account, ssh into hr8799, and run
ssh-keygen -t rsa
cat ~/.ssh/id_rsa.pub
and copy paste this hr8799 public key onto your Github account just like above. Then do the same for other workstations you use (we will never run code on sphinx so you can skip one). The end result is that your SSH and GPG keys page on your Github account should have an entry for your laptop, and one for hr8799 and each of the other workstations. Do this now so you don't have to sort it out later!
If you've never used git before, none of this will make sense yet, and that's OK. It will save you an enormous amount of time and confusion. The important thing is that when you download code on Github (in git lingo, when you 'clone a repository'), you should always do it using SSH.
To see how this is done, let's clone the REBOUND repository as an example. In your laptop's browser, let's open the REBOUND Github webpage. On the top right, there's a green button that says Code. Click on it, and under Code, you will see three tabs, HTTPS, SSH and Github CLI. By default, HTTPS is selected, but now we want to choose SSH. We then copy the string below, which is what we need below to get the code. If we wanted to dowload the REBOUND code to hr8799, we would first ssh into hr8799, and in that terminal window, would type git clone and then paste the string we copied earlier, i.e.,
git clone git@github.com:hannorein/rebound.git
This will download a directory named rebound into whatever directory you were in when you ran the above command (your home directory if you just ssh'ed into hr8799 and ran it). You could then go into that directory and look at any of the code in the REBOUND package. Remember that if you ever run git commands and it asks you for a password, you'll know the above steps copying that computer's public key to Github have gone wrong. Please ask me for help!