User Tools

Site Tools


it:remote_access

Connecting to departmental computers via SSH

The only computer directly accessible to you from outside the department is meteo.mcgill.ca, also known as zephyr. Once logged into zephyr, you may connect to any other computer in the department as if you were inside.

Connecting in Linux or OS X

Without graphics

ssh AOS_USERNAME@meteo.mcgill.ca

:!: You may be interested in using tmux in combination with your SSH connections for long-running jobs.

With graphics

ssh -XC AOS_USERNAME@meteo.mcgill.ca
'-X' means tunnel X11 graphics.
'-C' enables compression.

:!: OS X sometimes has trouble with -X which provides a more secure X11 connection. You may use -Y instead if -X does not work.

Connecting with Windows

Without graphics

In order to connect to the department via SSH in Windows, you will require an SSH client. I recommend installing putty using the installer in the downloads section. Once installed, you may open it and input meteo.mcgill.ca as the hostname:

Once you select open, you will be prompted with a terminal window where you may enter your AOS username and password:

You are now connected.

With graphics

In order to connect to the department using graphics, you will require two applications:

  1. Putty: An SSH client for Windows.
  2. Xming: An X11 server for Windows.

Once you have Xming installed, please start it. Upon first starting it, you may receive the following prompt asking you to unblock the application

Please unblock the application.

You can then tell if Xming is working by looking near the clock in the system tray and verifying that the Xming logo is present as seen below:

Now that Xming is running, you will want to configure putty. Please open putty and navigate to ConnectionSSHX11 placing a checkmark in the open “Enable X11 Forwarding” as seen below:

We will now want to save this as default by navigating to “Session”, selecting “Default Settings” and clicking the “Save” button:

Now that we've saved our settings, we may connect to meteo.mcgill.ca by entering it in the “Host Name” field:

We now click “Open” and are presented with a terminal screen where we can enter our AOS username and password. Once connected, observe how we can run a graphical application on zephyr and have it be displayed on our remote computer

:!: Please do not run intensive jobs on zephyr as it is shared by everyone in the department.

Accessing McGill and AOS Web Resources

In order to access McGill resources, you may configure VPN using the McGill IT Guide on VPN. Alternatively, you may access the same web resources via configuring a proxy to the AOS department.

Configuring an SSH Proxy in Linux or OS X

To configure an SOCKS SSH proxy to the AOS department, you may issue the following command in the terminal:

[mhavas@lappy ~]$ ssh -D 8888 mhavas@meteo.mcgill.ca
Last login: Tue Jan 22 13:33:35 2013 from wpa182167.wireless.mcgill.ca
[mhavas@zephyr ~]$

Then with this shell open, you configure your web browser to use this proxy using the same information as found in the Windows section.

Configuring an SSH Proxy in Windows

In order to configure an SSH proxy to the department via SSH in Windows, you will require an SSH client. I recommend installing putty using the installer in the downloads section. The exact file to be in installed as of 2013-01-22 is putty-0.62-installer.exe.

Once installed and opened, you will need to configure it. Upon opening putty, you should be presented with a window as follows: The first step is then to enter meteo.mcgill.ca for the Host Name (or IP Address).

Once we have the hostname entered, we can navigate to Connection → SSH → Tunnels in the left-hand pane as shown below:

With Tunnels selected, we enter 8888 for the Source Port and ensure that the radio button Dynamic is selected as shown below.

We then click the Add button and the text D8888 should appear in the Forwarded ports section as shown:

Now that we have the tunnel, or proxy, selected. We can save our session by navigation to the Session category on the left-hand side. Please be aware that you may have to scroll up. Once there, enter the name Meteo proxy for the Saved Sessions name as shown below:

We are now ready to save the session by clicking the Save button. This will lead to the Meteo Proxy session being saved in the Saved Sessions box as you can see in the following image:

We're now ready to go. Simply double click on Meteo Proxy. If this is your first time connecting, you may be prompted with a Putty Security Alert as shown:

It is safe accept this key and selected Yes. If this not your first time connecting, you should be prompted to provide your AOS credentials:

It is vital that this black Putty window stay open while you configure Internet Explorer, Firefox or Chrome to use this proxy

Configuring your web browser to use the proxy

It is suggested to use Firefox when using the proxy as Firefox has an internal proxy configuration and does not affect the system-wide proxy configuration.

Configuring Firefox to use the Proxy

To configure Firefox to use the proxy, first start Firefox and access the Options through the Tools menu

With the Options window open, navigate to the Advanced tab:

Once in the Advanced tab, enter the Network sub-tab selecting the Connection Settings button:

In the window that opens you will want to select the Manual Proxy Configuration button and input localhost for SOCKS Host and 8888 for the port:

Once this is complete, you can click Ok closing all the windows except for Firefox. If everything worked as intended, you should be able to visit google and enter the query “what is my IP address”. Google should respond with 132.216.17.68:

Now any site that you visit will believe you are coming from 132.216.17.68 or zephyr which has access to all McGill and AOS Web resources.

Configuring Chrome to use the Proxy

To configure Chrome to use the proxy, first start Chrome and access the Settings through the wrench icon:

With the Settings page open, we need to expand it further by clicking the Show advanced settings link at the bottom of the page:

We then navigate to the Network heading selecting the Change proxy settings.

This brings up the proxy settings of your entire system (Windows, Mac or Linux). In this case, we will investigate the Windows settings.

We are interesting in navigating to the Connections tab and selecting the LAN Settings button:

We are interested in putting a checkmark in the Use a proxy server for your LAN checkbox. In addition, we would like to visit the Advanced options by clicking the button.

Within the advanced window that is spawned, we would like to enter localhost : 8888 on the Socks line.

Once complete, we can press Ok to all the open configuration windows and close the Settings page. If everything worked as intended, you should be able to visit google and enter the query “what is my IP address”. Google should respond with 132.216.17.68:

Now any site that you visit will believe you are coming from 132.216.17.68 or zephyr which has access to all McGill and AOS Web resources.

Configuring Internet Explorer to use the Proxy

To configure Internet Explorer (IE) to use the proxy, we must first open IE. Once opened, we would like to navigate to the ToolsInternet Options menu entry.

With the Internet Options open, we would like to navigate

We are interesting in navigating to the Connections tab and selecting the LAN Settings button:

We are interested in putting a checkmark in the Use a proxy server for your LAN checkbox. In addition, we would like to visit the Advanced options by clicking the button.

Within the advanced window that is spawned, we would like to enter localhost : 8888 on the Socks line.

Once complete, we can press Ok to all the open configuration windows. If everything worked as intended, you should be able to visit google and enter the query “what is my IP address”. Google should respond with 132.216.17.68:

Now any site that you visit will believe you are coming from 132.216.17.68 or zephyr which has access to all McGill and AOS Web resources.

Transferring files to or from your AOS directory

This section will concentrate on giving you instruction for connecting to the department remotely. This is useful for transferring files you may have forgot or simply working from the comforts of your home.

The only method for transferring data to or from the department is with SSH which offers are secure and efficient way of accessing our departmental systems.

Linux or OS X

While there are other tools that can copy data to or from the department, we will use rsync for this purpose. To transfer a single file (file.ext) to the department, you may do the following:

[mhavas@lappy ~]$ rsync -a /path/to/file.ext AOS_USERNAME@meteo.mcgill.ca:
AOS_USERNAME@meteo.mcgill.ca's password: 
[mhavas@lappy ~]$ 

:!: Note that:

  1. AOS_USERNAME should be changed to your AOS username
  2. : is important and refers to your home directory (/aos/home/AOS_USERNAME).

To transfer a single file from the department to your computer, you may do the following:

[mhavas@lappy ~]$ rsync -a AOS_USERNAME@meteo.mcgill.ca:path/to/file.ext /path/to/dest/
AOS_USERNAME@meteo.mcgill.ca's password: 
[mhavas@lappy ~]$ 

:!: Note that:

  1. :path/to/file.ext really means /aos/home/AOS_USERNAME/path/to/file.ext
  2. file.ext will be placed in /path/to/dest/ directory which can also be a relative path.

To transfer a directory and its contents to your computer, you may do the following:

[mhavas@lappy ~]$ rsync -a AOS_USERNAME@meteo.mcgill.ca:path/to/dir /path/to/dest/
AOS_USERNAME@meteo.mcgill.ca's password: 
[mhavas@lappy ~]$ 

To transfer the contents of directory to your computer, you may do the following:

[mhavas@lappy ~]$ rsync -a AOS_USERNAME@meteo.mcgill.ca:path/to/dir/ /path/to/dest/
AOS_USERNAME@meteo.mcgill.ca's password: 
[mhavas@lappy ~]$ 

:!: Note that the difference between copying a directory and its contents or just its contents is the addition of a trailing '/'.

To transfer a directory and its contents from your computer to the department, you may do the following:

[mhavas@lappy ~]$ rsync -a /path/to/dir AOS_USERNAME@meteo.mcgill.ca:path/to/dest/
AOS_USERNAME@meteo.mcgill.ca's password: 
[mhavas@lappy ~]$ 

To transfer the contents of directory from your computer to the department, you may do the following:

[mhavas@lappy ~]$ rsync -a /path/to/dir/ AOS_USERNAME@meteo.mcgill.ca:path/to/dest/ 
AOS_USERNAME@meteo.mcgill.ca's password: 
[mhavas@lappy ~]$ 

Windows

To transfer data to or from the department, you will want to download and install a program called Filezilla. Once you have Filezilla, you can connect to the department by filling out the following information

Host sftp://meteo.mcgill.ca
Username AOS_USERNAME
Password AOS_PASSWORD
Port 22

You may then press Quick Connect to be presented with your computer on the left pane and your AOS home directory on the right pane. See screenshot below:

Transferring data to or from your ''/storage'' directory

It is important to understand that the only system accessible to the outside world in our department is meteo.mcgill.ca also known as zephyr. You may think of this machine as the gatekeeper to our network. This system allows our network to be a bit more secure but causes some headaches for instance it makes it more difficult to connect to your computer's /storage disk.

To work around this, we use a technique called SSH tunneling. This process involves two steps:

  1. Establish an SSH tunnel from your computer through zephyr to your computer.
  2. Use the tunnel to transfer data to or from your computer directly using rsync as discussed above.

Throughout the following section we will be interested in accessing the /storage/ directory on bumblebee.meteo.mcgill.ca

Using Linux or OS X

We first establish an SSH tunnel through zephyr to bumblebee:

[mhavas@lappy ~]$ ssh -L2222:bumblebee:22 AOS_USERNAME@meteo.mcgill.ca
localuser@meteo.mcgill.ca's password: 
Last login: Thu May 17 15:54:19 2012 from 206.108.169.83
[localuser@zephyr ~]$

This establishes an SSH tunnel starting at port 2222 on your computer through zephyr and terminating at bumblebee on port 22 (the SSH port).

Now that the tunnel is established, we can connect with rsync to port 2222 on your computer to get direct access to bumblebee. Say we wish to transfer a directory directly to bumblebee, in a new terminal on your client computer:

[mhavas@lappy ~]$ rsync -e 'ssh -p 2222' -a /path/to/dir AOS_USERNAME@localhost:/storage/AOS_USERNAME/dest/
AOS_USERNAME@bumblebee's password: 
[mhavas@lappy ~]$ 

:!: Notice that:

  1. we specify -e 'ssh -p 2222' to tell rsync to use ssh on port 2222.
  2. We connect to localhost meaning your computer. Recall that port 2222 on your computer directly connects to bumblebee.

Similarly, with the tunnel established, we can transfer data from bumblebee directly to your computer. In a new terminal on your client computer::

[mhavas@lappy ~]$ rsync -e 'ssh -p 2222' -a AOS_USERNAME@localhost:/storage/AOS_USERNAME/dir /path/to/dest
AOS_USERNAME@bumblebee's password: 
[mhavas@lappy ~]$ 

Using Windows

In order to establish the SSH tunnel, you will want to download a program called putty. I suggest downloading and running the installer putty-0.62-installer.exe.

Once putty is installed, you can establish an SSH tunnel to bumblebee, using the following directions:

  1. Open putty setting meteo.mcgill.ca as the hostname
  2. Navigate to ConnectionSSHTunnels entering 2222 as “Source port” and bumblebee:22 as “Destination”.
  3. Click the “Add” button and you should see the following
  4. Navigate back to “Session” and save this session as something like “SSH tunnel to bumblebee”
  5. “Save” and “Open” and you will be presented with a black terminal window prompting for your AOS username and password:
  6. With putty connected and your SSH tunnel established, open filezilla and enter sftp://localhost/ as “Host”, your AOS username and password as well as 2222 as the port.

Then your computer will be on the left-pane and bumblebee on the right. You may then proceed to drag and drop to your heart's content.

FAQ regarding SSH

WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!

Sometimes you will try to connect to a machine and get error message

[mhavas@zephyr ~]$ ssh fuji
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
95:1e:6f:90:0b:2c:c4:73:30:d6:47:45:e7:92:53:40.
Please contact your system administrator.
Add correct host key in /aos/home/mhavas/.ssh/known_hosts to get rid of this message.
Offending key in /aos/home/mhavas/.ssh/known_hosts:295
RSA host key for fuji has changed and you have requested strict checking.
Host key verification failed.

This problem is likely the result of the computer being reinstalled and not saving the remote computer's unique SSH key generated at install time. To remove the old keys, you can do the following (using fuji as an example):

[mhavas@zephyr ~]$ ssh-keygen -R fuji                                   # Remove key for fuji
/aos/home/mhavas/.ssh/known_hosts updated.
Original contents retained as /aos/home/mhavas/.ssh/known_hosts.old
[mhavas@zephyr ~]$ ssh-keygen -R fuji.meteo.mcgill.ca                   # Remove key for full name of fuji
/aos/home/mhavas/.ssh/known_hosts updated.
Original contents retained as /aos/home/mhavas/.ssh/known_hosts.old
[mhavas@zephyr ~]$ nslookup fuji                                        # get the IP address of fuji
Server:         132.206.44.21
Address:        132.206.44.21#53

Name:   fuji.meteo.mcgill.ca
Address: 132.206.43.59

[mhavas@zephyr ~]$ ssh-keygen -R 132.206.43.59                          # Remove key for IP address of fuji
/aos/home/mhavas/.ssh/known_hosts updated.
Original contents retained as /aos/home/mhavas/.ssh/known_hosts.old
[mhavas@zephyr ~]$

Then to import the new key, you can simply connect to the machine again and say yes to whether or not you want to import the key.

[mhavas@zephyr ~]$ ssh fuji
The authenticity of host 'fuji (132.206.43.59)' can't be established.
RSA key fingerprint is 95:1e:6f:90:0b:2c:c4:73:30:d6:47:45:e7:92:53:40.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'fuji,132.206.43.59' (RSA) to the list of known hosts.
Last login: Mon May 21 15:18:29 2012 from zephyr.meteo.mcgill.ca
[mhavas@fuji ~]$
it/remote_access.txt · Last modified: 2015/11/25 13:59 by mhavas