Longwood University Department of Computer Science Advanced Computing Lab

12 Feb 2014

Remote Access

The Advanced Computing Lab, located in the basement of the Hardy House, is open 24/7 to students enrolled in a 200-level or higher computer science course. Sometimes, it is convenient to connect to the lab network remotely, using the Secure Shell (SSH) protocol. To do that, you need an SSH client. Most Linux distributions provide a version of "openssh" that can be accessed through the terminal. If it is not installed by default, there are instructions at the bottom of this page for setting one up.

Connecting directly to the server

We greatly prefer that you use the workstations (rather than the servers) for your work. The best way to connect to the workstations over SSH is to use port forwarding (see below). However, if you need to connect directly to a server, you can do it by opening up a terminal and typing:

ssh username@torvalds.cs.longwood.edu

Replace username with the login name of your lab account. If your username on the server is the same as the username on your personal computer, you can omit the username@ and simply type:

ssh torvalds.cs.longwood.edu

Connecting directly to the server is generally a bad idea -- if you run any code that causes the server to crash, you'll take it down for everyone. Since the lab depends pretty heavily on having the servers up and running, this ruins everything for everyone. Also, if everyone logs into the server, it will run much slower than if we spread the load out among the workstations. For this reason, we do not install a complete development environment on the servers.

You should not do any serious work when logged in to the server.

Port Forwarding

To avoid these problems, I have set up port forwarding on both servers. This means that if you connect to one of the servers on a special port, your connection will be passed to one of the workstations as if you had logged into that system directly.

Here are the ports for each system:

SystemPortSystemPort
amdahl220 stroustrup233
babbage221 sutherland234
chomsky222 turing235
church223 vonneumann236
dijkstra224 wirth237
kernighan225 merry238
knuth226 pippin239
lamport227 bilbo240
lovelace228 frodo241
mccarthy229 samwise242
pascal230 bullroarer243
ritchie231 belladonna244
shannon232

To connect using a particular port, add the -p flag. For instance, to connect to frodo, type:

ssh -p 241 username@torvalds.cs.longwood.edu

An even easier method (if you are using Linux) is to download this config file and place it in your .ssh directory. Then you can simply type "ssh frodo" and openssh will take care of the port forwarding for you. This method is described in more detail later in this document.

Logging into one workstation from another

Once you are logged into a workstation, you can connect to any other system in the lab by typing "ssh" followed by the appropriate hostname. For instance, you might type:

ssh vonneumann

to connect to the workstation named for John Von Neumann. Here are the names of the workstations you can use:


File Transfer

Since all the files in your home directory are stored on the server, you can connect directly to the server to retrieve or transfer files.

To copy a file from your laptop to the server, first change directories to the folder which contains the file and type:

scp filename username@torvalds.cs.longwood.edu:

Replace filename with the name of the file to copy and username with your login name in the lab. Be sure to place a colon at the end, or it will make a local copy instead of transferring the files over the network.

This only works for copying a single file. If you want to copy a folder, add the flag -r after the scp command:

scp -r folder username@torvalds.cs.longwood.edu:

This does a recursive copy, copying the folder and all its contents.

To copy a file from the server to your laptop, first cd to the directory in which you want to place the file and then type:

scp username@torvalds.cs.longwood.edu:/path/to/file .

Replace username with your lab account name and /path/to/file with the location of your files on the server.

Make sure you include the "dot" at the end of the command -- it indicates that the files should go in the current directory. If you want to copy an entire folder, add the flag -r after the scp command.

If you only need to transfer files from your home directory, you can scp directly to the server. However, if you need to access a file that is only installed on the workstations (for instance, a file in a /scratch folder), you may need to use port forwarding.

Unfortunately, the flag for port forwarding in scp is different from the one you use with ssh. Instead of a lowercase p, you need to use a capital P:

scp -P 240 username@torvalds.cs.longwood.edu:/path/to/file filename

This is a lot easier to do if you are using the "config" file described earlier. Then you can simply type:

scp username@frodo:/path/to/file filename

(replace frodo with the name of whichever workstation has the file).

An advanced technique

If you use scp to copy files from one user account to another, scp will change the ownership and permissions on your files so that the new account owns them. Usually, this is what you want. However, if you need to preserve ownership and permissions, you can instead transfer a tarball and extract it. A clever way to do this in one step is to use unix pipes:

tar czpvf - folder | ssh username@server "tar xzpvf -"

This creates a tarball of the folder, but instead of saving it to a file, it buffers it in memory and sends it to the ssh command. The ssh command logins into the server and then copies the tarball into the second tar command, which extracts the files into your home directory.

Graphics

By default SSH only provides a text connection, but if you are connecting from an X11 session, you can get it to forward graphics to your machine by adding the -Y flag: ssh -Y username@torvalds.cs.longwood.edu This doesn't typically work if you are "hopping" -- connecting to torvalds or gandalf in order to connect to one of the workstations -- but it does if you use port forwarding to connect directly to a workstation.

This technique also requires your system to be running an X graphics server. This is true of most Linux and Mac systems, but on Windows, you may need to install additional software. X forwarding can be slow and produce weird graphical artifacts like flicker and or incorrectly drawn windows. If you really need graphical access to a lab machine, you should consider using VNC instead.

Tunneling

When working on a project involving networking or web programming, you sometimes need to access ports other than port 22 (the SSH port). Since the host systems sit behind the firewall on torvalds, such ports cannot be directly accessed from outside the lab. Fortunately, the SSH protocol can be used for tunneling. Tunneling means that the SSH client will listen for information on another port, then transmit that information to the remote system across the already established SSH connection. When the information reaches the other side of the connection, the SSH server will send it to the appropriate port.

For example, suppose I am using amdahl as a server and want to run a program that will listen for connections on port 5000. The image below shows how SSH can make port 5000 on the server available to the client:

Tunneling port 5000 through an SSH connection

To forward a port, use the -L flag. For example:

ssh -L5000:localhost:5000 amdahl

Would forward amdahl's port 5000 to port 5000 on your local system. If you launch your server, it will run as usual and bind to port 5000. You can now open a web browser on your local system and type:

http://localhost:5000

into the location bar. This will connect to the server running on amdahl's port 5000.

Tunneling in PuTTY

If you are using Putty, you can enable port forwarding by changing settings in the configuration menu. Click on the plus sign in front of "SSH", then select "Tunnels". Put the port number (5000) into the Source Port and put "localhost:5000" into the Destination field. Then click "Add".

Some useful tricks

You can save yourself a lot of typing by creating a file named "config" in the ".ssh" folder of your home directory (on your personal computer). For instance, if you don't want to type "torvalds.cs.longwood.edu" every time, you can add the following lines to that file:

Host torvalds
   HostName torvalds.cs.longwood.edu
   User username
   ForwardX11Trusted yes

Replace username with your actual account name on the server. This creates an alias so that you can type just ssh torvalds to connect to the lab. It also enables X11 forwarding so that you don't need to use the -Y flag.

A sample config file can be downloaded here and placed in your .ssh folder. It contains aliases for all the machines in the lab, but does not enable X11 forwarding by default. You can easily download it to your home directory by typing:

cd ~/.ssh
wget http://torvalds.cs.longwood.edu/config

Another trick is called "passwordless SSH", which allows you to connect using a cryptographic instead of using a password. First, on your personal computer, generate an RSA keypair:

ssh-keygen

You will be asked three questions. Simply press enter on all of them. This command creates two files in your .ssh directory: id_rsa and id_rsa.pub. The first file contains your secret key. The second file, id_rsa.pub, contains your public key. To enable passwordless SSH, you must copy your public key into a file named "authorized_keys" on the server. The easiest way to do this is to open up two windows. In one window, log into a lab machine and type:

cd ~/.ssh
vim authorized_keys

Then type "i" to put vim in "Insert Mode".

In the other window, open up your id_rsa.pub file. Then copy/paste the entire contents of the public key file into vim. Be sure to remove any extra linebreaks the copy/paste process might add.

You can use this same technique to allow passwordless log in from any lab system to any other lab system. All you have to do is repeat the process, but generate the private key on a lab machine (it doesn't matter which one). Since the SSH configuration files are in your home directory and the home directory is shared across the lab network, this will automatically give you passwordless access to and from every system in the lab.

Installing on Arch Linux

To install openssh on an Arch Linux system, open up a terminal and type:

sudo pacman -S openssh

Arch has excellent documentation on SSH on the Archlinux wiki.

Installing on Ubuntu

To install openssh on an Ubuntu Linux system, open up a terminal and type:

sudo apt-get install openssh-client

You will be prompted for a password and then the client will be installed.

For more information, see this site.

Installing on OpenSuSE

To install openssh on an OpenSuSE Linux system, open up a terminal and type:

sudo zypper install openssh

You will be prompted for a password and then the client will be installed.

For more information, see this site.

Installing on Gentoo

To install openssh on a Gentoo Linux system, open up a terminal, become the root user, and type:

emerge openssh

A version of openssh will be compiled and installed on your system.

For more information, see the Gentoo wiki.

Accessing the lab using Mac OS X

All versions of the Macintosh operating system come with a version of openssh installed, which can be used from the Terminal app in the same manner as the Linux commands. However, to transfer files you may find it convenient to install a program called CyberDuck that provides a GUI which makes transferring files easier.

There is a good tutorial on how to enable SSH logins on your Mac at TechRadar.

Accessing the lab using Microsoft Windows

We discourage the use of Windows systems in the lab for many reasons (such as security and poor network behavior). However, if you must connect to the network from a Windows system, there are several SSH clients you may use. Cyberduck now also works in Windows and Linux. Campus IT recommends PuTTY (which is somewhat dated these days). You may prefer to choose from this list of alternatives.

For file transfers, WinSCP, is probably your best bet.

Be aware that text files, including source code, written on a Windows machine use a different format than those on a Linux system. When transferring files from one system to another, it is important to run the dos2unix or unix2dos commands to convert between the different formats.