SSH service
1. About
The Secure Shell Protocol (SSH) is a cryptographic network protocol for operating network services securely over an unsecured network. Its most notable applications are remote login and command-line execution. The Secure Shell Protocol is an essential component of the administration of any computer network and the Internet.
2. Systems
2.1 Frontend
| FQDN | BFH | IT-Services | IPv6 | IPv4 |
|---|---|---|---|---|
| ssh.bfh.info | ||||
| ipv6.ssh.bfh.info | ||||
| ipv4.ssh.bfh.info |
| FQDN | BFH | IT-Services | IPv6 | IPv4 |
|---|---|---|---|---|
| ssh.bfh.science | ||||
| ipv6.ssh.bfh.science | ||||
| ipv4.ssh.bfh.science |
2.2 Backend
Always use the frontend DNS record
Never use the backend nodes directly:
- backend may change without notice at any time (e.g. IP addresses, DNS records, configuration, etc.)
- backend has no legacy support or grace periods, changes are implemented instantly
- backend can be rebootet without notice at any time
- backend access will soon be restricted
| FQDN | IPv6 | IPv4 |
|---|---|---|
| node1.ssh.bfh.info | 2a07:6b40::71 | 147.87.0.71 |
| node2.ssh.bfh.info | 2a07:6b40::72 | 147.87.0.72 |
| node3.ssh.bfh.info | 2a07:6b40::73 | 147.87.0.73 |
| node4.ssh.bfh.info | 2a07:6b40::74 | 147.87.0.74 |
| FQDN | IPv6 | IPv4 |
|---|---|---|
| node1.ssh.bfh.science | 2a07:6b42:101:11::11 | 147.87.8.11 |
| node2.ssh.bfh.science | 2a07:6b42:101:11::12 | 147.87.8.12 |
5. Links
6. Backlog
Legacy
retire ssh{1,2}.its.bfh.ch
retire node{1,2}.ssh.esb{,-test}.bfh.ch [2025-08 after ESB debian-lifecycle]
Features
anycasting ssh.bfh.info
automatic absolut disconnected after 3d to prevent session of removed users
setup automated ssh hostkey signing CA
setup automated static ssh hostkey generation via setup and autocommit to git via webhook
selfservice for user keys via ldap in IDM
(non-)persistent home on ssh.bfh.science after some more testing
provide enduser documentation on how to use SSH, SSH Gateways and SSH Keys
support MFA
test environment
benchmarking