Skip to main content

Linux Shell FAQs

Once you have accessed Polaris through SSH, you will be in a Linux Bash shell. This will not be a comprehensive guide, but instead will give a general overview of our most frequently asked questions.

Linux File Permissions

A good overview of Linux file permissions can be found here, but a brief overview is that permissions are tiered into User, Group, and Other. Each tier has three permissions that can be enabled or disabled; Read (r), Write (w), and Execute (x).

To find a file's permissions, use the ls -l command.

[picardjl@polaris:~]$ ls -l prime-directive.txt
-rw-rw----. 1 picardjl picardjl 0 Dec  9 10:47 prime-directive.txt

In this case, the file prime-directive.txt has Read and Write permissions for the User picardjl, Read and Write for the Group picardjl, and no permissions for anyone else.

In order to change permissions, we need to use the chmod command. Let's say we want everyone to be able to read this file. We would nead to add the 'Read' bit to 'Other' in the file's permissions.

[picardjl@polaris:~]$ chmod o+r prime-directive.txt
[picardjl@polaris:~]$ ls -l prime-directive.txt
-rw-rw-r--. 1 picardjl picardjl 0 Dec  9 10:47 prime-directive.txt

Our file now has the Read (r) bit set.

Another method would be to use o= and supply our mask. Let's say we want to remove all ability to edit this document from Group (g) and Other (o).

[picardjl@polaris:~]$ chmod g=r,o=r prime-directive.txt
[picardjl@polaris:~]$ ls -l prime-directive.txt 
-rw-r--r--. 1 picardjl picardjl 0 Dec  9 10:47 prime-directive.txt

Let's move this document into a folder of other public documents we also want everyone to have access to. One quirk of the Linux file structure is that, in order to move through a directory, you don't use Read (r) permissions, you use Execute (x). Therefore, if we want people to have access to this directory (Execute) AND list all the files inside (Read), we need to grant them Read (r) and Execute (x) permissions. ls -ld will show the permissions of a directory.

[picardjl@polaris:~]$ mkdir federation_docs
[picardjl@polaris:~]$ mv prime-directive.txt federation_docs/
[picardjl@polaris:~]$ ls -ld federation_docs/
drwxrwx---. 2 picardjl picardjl 33 Dec  9 10:59 federation_docs/
[picardjl@polaris:~]$ chmod o+rx federation_docs/
[picardjl@polaris:~]$ ls -ld federation_docs/
drwxrwxr-x. 2 picardjl picardjl 33 Dec  9 10:59 federation_docs/

For a more comprehensive guide to the chmod command, please see this HowToGeek article.

Verify SSH Host Keys

If you are connecting to Polaris for the first time, and you want to make sure there's nothing strange happening, Polaris has published SSHFP records. SSHFP is a way of verifying SSH Host heys using DNS records. For more information on SSHFP and how it is used in security, read this APNIC article. In short, the valid fingerprints for the SSH keys are published through DNS records.

Manually

Polaris's SSH Host keys can be found using ssh-keyscan polaris.clarkson.edu. Polaris's public keys are below, so you can compare what your client sees to what Polaris actually has.

polaris.clarkson.edu ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCzpD5RGis9WRUQTyzhHpVL4gbG8x+bKLNYonfdBrYmT04DUUgwzhpSWAvAI3EC0KKRPZvDWybjGeVccH6j2hwc=

polaris.clarkson.edu ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDyIQH+eVZ2HugG6lgniygZsW+1G+7F6KwfK9i73gs/omDaypcuAcsTmc2H48I/opxx+0VoyVe74+IUJ4tq224uyz2j7LVk6suLFKKFi4wJq0vnowT7Tw2r1FZk0knnauuwYZzqrH6iVnJRBUQFiZA8yneuJ7AfmdOTxDJQO7C6KnkPsEuirAZpT18VQ8tSuBafGJ3REiHWEDdAz+oO/tso2E/0SNC1x08O0W6MtZd0RjKZZFPgFQqQo4gC8Lm+7UKuzQjXNm3WoYNRyZJKa1nTwzkCMXuwSRH37ebuPVKMuvCKuXRBw+VnFTYEkRFxVhI1Q1sVwqAFro8BsOr6DGsZiiNgL27+S1z4PnfBOGGY2VjBjKEbG6B12jniQ0NrF66hnpudbqDGiB7fW6WT75pCnKyjU+8T1T0UwoltShKMe6DMa1PK3nq32i12N6/9ruujJN6DmBt7qskAVj9+wS0U3mPI39FkGFBDlSvnTMsZQmTbJ/TjajREXINhLb9UQSk=

polaris.clarkson.edu ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHnN0+TDiQaMGeHChcuzw9dokEvnEUqVaMCwQervM5NQ

In a Shell

Validating SSH in a shell can be done as part of the SSH command.

ssh polaris.clarkson.edu -o VerifyHostKeyDNS=yes

You can also add these options to an SSH config file.

#~/.ssh/config

Host polaris.clarkson.edu
  VerifyHostKeyDNS=yes
Back to top