Docs/Shell

From MTU LUG Wiki
Revision as of 17:18, 7 October 2025 by D2wn (talk | contribs)
Jump to navigation Jump to search

~/Docs

SSH-Over-TLS

IT blocks all inbound SSH connections from outside of the 141.219.0.0/16 range so by default you can't ssh into Shell from off-campus (or the guest WiFi).

There's a service on port 8443 to allow wrapping ssh traffic in TLS, so if you're connecting from a *nix client you can use the following options to do the TLS-wrapped-SSH:

Using package openssl

openssl should be installed on most *NIX systems, including MacOS, by default.

It can be installed on Windows with winget install openssl or scoop install openssl

Single-Use Command

You can use the following command to ssh into shell without editing any persistent configuration files:

ssh -o ProxyCommand="openssl s_client -quiet shell.lug.mtu.edu:8443 2>/dev/null" username@shell.lug.mtu.edu

Persistent Config

Otherwise, you can add the following to ~/.ssh/config, and have it auto-apply any time you type ssh shell:

Host shell
    ProxyCommand        openssl s_client -quiet shell.lug.mtu.edu:8443 2>/dev/null
    ServerAliveInterval 10

This is what I recommend, as you can just type ssh shell and it'll apply the SSH-over-TLS settings automatically.

You can also add your username and pubkey to the host config for a very quick login, so you don't have to type your password every time.

More information about the SSH Host configuration file can be found here

Using package socat

If the above doesn't work, (or if openssl keeps dropping the connection randomly) you can use socat instead.

Just replace:

openssl s_client -quiet shell.lug.mtu.edu:8443 2>/dev/null

with

socat - OPENSSL:shell.lug.mtu.edu:8443,verify=0

in either the single-use command or persistent config.

So long as socat is installed, it should work without hassle.

You can also use other TLS client you like, such as ncat or stunnel, but openssl and socat are some of the most popular programs for this purpose so I decided to only cover the configs for them.

Contact a LUG sysadmin if you need help using a different TLS client application for this purpose.

Notes for sysadmins

Scripts

Shell has scripts for administrators in /root/ to automate various tasks.

These are:

  • add-new-user.sh
    • Use this to make a new user account. useradd doesn't make home directories a ZFS dataset. (useful in case a user wants to rollback their homedir to a snapshot)
  • generate-homepage.sh
    • Generates the index.html page for shell. Called by a cronjob to run every minute.
  • list-administrators.sh
    • Prints a (colored) list of administrators.
  • list-logins.sh
    • Prints an ordered list of user logins
  • list-user-creation.sh
    • Displays a sorted list of each user's creation date based on their homedir
  • user-popularity.awk
    • Prints number of unique IPs that visited each user's shell website path
    • Plan to use this to make "most popular user of the day" blurb in generate-homepage.sh at some point

ZFS

Shell uses ZFS for the main data pool, which is mounted at /home (and each user's homedir is an individual dataset). As of Fall 2025, it has roughly ~8TB in raw space (4x2TB drives), ~4TB after formatting (RAID10 / striped-mirrors) and ~1TB used with ~3.5TB free.

Some helpful commands are:

  • View general pool status (and disk health)
    • zpool status
  • View all ZFS snapshots
    • zfs list -t snapshot
  • Delete specific snapshot
    • zfs destroy -r zhome@example-snapshot

Automated tasks (cronjobs):

  • 4AM EST: cronjob recursively makes a snapshot of /home and each user's homedir, prefixed by "Auto".
  • 4:15AM EST a cronjob recursively deletes >8th oldest /home snapshot starting with "Auto".
Retrieved from "https://lug.mtu.edu/w/index.php?title=Docs/Shell&oldid=7957"