# Lecture 1: Tools for Scientific Computing 1 (1.5 Hours) #

### ABSTRACT ###

In this Lecture, we will do stuff remotely and reversibly. **todo**

---

**TODO**:

- Note that ``ssh`` will prompt for host public keys when you try to log in for the first time.

## Secure Shell for Remote Computing (40 Minutes) ##

In Lecture 0, we covered the use of the command line. Here, we'll take that farther by using the SSH (secure shell) protocol to run command lines on remote machines. This is useful for a range of different tasks, but is perhaps most commonly used in scientific computing to run computations on high-performance computing (HPC) resources such as clusters. In this Lecture, we'll also show how to use SSH together with version control to really make our lives simpler.

Let's start by running a new command line session, as described in Lecture 0. We've created temporary user accounts on an example remote server, such that we have something to SSH into. In the new command line session (either PowerShell or bash), run the ``ssh`` command below, replacing ``<user>`` by the username provided on your slip of paper:

```bash
$ ssh <user>@epqis.cgranade.com
```

You will then be prompted for the password associated with this username. Type it in and press **enter** to finish starting your SSH session on the remote machine ``epqis.cgranade.com``. The new SSH session will be heavily encrypted, as is critical for security.

*NB: the ``ssh`` command will not echo your password to you, so the password prompt will look blank. On macOS / OS X, Terminal.app may or may not place a 🔑 emoji in the command line to indicate that echoing is turned off, depending on your version of macOS / OS X.*

Were this an actual useful server, and not (as is actually the case) a Raspberry Pi running in an apartment somewhere, you could then run HPC applications from the comfort of your laptop. Sadly, reality is a little more boring at the moment, so instead feel free to pretend by running a few commands of your choice. Just don't set anything on fire, cause problems with law enforcement, or otherwise act in a very rude fashion with this example server.

Once you're satisfied, run ``exit`` or press **Ctrl-D** to exit the SSH session and return to your own computer's command line. Though this was a useful exercise, it's somewhat limited by one critical problem: we needed to type in our password. This will become very annoying if we have to use SSH as part of an automated process, as will be the case when we learn Git later in this lecture. To solve this, we rely on the *public key infrastructure* (PKI) built into SSH.

Very roughly, in PKI, one can create *keypairs* of a matching private and public key. Anyone with the public key can encrypt a message that can only be decrypted with the matching private key. In SSH, this concept is used to provide a much better alternative to passwords. If you have provided an SSH server with your public key, then the server can ask you to decrypt something in order to prove you have the matching private key. Using PKI in this way means that your password does not have to be sent over the network, greatly reducing your attack surface. The security of SSH's PKI can be further enhanced by using a *passphrase* with your private key. Effectively, a private key with a passphrase cannot be used except by someone who knows that passphrase. Critically, this passphrase is **never** sent across the network, but is only used by your local machine to reconstruct the full private key.

With this bit of handwavy theory out of the way, let's jump in by generating an SSH key.

*NB: Please skip these steps if you already have an SSH key.*

The SSH client we installed in Lecture 0 comes with a handy command ``ssh-keygen`` for doing generating keys.

```bash
$ ssh-keygen
```

You will be prompted where to store the new private key. Press **enter** to accept the default of ``~/.ssh/id_rsa``. You will then be asked to choose a passphrase. Pick something approximately as long as an English sentence, and press **enter** to confirm it. You'll be asked to type it again to help prevent errors. Since this passphrase provides part of the entropy for your private key, it must be quite long compared to traditional passwords. Note that this passphrase cannot be recovered if you forget it— this is by design.

*NB: you should **never** enter your passphrase over a network, as it should **only** be used locally to unlock your private key.*

To tell an SSH server about your *public* key, named ``~/.ssh/id_rsa.pub`` by default, use the ``ssh-copy-id`` command. This will copy the public key to your ``~/.ssh/authorized_keys`` file on the server, which the server then use the next time you try to log in. You should be prompted for your password on the server for the last time in this process.

```bash
$ ssh-copy-id <user>@epqis.cgranade.com
$ ssh <user>@epqis.cgranade.com
```

If all went well, you will instead by prompted by your local machine for the passphrase that you used when generating your key.

A particularly astute and snarky observer may object at this point that we seem to have done something far less convienent than passwords, while justifying our pursuit with convienence as a goal. Indeed, now we need to manage keys *and* type in a far longer string of characters each time we wish to use SSH to do, well, anything. Thankfully, we're not done yet, as we have yet to use an SSH *agent*. An agent is a piece of software running on our local machine that manages SSH keys on our behalf, such that once a key is unlocked by our passphrase, we need not use that passphrase again until the agent decides to lock the key based on its security policy. On macOS / OS X, Keychain acts as an SSH agent and is built into the operating system, such that we should not need to do any further work. Similarly, on Ubuntu, an SSH agent called ``ssh-agent`` is provided by default when we install ``ssh`` using ``apt-get``, as in Lecture 0.

On Windows, the story is a little more complicated, but thankfully we installed everything we need back in Lecture 0. In particular, the problem we run into is that the port of OpenSSH to Windows is in progress, such that even though it supports ``ssh-agent``, this support is not in a form that most Windows programs can make use of. Thus, we will instead use a command-line program ``plink.exe`` that comes with the PuTTY SSH client. This program uses Pageant, the Windows-style SSH agent provided with PuTTY, rather than ``ssh-agent``.

**TODO**:

- Add Pageant to startup menu
- Convert private key to PuTTY format
- Add private key to Pageant
- Run plink
- Add ``GIT_SSH``

- SSH forwarding?

## Version Control with Git (50 Minutes) ##

- DAGs
- Edges as diffs, mention latexdiff
- GitHub, Bitbucket
- Configuring Git to use SSH with Plink (Windows-only), Nano (OS X and Windows only)
- Integration with Sublime Text, VS Code