SSH service

1. About

The Secure Shell Protocol (SSH) is a cryptographic network protocol for operating network services securely over an unsecured network. Its most notable applications are remote login and command-line execution. The Secure Shell Protocol is an essential component of the administration of any computer network and the Internet.

2. Systems

2.1 Frontend

FQDN BFH IT-Services IPv6 IPv4
ssh.bfh.info
ipv6.ssh.bfh.info
ipv4.ssh.bfh.info
FQDN BFH IT-Services IPv6 IPv4
ssh.bfh.science
ipv6.ssh.bfh.science
ipv4.ssh.bfh.science

2.2 Backend

Warning
Always use the frontend DNS record

Never use the backend nodes directly:

  • backend may change without notice at any time (e.g. IP addresses, DNS records, configuration, etc.)
  • backend has no legacy support or grace periods, changes are implemented instantly
  • backend can be rebootet without notice at any time
  • backend access will soon be restricted

FQDN IPv6 IPv4
node1.ssh.bfh.info 2a07:6b40::71 147.87.0.71
node2.ssh.bfh.info 2a07:6b40::72 147.87.0.72
node3.ssh.bfh.info 2a07:6b40::73 147.87.0.73
node4.ssh.bfh.info 2a07:6b40::74 147.87.0.74
FQDN IPv6 IPv4
node1.ssh.bfh.science 2a07:6b42:101:11::11 147.87.8.11
node2.ssh.bfh.science 2a07:6b42:101:11::12 147.87.8.12

3. Features

  • TODO

4. Backlog

4.1 Legacy

  • 2023-03-31: remove ssh.bfh.ch CNAMEs

  • 2023-03-31: remove RSA user keys

  • ????: retire ssh{1,2}.its.bfh.ch

  • ????: retire node{1,2}.ssh.esb{,-test}.bfh.ch

4.2 Features

  • 2023: restricting backend subnet access

  • 2023: anycasting ssh.bfh.info

  • 2023: setup automated ssh hostkey signing CA

  • 2023: selfservice for user keys via IDM

  • 2023: (non-)persistent home on ssh.bfh.science after some more testing

  • ????: benchmarking

4.3 Known issues

  • no known issues