The only computer directly accessible to you from outside the department is meteo.mcgill.ca
, also known as zephyr
. Once logged into zephyr
, you may connect to any other computer in the department as if you were inside.
ssh AOS_USERNAME@meteo.mcgill.ca
You may be interested in using tmux in combination with your SSH connections for long-running jobs.
ssh -XC AOS_USERNAME@meteo.mcgill.ca | '-X' means tunnel X11 graphics. '-C' enables compression. |
OS X sometimes has trouble with
-X
which provides a more secure X11 connection. You may use -Y
instead if -X
does not work.
In order to connect to the department via SSH in Windows, you will require an SSH client. I recommend installing putty using the installer in the downloads section. Once installed, you may open it and input meteo.mcgill.ca
as the hostname:
Once you select open
, you will be prompted with a terminal window where you may enter your AOS username and password:
You are now connected.
In order to connect to the department using graphics, you will require two applications:
Once you have Xming installed, please start it. Upon first starting it, you may receive the following prompt asking you to unblock the application
Please unblock the application.
You can then tell if Xming is working by looking near the clock in the system tray and verifying that the Xming logo is present as seen below:
Now that Xming is running, you will want to configure putty. Please open putty and navigate to Connection → SSH → X11 placing a checkmark in the open “Enable X11 Forwarding” as seen below:
We will now want to save this as default by navigating to “Session”, selecting “Default Settings” and clicking the “Save” button:
Now that we've saved our settings, we may connect to meteo.mcgill.ca
by entering it in the “Host Name” field:
We now click “Open” and are presented with a terminal screen where we can enter our AOS username and password. Once connected, observe how we can run a graphical application on zephyr
and have it be displayed on our remote computer
Please do not run intensive jobs on
zephyr
as it is shared by everyone in the department.
In order to access McGill resources, you may configure VPN using the McGill IT Guide on VPN. Alternatively, you may access the same web resources via configuring a proxy to the AOS department.
To configure an SOCKS SSH proxy to the AOS department, you may issue the following command in the terminal:
[mhavas@lappy ~]$ ssh -D 8888 mhavas@meteo.mcgill.ca Last login: Tue Jan 22 13:33:35 2013 from wpa182167.wireless.mcgill.ca [mhavas@zephyr ~]$
Then with this shell open, you configure your web browser to use this proxy using the same information as found in the Windows section.
In order to configure an SSH proxy to the department via SSH in Windows, you will require an SSH client. I recommend installing putty using the installer in the downloads section. The exact file to be in installed as of 2013-01-22 is putty-0.62-installer.exe
.
Once installed and opened, you will need to configure it. Upon opening putty
, you should be presented with a window as follows:
The first step is then to enter
meteo.mcgill.ca
for the Host Name (or IP Address).
Once we have the hostname entered, we can navigate to Connection → SSH → Tunnels in the left-hand pane as shown below:
With Tunnels selected, we enter 8888
for the Source Port
and ensure that the radio button Dynamic
is selected as shown below.
We then click the Add
button and the text D8888
should appear in the Forwarded
ports section as shown:
Now that we have the tunnel, or proxy, selected. We can save our session by navigation to the Session
category on the left-hand side. Please be aware that you may have to scroll up. Once there, enter the name Meteo proxy
for the Saved Sessions
name as shown below:
We are now ready to save the session by clicking the Save
button. This will lead to the Meteo Proxy
session being saved in the Saved Sessions
box as you can see in the following image:
We're now ready to go. Simply double click on Meteo Proxy
. If this is your first time connecting, you may be prompted with a Putty Security Alert
as shown:
It is safe accept this key and selected Yes. If this not your first time connecting, you should be prompted to provide your AOS credentials:
It is vital that this black Putty window stay open while you configure Internet Explorer, Firefox or Chrome to use this proxy
It is suggested to use Firefox when using the proxy as Firefox has an internal proxy configuration and does not affect the system-wide proxy configuration.
To configure Firefox to use the proxy, first start Firefox and access the Options through the Tools
menu
With the Options
window open, navigate to the Advanced
tab:
Once in the Advanced
tab, enter the Network
sub-tab selecting the Connection Settings
button:
In the window that opens you will want to select the Manual Proxy Configuration
button and input localhost
for SOCKS Host
and 8888
for the port:
Once this is complete, you can click Ok
closing all the windows except for Firefox. If everything worked as intended, you should be able to visit google and enter the query “what is my IP address”. Google should respond with 132.216.17.68
:
Now any site that you visit will believe you are coming from 132.216.17.68
or zephyr
which has access to all McGill and AOS Web resources.
To configure Chrome to use the proxy, first start Chrome and access the Settings
through the wrench icon:
With the Settings page open, we need to expand it further by clicking the Show advanced settings
link at the bottom of the page:
We then navigate to the Network heading selecting the Change proxy settings
.
This brings up the proxy settings of your entire system (Windows, Mac or Linux). In this case, we will investigate the Windows settings.
We are interesting in navigating to the Connections tab
and selecting the LAN Settings
button:
We are interested in putting a checkmark in the Use a proxy server for your LAN checkbox
. In addition, we would like to visit the Advanced
options by clicking the button.
Within the advanced window that is spawned, we would like to enter localhost
: 8888
on the Socks line.
Once complete, we can press Ok
to all the open configuration windows and close the Settings page. If everything worked as intended, you should be able to visit google and enter the query “what is my IP address”. Google should respond with 132.216.17.68
:
Now any site that you visit will believe you are coming from 132.216.17.68
or zephyr
which has access to all McGill and AOS Web resources.
To configure Internet Explorer (IE) to use the proxy, we must first open IE. Once opened, we would like to navigate to the Tools
→ Internet Options
menu entry.
With the Internet Options
open, we would like to navigate
We are interesting in navigating to the Connections tab
and selecting the LAN Settings
button:
We are interested in putting a checkmark in the Use a proxy server for your LAN checkbox
. In addition, we would like to visit the Advanced
options by clicking the button.
Within the advanced window that is spawned, we would like to enter localhost
: 8888
on the Socks line.
Once complete, we can press Ok
to all the open configuration windows. If everything worked as intended, you should be able to visit google and enter the query “what is my IP address”. Google should respond with 132.216.17.68
:
Now any site that you visit will believe you are coming from 132.216.17.68
or zephyr
which has access to all McGill and AOS Web resources.
This section will concentrate on giving you instruction for connecting to the department remotely. This is useful for transferring files you may have forgot or simply working from the comforts of your home.
The only method for transferring data to or from the department is with SSH which offers are secure and efficient way of accessing our departmental systems.
While there are other tools that can copy data to or from the department, we will use rsync
for this purpose. To transfer a single file (file.ext
) to the department, you may do the following:
[mhavas@lappy ~]$ rsync -a /path/to/file.ext AOS_USERNAME@meteo.mcgill.ca: AOS_USERNAME@meteo.mcgill.ca's password: [mhavas@lappy ~]$
Note that:
:
is important and refers to your home directory (/aos/home/AOS_USERNAME
).To transfer a single file from the department to your computer, you may do the following:
[mhavas@lappy ~]$ rsync -a AOS_USERNAME@meteo.mcgill.ca:path/to/file.ext /path/to/dest/ AOS_USERNAME@meteo.mcgill.ca's password: [mhavas@lappy ~]$
Note that:
:path/to/file.ext
really means /aos/home/AOS_USERNAME/path/to/file.ext
file.ext
will be placed in /path/to/dest/
directory which can also be a relative path.To transfer a directory and its contents to your computer, you may do the following:
[mhavas@lappy ~]$ rsync -a AOS_USERNAME@meteo.mcgill.ca:path/to/dir /path/to/dest/ AOS_USERNAME@meteo.mcgill.ca's password: [mhavas@lappy ~]$
To transfer the contents of directory to your computer, you may do the following:
[mhavas@lappy ~]$ rsync -a AOS_USERNAME@meteo.mcgill.ca:path/to/dir/ /path/to/dest/ AOS_USERNAME@meteo.mcgill.ca's password: [mhavas@lappy ~]$
Note that the difference between copying a directory and its contents or just its contents is the addition of a trailing '/'.
To transfer a directory and its contents from your computer to the department, you may do the following:
[mhavas@lappy ~]$ rsync -a /path/to/dir AOS_USERNAME@meteo.mcgill.ca:path/to/dest/ AOS_USERNAME@meteo.mcgill.ca's password: [mhavas@lappy ~]$
To transfer the contents of directory from your computer to the department, you may do the following:
[mhavas@lappy ~]$ rsync -a /path/to/dir/ AOS_USERNAME@meteo.mcgill.ca:path/to/dest/ AOS_USERNAME@meteo.mcgill.ca's password: [mhavas@lappy ~]$
To transfer data to or from the department, you will want to download and install a program called Filezilla. Once you have Filezilla, you can connect to the department by filling out the following information
Host | sftp://meteo.mcgill.ca |
---|---|
Username | AOS_USERNAME |
Password | AOS_PASSWORD |
Port | 22 |
You may then press Quick Connect to be presented with your computer on the left pane and your AOS home directory on the right pane. See screenshot below:
It is important to understand that the only system accessible to the outside world in our department is meteo.mcgill.ca
also known as zephyr
. You may think of this machine as the gatekeeper to our network. This system allows our network to be a bit more secure but causes some headaches for instance it makes it more difficult to connect to your computer's /storage disk.
To work around this, we use a technique called SSH tunneling. This process involves two steps:
rsync
as discussed above.
Throughout the following section we will be interested in accessing the /storage/ directory on bumblebee.meteo.mcgill.ca
We first establish an SSH tunnel through zephyr
to bumblebee:
[mhavas@lappy ~]$ ssh -L2222:bumblebee:22 AOS_USERNAME@meteo.mcgill.ca localuser@meteo.mcgill.ca's password: Last login: Thu May 17 15:54:19 2012 from 206.108.169.83 [localuser@zephyr ~]$
This establishes an SSH tunnel starting at port 2222 on your computer through zephyr
and terminating at bumblebee
on port 22 (the SSH port).
Now that the tunnel is established, we can connect with rsync
to port 2222 on your computer to get direct access to bumblebee. Say we wish to transfer a directory directly to bumblebee, in a new terminal on your client computer:
[mhavas@lappy ~]$ rsync -e 'ssh -p 2222' -a /path/to/dir AOS_USERNAME@localhost:/storage/AOS_USERNAME/dest/ AOS_USERNAME@bumblebee's password: [mhavas@lappy ~]$
Notice that:
-e 'ssh -p 2222'
to tell rsync to use ssh on port 2222.localhost
meaning your computer. Recall that port 2222 on your computer directly connects to bumblebee.Similarly, with the tunnel established, we can transfer data from bumblebee directly to your computer. In a new terminal on your client computer::
[mhavas@lappy ~]$ rsync -e 'ssh -p 2222' -a AOS_USERNAME@localhost:/storage/AOS_USERNAME/dir /path/to/dest AOS_USERNAME@bumblebee's password: [mhavas@lappy ~]$
In order to establish the SSH tunnel, you will want to download a program called putty. I suggest downloading and running the installer putty-0.62-installer.exe
.
Once putty is installed, you can establish an SSH tunnel to bumblebee, using the following directions:
Then your computer will be on the left-pane and bumblebee on the right. You may then proceed to drag and drop to your heart's content.
Sometimes you will try to connect to a machine and get error message
[mhavas@zephyr ~]$ ssh fuji @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that the RSA host key has just been changed. The fingerprint for the RSA key sent by the remote host is 95:1e:6f:90:0b:2c:c4:73:30:d6:47:45:e7:92:53:40. Please contact your system administrator. Add correct host key in /aos/home/mhavas/.ssh/known_hosts to get rid of this message. Offending key in /aos/home/mhavas/.ssh/known_hosts:295 RSA host key for fuji has changed and you have requested strict checking. Host key verification failed.
This problem is likely the result of the computer being reinstalled and not saving the remote computer's unique SSH key generated at install time. To remove the old keys, you can do the following (using fuji
as an example):
[mhavas@zephyr ~]$ ssh-keygen -R fuji # Remove key for fuji /aos/home/mhavas/.ssh/known_hosts updated. Original contents retained as /aos/home/mhavas/.ssh/known_hosts.old [mhavas@zephyr ~]$ ssh-keygen -R fuji.meteo.mcgill.ca # Remove key for full name of fuji /aos/home/mhavas/.ssh/known_hosts updated. Original contents retained as /aos/home/mhavas/.ssh/known_hosts.old [mhavas@zephyr ~]$ nslookup fuji # get the IP address of fuji Server: 132.206.44.21 Address: 132.206.44.21#53 Name: fuji.meteo.mcgill.ca Address: 132.206.43.59 [mhavas@zephyr ~]$ ssh-keygen -R 132.206.43.59 # Remove key for IP address of fuji /aos/home/mhavas/.ssh/known_hosts updated. Original contents retained as /aos/home/mhavas/.ssh/known_hosts.old [mhavas@zephyr ~]$
Then to import the new key, you can simply connect to the machine again and say yes
to whether or not you want to import the key.
[mhavas@zephyr ~]$ ssh fuji The authenticity of host 'fuji (132.206.43.59)' can't be established. RSA key fingerprint is 95:1e:6f:90:0b:2c:c4:73:30:d6:47:45:e7:92:53:40. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'fuji,132.206.43.59' (RSA) to the list of known hosts. Last login: Mon May 21 15:18:29 2012 from zephyr.meteo.mcgill.ca [mhavas@fuji ~]$