The Advanced Computing Lab, now located in Stevens Hall (Rooms 113 and 118), is open 24/7 to students enrolled in a 200-level or higher computer science course. Sometimes, it is convenient to connect to the lab network remotely, using the Secure Shell (SSH) protocol. To do that, you need an SSH client. Most Linux distributions provide a version of "openssh" that can be accessed through the terminal. If it is not installed by default, there are instructions at the bottom of this page for setting one up.
In Linux, you can usually connect to the lab directly using the "ssh" command. In Mac OS X, you can also use the "ssh" command if you first pull up the Terminal application (usually found under Applications/Utilities). However, to transfer files you may find it convenient to install a program called CyberDuck that provides a GUI which makes transferring files easier.
There is a good tutorial on how to enable SSH logins on your Mac at TechRadar.
We discourage the use of Windows systems in the lab for many reasons (such as security and poor network behavior). However, if you must connect to the network from a Windows system, there are several SSH clients you may use.
Be aware that text files, including source code, written on a Windows
machine use a different format than those on a Linux system. When transferring
files from one system to another, it is important to run the
dos2unix
or unix2dos
commands to convert between the
different formats.
To connect from a Windows system, you will need to download and install a terminal program that supports SSH. We recommend the following clients:
We greatly prefer that you use the workstations (rather than the servers)
for your work. The best way to connect to the workstations over SSH is to use
port forwarding (see below). However, if you need to connect directly to a
server, you can do it by opening up a terminal and typing:
ssh username@gandalf.cs.longwood.edu
Replace username
with the login name of your lab account. If
your username on the server is the same as the username on your personal
computer, you can omit the username@
and simply type:
ssh gandalf.cs.longwood.edu
Connecting directly to the server is generally a bad idea -- if you run any code that causes the server to crash, you'll take it down for everyone. Since the lab depends pretty heavily on having the servers up and running, this ruins everything for everyone. Also, if everyone logs into the server, it will run much slower than if we spread the load out among the workstations. For this reason, we do not install a complete development environment on the servers.
You should not do any serious work when logged in to the server.
To avoid these problems, I have set up port forwarding on both servers.
This means that if you connect to one of the servers on a special port, your
connection will be passed to one of the workstations as if you had logged into
that system directly.
Here are the ports for each system:
System | Port | System | Port |
---|---|---|---|
amdahl | 220 | stroustrup | 233 |
babbage | 221 | sutherland | 234 |
chomsky | 222 | turing | 235 |
church | 223 | vonneumann | 236 |
dijkstra | 224 | wirth | 237 |
kernighan | 225 | belladonna | 238 |
knuth | 226 | bilbo | 239 |
lamport | 227 | bullroarer | 240 |
lovelace | 228 | frodo | 241 |
mccarthy | 229 | merry | 242 |
pascal | 230 | pippin | 243 |
ritchie | 231 | samwise | 244 |
shannon | 232 |
To connect using a particular port, add the -p flag. For instance, to connect to frodo, type:
ssh -p 241 username@gandalf.cs.longwood.edu
An even easier method (if you are using Linux) is to download this config file and place it in your .ssh directory. Then you can simply type "ssh frodo" and openssh will take care of the port forwarding for you. This method is described in more detail later in this document.
Once you are logged into a workstation, you can connect to any other system in
the lab by typing "ssh" followed by the appropriate hostname.
For instance, you might type:
ssh vonneumann
to connect to the workstation named for John Von Neumann. Here are the names of the workstations you can use:
Since all the files in your home directory are stored on the server, you can connect directly to the server to retrieve or transfer files.
To copy a file from your laptop to the server, first change directories to
the folder which contains the file and type:
scp filename username@gandalf.cs.longwood.edu:
Replace filename
with the name of the file to copy and
username
with your login name in the lab. Be sure to place a
colon at the end, or it will make a local copy instead of transferring the
files over the network.
This only works for copying a single file. If you want to copy a folder,
add the flag -r
after the scp command:
scp -r folder username@gandalf.cs.longwood.edu:
This does a recursive copy, copying the folder and all its contents.
To copy a file from the server to your laptop, first cd to the directory in
which you want to place the file and then type:
scp username@gandalf.cs.longwood.edu:/path/to/file .
Replace username
with your lab account name and
/path/to/file
with the location of your files on the server.
Make sure you include the "dot" at the end of the command -- it indicates
that the files should go in the current directory. If you want to copy an
entire folder, add the flag -r
after the scp command.
If you only need to transfer files from your home directory, you can scp directly to the server. However, if you need to access a file that is only installed on the workstations (for instance, a file in a /scratch folder), you may need to use port forwarding.
Unfortunately, the flag for port forwarding in scp is different from the one
you use with ssh. Instead of a lowercase p, you need to use a capital
P:
scp -P 240 username@gandalf.cs.longwood.edu:/path/to/file filename
This is a lot easier to do if you are using the "config" file described
earlier. Then you can simply type:
scp username@frodo:/path/to/file
filename
(replace frodo with the name of whichever workstation has the file).
If you use scp to copy files from one user account to another, scp will
change the ownership and permissions on your files so that the new account owns
them. Usually, this is what you want. However, if you need to preserve
ownership and permissions, you can instead transfer a tarball and extract it.
A clever way to do this in one step is to use unix pipes:
tar czpvf - folder | ssh username@server "tar xzpvf -"
This creates a tarball of the folder, but instead of saving it to a file, it
buffers it in memory and sends it to the ssh command. The ssh command logins
into the server and then copies the tarball into the second tar command, which
extracts the files into your home directory.
By default SSH only provides a text connection, but if you are connecting from
an X11 session, you can get it to forward graphics to your machine by adding
the -Y flag:
ssh -Y username@gandalf.cs.longwood.edu
This doesn't typically work if you are "hopping" -- connecting to torvalds or
gandalf in order to connect to one of the workstations -- but it does if you
use port forwarding to connect directly to a workstation.
This technique also requires your system to be running an X graphics server. This is true of most Linux and Mac systems, but on Windows, you may need to install additional software. X forwarding can be slow and produce weird graphical artifacts like flicker and or incorrectly drawn windows. If you really need graphical access to a lab machine, you should consider using VNC or rdesktop instead.
When working on a project involving networking or web programming, you sometimes need to access ports other than port 22 (the SSH port). Since the host systems sit behind the firewall on torvalds and gandalf, such ports cannot be directly accessed from outside the lab. Fortunately, the SSH protocol can be used for tunneling. Tunneling means that the SSH client will listen for information on another port, then transmit that information to the remote system across the already established SSH connection. When the information reaches the other side of the connection, the SSH server will send it to the appropriate port.
For example, suppose I am using amdahl as a server and want to run a
program that will listen for connections on port 5000. The image below shows
how SSH can make port 5000 on the server available to the client:
To forward a port, use the -L flag. For example:
ssh -L5000:localhost:5000 amdahl
Would forward amdahl's port 5000 to port 5000 on your local system. If you
launch your server, it will run as usual and bind to port 5000. You can now
open a web browser on your local system and type:
http://localhost:5000
into the location bar. This will connect to the server running on amdahl's port 5000.
If you are using Putty, you can enable port forwarding by changing settings in the configuration menu. Click on the plus sign in front of "SSH", then select "Tunnels". Put the port number (5000) into the Source Port and put "localhost:5000" into the Destination field. Then click "Add".
You can save yourself a lot of typing by creating a file named "config" in the ".ssh" folder of your home directory (on your personal computer). For instance, if you don't want to type "gandalf.cs.longwood.edu" every time, you can add the following lines to that file:
Host gandalf
HostName gandalf.cs.longwood.edu
User username
ForwardX11Trusted yes
Replace username
with your actual account name on the server.
This creates an alias so that you can type just ssh gandalf
to
connect to the lab. It also enables X11 forwarding so that you don't need to
use the -Y flag.
A sample config file can be downloaded here and placed in your .ssh folder. It contains aliases for all the machines in the lab, but does not enable X11 forwarding by default. You can easily download it to your home directory by typing:
cd ~/.ssh
wget http://gandalf.cs.longwood.edu/config
Another trick is called "passwordless SSH", which allows you to connect using a cryptographic instead of using a password. First, on your personal computer, generate an RSA keypair:
ssh-keygen
You will be asked three questions. Simply press enter on all of them. This
command creates two files in your .ssh directory: id_rsa
and
id_rsa.pub
. The first file contains your secret key. The second
file, id_rsa.pub
, contains your public key. To enable
passwordless SSH, you must copy your public key into a file named
"authorized_keys" on the server. The easiest way to do this is to open up two
windows. In one window, log into a lab machine and type:
cd ~/.ssh
vim authorized_keys
Then type "i" to put vim in "Insert Mode".
In the other window, open up your id_rsa.pub
file. Then
copy/paste the entire contents of the public key file into vim. Be sure to
remove any extra linebreaks the copy/paste process might add.
You can use this same technique to allow passwordless log in from any lab system to any other lab system. All you have to do is repeat the process, but generate the private key on a lab machine (it doesn't matter which one). Since the SSH configuration files are in your home directory and the home directory is shared across the lab network, this will automatically give you passwordless access to and from every system in the lab.
To install openssh on an Arch Linux system, open up a terminal and type:
sudo pacman -S openssh
Arch has excellent documentation on SSH on the Archlinux wiki.
To install openssh on an Ubuntu Linux system, open up a terminal and type:
sudo apt-get install openssh-client
You will be prompted for a password and then the client will be installed.
For more information, see this site.
To install openssh on an OpenSuSE Linux system, open up a terminal and type:
sudo zypper install openssh
You will be prompted for a password and then the client will be installed.
For more information, see this site.
To install openssh on a Gentoo Linux system, open up a terminal, become the root user, and type:
emerge openssh
A version of openssh will be compiled and installed on your system.
For more information, see the Gentoo wiki.