Differenze
Queste sono le differenze tra la revisione selezionata e la versione attuale della pagina.
Entrambe le parti precedenti la revisione Revisione precedente Prossima revisione | Revisione precedente | ||
vlsi:computing_remote [22/06/2013 18:56] pacher |
— (versione attuale) | ||
---|---|---|---|
Linea 1: | Linea 1: | ||
- | ====== Accessing computing resources remotely ====== | ||
- | [ __[[vlsi:home|VLSI Home]]__ ] | ||
- | [ __[[vlsi:workbook|VLSI Design WorkBook]]__ ] | ||
- | [ __[[vlsi:computing_main#contents|Back to index]]__ ] | ||
- | |||
- | == Contents == | ||
- | |||
- | * [[vlsi:computing_remote#introduction|Introduction]] | ||
- | * [[vlsi:computing_remote#connecting_to_a_vlsi_machine|Connecting to a VLSI machine]] | ||
- | * [[vlsi:computing_remote#remote_connections_from_windows|Remote connections from Windows]] | ||
- | * [[vlsi:computing_remote#remote_desktop_access_with_nx_client|Remote desktop access with NX Client]] | ||
- | * [[vlsi:computing_remote#accessing_vlsi_machines_from_outside_the_infn_domain|Accessing VLSI machines from outside the INFN domain]] | ||
- | * [[vlsi:computing_remote#remote_file_transfers|Remote file transfers]] | ||
- | * [[vlsi:computing_remote#web_browsing_through_ssh|Web browsing through SSH]] | ||
- | * [[vlsi:computing_remote#tips_and_tricks|Tips and tricks]] | ||
- | |||
- | |||
- | |||
- | **Keywords:** ssh, X-server, scp, sftp, tunnelling | ||
- | |||
- | |||
- | ===== Introduction ===== | ||
- | |||
- | Once you have obtained a VLSI computing account, you are not required to physically | ||
- | work in front of a VLSI machine. As a matter of fact, you can always access your VLSI | ||
- | machine remotely using the **[[http://en.wikipedia.org/wiki/Secure_Shell|Secure Shell (SSH)]]** | ||
- | connection protocol and just work as you would be in front of it. For security issues, | ||
- | VLSI and INFN machines allow remote access only through <nowiki>SSH</nowiki>. Connections | ||
- | using unsecured protocols such as <nowiki>FTP</nowiki> and Telnet are refused. | ||
- | |||
- | This chapter describes how you can access the VLSI computing resources remotely (both from | ||
- | Linux/Mac or Windows machines) and gives further information about some common tasks (e.g. remote | ||
- | file transfers through SCP/SFTP, tunnelling over <nowiki>SSH</nowiki>) | ||
- | necessary to successfully work remotely. | ||
- | |||
- | ===== Connecting to a VLSI machine ===== | ||
- | |||
- | All IP addresses of the VLSI machines are visible from within the INFN computing networks, | ||
- | as well as from university computers. UNIX/Linux and Mac operating systems provide an <nowiki>SSH</nowiki> | ||
- | client out of the box which comes with the **[[http://www.openssh.org/|OpenSSH]]** package, simply run the | ||
- | ''ssh'' command from any terminal application. | ||
- | |||
- | To remotely access your VLSI machine open a terminal and type | ||
- | |||
- | <code> | ||
- | ssh -X username@eltxxxx.to.infn.it | ||
- | </code> | ||
- | |||
- | \\ | ||
- | The first time you connected you should retrive a warning message in the form | ||
- | |||
- | <code> | ||
- | The authenticity of host <hostname (IP address)> can't be established. | ||
- | RSA key fingerprint is <key>. | ||
- | Are you sure you want to continue connecting (yes/no)? | ||
- | </code> | ||
- | |||
- | \\ | ||
- | This is required by the ''ssh'' client to add the machine to the list of known hosts. | ||
- | Simply enter ''yes'' and press the ''Return'' key. This stuff is required just once. | ||
- | |||
- | Since the VLSI tools extensively use graphical interfaces you must also | ||
- | enable the **X forwarding** with the ''-X'' option passed to the ''ssh'' command. | ||
- | This is required to open graphical windows remotely. If you are using a Mac computer | ||
- | use ''ssh -Y'' indeed, because Mac's operating systems are stricter about X forwarding | ||
- | compared to Linux. The ''-Y'' option enables a //trusted X forwarding// and will allow | ||
- | you to work without any problem. If you want to connect from a Windows computer indeed, | ||
- | please refer to | ||
- | [[vlsi:computing_remote#remote_connections_from_windows|Remote connections from Windows]] | ||
- | istructions. | ||
- | |||
- | Be aware that X forwarding needs specific UNIX configurations and permissions to be set | ||
- | on the remote machine you want to access (e.g. ''~/.Xauthority'' file). | ||
- | Since these setups are not under your control, if the first time you connected you face | ||
- | any problems with X forwarding due to permission issues, | ||
- | please contact the VLSI system administrator ([[mazza@NOSPAMto.infn.it]], remove NOSPAM in the address). | ||
- | |||
- | [tmp]\\ | ||
- | You might need to set the ''DISPLAY'' environment variable. This variable must to be set to | ||
- | the IP address of your computer followed by a screen address. | ||
- | The latter can always be taken to be :0.0. | ||
- | |||
- | <code> | ||
- | setenv DISPLAY machine:0.0 | ||
- | </code> | ||
- | |||
- | \\ | ||
- | For more details about the usage of the ''ssh'' command type ''man ssh''. | ||
- | |||
- | Further readings and useful links are | ||
- | [[http://en.wikibooks.org/wiki/Guide_to_Unix/Explanations/Connecting_to_Remote_Unix]] | ||
- | and [[http://plaza.ufl.edu/cmcglone/eel5322/remote_setup.htm]] | ||
- | |||
- | |||
- | |||
- | ===== Remote connections from Windows ===== | ||
- | |||
- | If you are working on a system running Windows (XP, Vista, Seven) some additional | ||
- | software is required to deal with remote connections. In particular, you need | ||
- | |||
- | * an <nowiki>SSH</nowiki> client for Windows to establish the remote connection | ||
- | |||
- | * an X server for Windows to do X forwarding | ||
- | |||
- | Many different applications (both commercial and free) are available. For a free, simple and | ||
- | fast setup a popular choice is to use the **[[http://en.wikipedia.org/wiki/PuTTY|PuTTY]]** | ||
- | <nowiki>SSH</nowiki> client and the **[[http://en.wikipedia.org/wiki/Xming|Xming]]** display server. | ||
- | Another (actually quite complicated) free option is to use **[[http://www.cygwin.com/|Cygwin]]**. | ||
- | |||
- | PuTTY is a free and open source implementation of Telnet and <nowiki>SSH</nowiki> for Windows | ||
- | and UNIX platforms. It provides an ''xterm'' terminal emulator as well. If you don't need | ||
- | X forwarding PuTTY is enough to establish the remote connection and then interact with your machine | ||
- | through the command line only. It comes as a single executable (putty.exe, ~470 KB) which you can download from | ||
- | [[http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html|this page]]. \\ | ||
- | No installation is required, just save the file somewhere on your system. | ||
- | Since the ''C:\windows\'' folder is included in the default Windows search path, | ||
- | this is the recommended place, but you can put the executable wherever you like (e.g. Desktop). | ||
- | |||
- | Beside this <nowiki>SSH</nowiki> client, if you want to run a VLSI design tool or any other | ||
- | application which requires graphical interfaces you need an X server. Xming | ||
- | is a free implementation of the UNIX/Linux X Window System for Windows operating systems. | ||
- | Downloads are available at //[[http://www.straightrunning.com/XmingNotes/]]//. | ||
- | Although donations must be made to download the latest releases, packages | ||
- | listed as //Public Domain// are completely free. \\ | ||
- | You can download the Xming main installer (Xming-6-9-0-31-setup.exe, 2.2 <nowiki>MB</nowiki>) | ||
- | from [[http://sourceforge.net/projects/xming/files/Xming/6.9.0.31/|this direct link]]. | ||
- | An additional Xming-fonts package (Xming-fonts-7-5-0-47-setup.exe, ~31 <nowiki>MB</nowiki>) | ||
- | provides standard core X fonts which are required by the most common UNIX/Linux applications. | ||
- | The installation is very fast and easy, simply run the executables and follow the setup | ||
- | wizards. We can mention that along with the basic X server (Xming.exe) the | ||
- | default Xming full installation includes an enhanced version of PuTTY named PuTTY Link (plink.exe), | ||
- | which is a console <nowiki>SSH</nowiki> client similar to the ''ssh'' command on UNIX/Linux and | ||
- | Mac operating systems. The Xming-fonts package should be installed in the same directory where | ||
- | you installed Xming. | ||
- | |||
- | If you have successfully installed both PuTTY and Xming applications, follow the links | ||
- | reported below. They provide step-by-step instructions to setup and make a remote connection. | ||
- | |||
- | * [[computing_putty_config|Configuring PuTTY]] | ||
- | * [[computing_xming_config|Starting the X server]] | ||
- | * [[computing_putty_connection|Connecting to a remote machine]] | ||
- | |||
- | \\ | ||
- | Note that | ||
- | Use can these instructions to connect through <nowiki>SSH</nowiki> | ||
- | to any remote machine (INFN machines, CERN lxplus etc). | ||
- | |||
- | Secure remote file transfers on Windows are possible as well and will be discussed later. | ||
- | |||
- | Useful links: | ||
- | |||
- | * [[http://www.chiark.greenend.org.uk/~sgtatham/putty|Putty main page]] | ||
- | * [[http://www.chiark.greenend.org.uk/~sgtatham/putty/docs.html|PuTTY official documentation]] | ||
- | * [[http://www.straightrunning.com/XmingNotes/|Xming main page (with documentation)]] | ||
- | |||
- | \\ | ||
- | Different Web tutorials about the usage of PuTTY and Xming can be foud at: | ||
- | |||
- | * //[[http://kb.mediatemple.net/questions/1595/Using+SSH+in+PuTTY+%28Windows%29#gs]]// | ||
- | * //[[http://www.math.umn.edu/systems_guide/putty_xwin32.html]]// | ||
- | * //[[http://www.linux.ucla.edu/~phaethon/xming_cadence/xming_cadence.html]]// | ||
- | |||
- | ===== Remote desktop access with NX Client ===== | ||
- | |||
- | NX Client dovrebbe essere.... piu' veloce! e quindi si dovrebbe riuscire | ||
- | ad aprire cadence anche con meno banda! Esiste per Mac, Linux e Windows | ||
- | tranquillamente | ||
- | |||
- | |||
- | As an alternative to a SSH connection, you can try a remote desktop access with the | ||
- | NX Client tool. Only a limited number of simultanous connections are allowed, thus | ||
- | there is no guarantee that you can access the server at any moment. | ||
- | To set a remote desktop access, you must install the NX Client for Windows or NX Client | ||
- | for Linux in your computer. In the case of Windows, you must also install the "nxfonts-75dpi" | ||
- | |||
- | |||
- | * [[computing_nxclient_linux|Linux instructions]] | ||
- | |||
- | * [[computing_nxclient_windows|Windows instructions]] | ||
- | |||
- | |||
- | |||
- | |||
- | |||
- | ===== Accessing VLSI machines from outside the INFN domain ===== | ||
- | |||
- | VLSI machines are visible only from within INFN and university networks. | ||
- | You can always verify if your VLSI account is accessible using the ''ping'' | ||
- | command, | ||
- | |||
- | <code> | ||
- | ping username@eltxxxx.to.infn.it | ||
- | </code> | ||
- | |||
- | If you retrive an ''unknown host'' issue, then the machine cannot be accessed | ||
- | through a simple ''ssh''. | ||
- | |||
- | However, sometimes you might need to access your VLSI account at home or from another insitute. | ||
- | To do this, you must first connect through <nowiki>SSH</nowiki> to a machine of the INFN computing cluster. | ||
- | If you don't have an INFN computing account read [[computing_accounts|here]] how to obtain it. | ||
- | If you already have an INFN UNIX account, available machines for **public login** are | ||
- | **bennu.to.infn.it** and **phoinix.to.infn.it**. | ||
- | |||
- | To connect to one of these remote machines, open a terminal and use | ||
- | |||
- | <code> | ||
- | ssh [-X] username@bennu.to.infn.it | ||
- | </code> | ||
- | |||
- | \\ | ||
- | or configure a remote connection with PuTTY if you are working on Windows. | ||
- | Once logged into an INFN machine, you are back to the //to.infn.it// domain and you can access | ||
- | your VLSI machine **eltxxxx.to.infn.it** simply doing a further ''ssh'' at the new command prompt: | ||
- | |||
- | <code> | ||
- | ssh [-X] username@eltxxxx.to.infn.it | ||
- | </code> | ||
- | |||
- | \\ | ||
- | A smarter way to do this stuff is called **tunneling** and is described [[vlsi:computing_remote#tips_and_tricks|here]]. | ||
- | Note that if you want to open graphical windows use the ''-X'' option in both ''ssh'' connections on configure PuTTY | ||
- | to enable X forwarding before connecting to INFN central machines. | ||
- | |||
- | Accessing your VLSI machine from outside the INFN domain is useful if you need to access | ||
- | Cadence simulation data or other files and documents placed in your local area. \\ | ||
- | On the other hand, be aware that //**running Cadence remotely**// on a machine not at the University | ||
- | of Turin //**might be specifically forbidden by a license agreement or some other technology restrictions**//! | ||
- | In particular, Cadence remote working is forbidden unless the remote machine is within a specified | ||
- | distance from the license host machine. Furthermore, the contract for the usage of a particular | ||
- | technology may specifically prevent to run Cadence attached to that PDK outside the company site. | ||
- | |||
- | Please, **//run the VLSI tools only at the University of Turin//** or ask the system administrator | ||
- | ([[mazza@NOSPAMto.infn.it]], remove NOSPAM in the address) if you can remotely access Cadence and | ||
- | your technology from other sites. | ||
- | |||
- | ===== Remote file transfers ===== | ||
- | |||
- | You will be required quite often to deal with file transfers between | ||
- | a remote machine and your local system. For instance, you may have a file | ||
- | containing some Cadence simulation results located on your remote VLSI machine, | ||
- | and you need to download it to your laptop at home for further analysis. | ||
- | Since copying files //to// or //from// a remote system is a very common task, | ||
- | we provide here more information and how-to's about this topic. | ||
- | |||
- | There are many remote file transfer applications for both UNIX/Linux and Windows | ||
- | environments. As for security reasons VLSI and INFN machines allow remote access | ||
- | only through <nowiki>SSH</nowiki>, as well only **encrypted file transfers** using | ||
- | [[http://en.wikipedia.org/wiki/Secure_copy|Secure Copy (SCP)]] and | ||
- | [[http://en.wikipedia.org/wiki/SSH_File_Transfer_Protocol|SSH File Transfer Protocol (SFTP)]] | ||
- | programs can be performed. | ||
- | |||
- | ===== ===== | ||
- | \\ | ||
- | **Secure Copy (SCP)** | ||
- | |||
- | The SCP protocol allows files to be transferred remotely //to//, //from// or //between// | ||
- | different hosts through an encrypted connection. | ||
- | It uses <nowiki>SSH</nowiki> for data transfer and provides the same authentication | ||
- | and the same security level as <nowiki>SSH</nowiki>. | ||
- | |||
- | Similar to ''ssh'', on both UNIX/Linux and Mac operating systems an SCP client comes with | ||
- | **[[http://www.openssh.org/|OpenSSH]]** out of the box. Simply run the ''scp'' command | ||
- | in a terminal window. The usage of ''scp'' is similar to the well known ''cp'' command | ||
- | and follows the same basic syntax, | ||
- | |||
- | <code> | ||
- | scp [options] <source> <destination> | ||
- | </code> | ||
- | |||
- | \\ | ||
- | If you want to copy a file **//from a local system to a remote system//** use | ||
- | |||
- | <code> | ||
- | cd /path/to/filename/directory/ | ||
- | scp filename username@hostname:~/path/to/destination | ||
- | </code> | ||
- | |||
- | where ''hostname'' is the name of the remote machine on which you want to copy the file (e.g. ''eltxxxx.to.infn.it''). | ||
- | You will be prompted to enter your remote login password to complete the operation. Don't forget | ||
- | to include the colon '':'' before the destination path. \\ | ||
- | Giving an absolute destination path is optional, if you use | ||
- | |||
- | <code> | ||
- | scp filename username@hostname: | ||
- | </code> | ||
- | |||
- | the source file will be copied into your remote home directory ''~/''.\\ | ||
- | You can also copy multiple files at once, just provide a list | ||
- | of them, | ||
- | |||
- | <code> | ||
- | scp filename1 filename2 username@hostname:~/path/to/destination | ||
- | </code> | ||
- | |||
- | Finally, if you want to copy an entire directory you must use the ''-r'' option | ||
- | and make a recursive copy, | ||
- | |||
- | <code> | ||
- | scp -r directory username@hostname:~/path/to/destination | ||
- | </code> | ||
- | |||
- | \\ | ||
- | In the same vein you can use ''scp'' to copy files **//from a remote system to a local system//**.\\ | ||
- | As the source file is located on the remote machine you must | ||
- | put the hostname followed by the absolute path of the filename to be copied in front of the local | ||
- | destination path, | ||
- | |||
- | <code> | ||
- | cd /where/you/want/to/copy/your/file | ||
- | scp username@hostname:~/path/to/filename . | ||
- | </code> | ||
- | |||
- | The last dot ''.'' in the command means that the destination path is the | ||
- | current directory, but you can specify any absolute path. \\ | ||
- | This is actually the more usual case. As an example, you are working on a machine | ||
- | connected to INFN computing networks and you want to download a file from your | ||
- | remote VLSI machine or from your INFN UNIX account. | ||
- | |||
- | \\ | ||
- | The most general syntax of ''scp'' allows copying files **//from a remote system to another remote system//** | ||
- | without actually having to log into either of them. This could be useful to share files with | ||
- | a colleague. The basic syntax is | ||
- | |||
- | <code> | ||
- | scp username1@hostname1:~/path/to/filename username2@hostname2:~/path/to/destination | ||
- | </code> | ||
- | |||
- | where ''username1@hostname1'' is the source from which you want to copy the file and | ||
- | ''username2@hostname2'' is the destination where you want it to be copied. | ||
- | At first you will be prompted to enter the login password for ''username1'' | ||
- | on ''hostname1'' and then a second time for ''username2'' on ''hostname2''. | ||
- | |||
- | To succesfully copying files remotely the remote machines must be visible in the network. | ||
- | Thus, you cannot use ''scp'' to directly access files located on your VLSI machine | ||
- | from ouside INFN and university networks. You must perform two consecutive ''scp'''s indeed. | ||
- | That is, you must first connect through ''ssh'' to an INFN central machine and copying files | ||
- | from the VLSI account to your INFN UNIX account, | ||
- | |||
- | <code> | ||
- | ssh username@phoinix.to.infn.it | ||
- | ... | ||
- | ... | ||
- | phoinix.to.infn.it> mkdir tmp | ||
- | phoinix.to.infn.it> scp username@eltxxx.to.infn.it:~/path/to/filename ~/tmp/ | ||
- | </code> | ||
- | |||
- | then you can run a second ''scp'' on your local system (e.g. your laptop at home) | ||
- | and retrive the file from the INFN UNIX account. | ||
- | |||
- | <code> | ||
- | scp username@phoinix.to.infn.it:~/tmp/filename . | ||
- | </code> | ||
- | |||
- | \\ | ||
- | For more detailed information about the ''scp'' usage and options run ''man scp'' | ||
- | to access the manual pages. \\ | ||
- | Further useful link about ''scp'' could be //[[http://www2.imperial.ac.uk/~andy/sysnews/scp/]]// | ||
- | and //[[http://kb.iu.edu/data/agye.html]]//. | ||
- | |||
- | \\ | ||
- | If you are working on a system running Windows (XP, Vista, Seven) you need to install | ||
- | an SCP client. both graphical and command line applications. | ||
- | |||
- | A free and easy to use option is **PSCP** (pscp.exe) provided by the PuTTY project. | ||
- | It is a command line | ||
- | the official documentation | ||
- | [[http://the.earth.li/~sgtatham/putty/0.62/htmldoc/Chapter5.html#pscp|Using PSCP to transfer files securely]] | ||
- | |||
- | ===== ===== | ||
- | \\ | ||
- | \\ | ||
- | **<nowiki>SSH</nowiki> File Transfer Protocol (SFTP)** | ||
- | |||
- | The main disadvantage of ''scp'' is that if you want to copy a file | ||
- | from a remote system to a local system you must know //a priori// | ||
- | the exact absolute path of the remote file. An easier way to perform | ||
- | this operation is to use an SFTP program. | ||
- | |||
- | On both UNIX/Linux and Mac operating systems **[[http://www.openssh.org/|OpenSSH]]** | ||
- | provides an SFTP client out of the box with the ''sftp'' command line application. \\ | ||
- | Unlike the standard unsecured ''ftp'' client, ''sftp'' performs all the operations | ||
- | (commands and data transfers) over an encrypted <nowiki>SSH</nowiki> connection, | ||
- | preventing passwords and sensitive information from being transmitted in the clear over a network. | ||
- | |||
- | To start an ''sftp'' session, open a terminal and run the command | ||
- | |||
- | <code> | ||
- | sftp username@hostname | ||
- | </code> | ||
- | |||
- | where ''hostname'' is the name of the remote machine you want to connect to | ||
- | (e.g. eltxxxx.to.infn.it). You will be asked to enter your login password. | ||
- | |||
- | After you have successfully logged into the remote machine, | ||
- | ''sftp'' moves to your remote home directory. The UNIX prompt | ||
- | changes into ''sftp>'' and you can start interacting with the remote system | ||
- | using ''sftp'' commands. Besides downloading files, you can move between | ||
- | directories and list directory contents, as well as creating and removing | ||
- | directories or deleting files. \\ | ||
- | |||
- | To get a list of all available commands, type ''help'' at the ''sftp>'' prompt: | ||
- | |||
- | <code> | ||
- | sftp> help | ||
- | Available commands: | ||
- | bye Quit sftp | ||
- | cd path Change remote directory to 'path' | ||
- | chgrp grp path Change group of file 'path' to 'grp' | ||
- | chmod mode path Change permissions of file 'path' to 'mode' | ||
- | chown own path Change owner of file 'path' to 'own' | ||
- | df [-hi] [path] Display statistics for current directory or | ||
- | filesystem containing 'path' | ||
- | exit Quit sftp | ||
- | get [-P] remote-path [local-path] Download file | ||
- | help Display this help text | ||
- | lcd path Change local directory to 'path' | ||
- | lls [ls-options [path]] Display local directory listing | ||
- | lmkdir path Create local directory | ||
- | ln oldpath newpath Symlink remote file | ||
- | lpwd Print local working directory | ||
- | ls [-1aflnrSt] [path] Display remote directory listing | ||
- | lumask umask Set local umask to 'umask' | ||
- | mkdir path Create remote directory | ||
- | progress Toggle display of progress meter | ||
- | put [-P] local-path [remote-path] Upload file | ||
- | pwd Display remote working directory | ||
- | quit Quit sftp | ||
- | rename oldpath newpath Rename remote file | ||
- | rm path Delete remote file | ||
- | rmdir path Remove remote directory | ||
- | symlink oldpath newpath Symlink remote file | ||
- | version Show SFTP version | ||
- | !command Execute 'command' in local shell | ||
- | ! Escape to local shell | ||
- | ? Synonym for help | ||
- | </code> | ||
- | |||
- | \\ | ||
- | Commands for navigating remote files and directories (''cd'', ''pwd'', ''mkdir'' etc.) | ||
- | follow the same syntax of standard UNIX shell counterparts. The most notable difference | ||
- | is that there is a local and a remote version of each command, hence you can interact | ||
- | with both the remote and the local systems during an ''sftp'' session. | ||
- | In particular, commands prefixed by an ''l'' (''lcd'', ''lpwd'', ''lmkdir'' etc.) idicate | ||
- | a local command. | ||
- | |||
- | The ''get'' command allows you to **download files** from the remote machine, | ||
- | |||
- | <code> | ||
- | sftp> cd /path/to/filename/directory/ | ||
- | sftp> get filename [/local/path/where/you/want/to/put/the/file] | ||
- | </code> | ||
- | |||
- | If you omit the destination path the file will be put in the local | ||
- | directory where you started ''sftp''. You can also download multiple | ||
- | files at once by using the ''mget'' command, | ||
- | |||
- | <code> | ||
- | sftp> mget filename1 filename2 | ||
- | </code> | ||
- | |||
- | Since ''sftp'' does not support recursive copies you cannot retrive | ||
- | an entire directory and all sub-directories. You can perform a multiple | ||
- | download over single files with ''mget'', | ||
- | |||
- | <code> | ||
- | sftp> cd /path/to/directory/ | ||
- | sftp> mget * | ||
- | </code> | ||
- | |||
- | or use the ''scp -r'' command instead. Actually, the best work aroud | ||
- | when you want to copy a remote directory is to open a standard ''ssh'' session work | ||
- | and [[vlsi:unix_basics#working_with_compressed_files|create a compressed archive]] | ||
- | of the directory with ''tar'' and ''gzip'' utilities. Then you can download the | ||
- | ''tar.gz'' file with ''scp'' or ''sftp''. | ||
- | |||
- | You can also **upload files** from the local system to the remote system | ||
- | by using ''put'' and ''mput'' commands, | ||
- | |||
- | <code> | ||
- | sftp> put /absolute/local/path/to/filename [/remote/path/where/you/want/to/put/the/file] | ||
- | </code> | ||
- | |||
- | If you omit the destination path the file will be uploaded in the remote | ||
- | current directory. | ||
- | |||
- | \\ | ||
- | To end the ''sftp'' session, simply type ''exit'', ''quit'' or ''bye'' at the prompt, e.g. | ||
- | |||
- | <code> | ||
- | sftp> exit | ||
- | </code> | ||
- | |||
- | \\ | ||
- | For more detailed information about ''sftp'', run ''man scp'' to access the manual pages. | ||
- | |||
- | |||
- | |||
- | With PuTTY **PSFTP** (psftp.exe) | ||
- | the official documentation | ||
- | [[http://the.earth.li/~sgtatham/putty/0.62/htmldoc/Chapter6.html#psftp|Using PSFTP to transfer files securely]] | ||
- | |||
- | Another free and open source application is **Windows Secure Copy (WinSCP)**, which comes | ||
- | as a graphical interface tool. is an open source SFTP client for Windows. | ||
- | |||
- | ===== ===== | ||
- | \\ | ||
- | **Copying large files and directories** | ||
- | |||
- | The best work aroud when you want to copy large files and directories is to | ||
- | [[vlsi:unix_basics#working_with_compressed_files|create a compressed archive]] | ||
- | with ''tar'' and ''gzip'' utilities, | ||
- | |||
- | <code> | ||
- | tar -xczf fileName.tar.gz fileName | ||
- | </code> | ||
- | |||
- | |||
- | Then you can download or upload the ''tar.gz'' file with ''scp'' or ''sftp''. | ||
- | |||
- | ===== Web browsing through SSH ===== | ||
- | |||
- | Reading scientific literature play a central role in the research and design activity. | ||
- | Very often you will need to get **online papers**, largely from | ||
- | **[[http://ieeexplore.ieee.org/Xplore/|IEEE]]** or | ||
- | **[[http://www.journals.elsevier.com/nuclear-instruments-and-methods-in-physics-research-section-a-accelerators-spectrometers-detectors-and-associated-equipment/|Nuclear Instruments and Methods in Physics Research]]** journals. | ||
- | |||
- | The majority of such documents is available after paying subscribers only and | ||
- | cannot be read or downloaded for free. Actually, academic and research institutes | ||
- | can purchase subscriptions for their users. That is, you can access online papers | ||
- | without any restrictions, because they have been purchased for you by the institute! \\ | ||
- | Both INFN and University of Turin provide this support, as well as CERN. | ||
- | Be aware that at present the subscription with IEEE is available through a CERN | ||
- | computing account only. | ||
- | |||
- | You are allowed to read and download papers without any authentication | ||
- | only by using a Web browser running on a machine which is | ||
- | part of the institute computing networks. Thus, if your are working on a | ||
- | machine connected to university or INFN networks you are ok, as well as | ||
- | if you are personally at CERN. Otherwise, you cannot access restricted | ||
- | pubblications for free from your home or another site, because you don't | ||
- | have a username and a password to do it. | ||
- | To get rid of this limitation, some further work around is required. | ||
- | |||
- | The quick-and-dirty way is to simply use X forwarding and open the Web browser | ||
- | on a remote machine. This would be a pain, because the connection speed would | ||
- | be saturated to display the the graphical window of the remote browser! | ||
- | |||
- | The most efficient solution is to create an **<nowiki>SSH</nowiki> tunnel** indeed, | ||
- | then configuring your browser to retrive Web data through it (port forwarding). | ||
- | Using an <nowiki>SSH</nowiki> tunnel is significantly faster than trying | ||
- | to open a remote session of the browser, because the display rendering | ||
- | is done on your local machine and not on the remote one. | ||
- | |||
- | The recommended browser for this purpose is **Firefox**. Step-by-step instructions | ||
- | to setup Firefox and create an <nowiki>SSH</nowiki> tunnel on both UNIX/Linux and and Windows | ||
- | operating systems can be found [[computing_firefox_tunnelling|here]]. | ||
- | |||
- | ===== Tips and tricks ===== | ||
- | |||
- | //The Secure Shell: The Definitive Guide// | ||
- | |||
- | **Tunnelling** | ||
- | |||
- | Double-hop ssh tunnel (ssh on one machine, then on another) | ||
- | |||
- | Situation: A and B are remote hosts. Local machine can SSH into A, but not B. B ONLY accepts SSH connections from A. | ||
- | |||
- | one SSH from local to A that tunnels from a secondary local port (like 2121) to port 21 on B, and then you can SSH to localhost:2121 and login on B | ||
- | |||
- | Un modo ad esempio e': | ||
- | |||
- | |||
- | |||
- | <code> | ||
- | ssh -l username -L 7777:eltXXX.to.infn.it:22 zoroastro.to.infn.it cat - | ||
- | </code> | ||
- | |||
- | poi la shell rest ain hang, si apre un altro terminale e si mette | ||
- | |||
- | <code> | ||
- | ssh -p 7777 username@localhost | ||
- | </code> | ||
- | |||
- | e funziona! | ||
- | |||
- | |||
- | |||
- | |||
- | |||
- | See also //[[http://picobit.wordpress.com/2009/04/26/linux-ssh-forwarding-tunneling-duble-ssh-using-the-console/]]// | ||
- | |||
- | |||
- | |||
- | \\ | ||
- | \\ | ||
- | **Performing <nowiki>SSH</nowiki> login and SCP without password** | ||
- | |||
- | Enter your password every time you want to ssh into you machine is quite annoying! | ||
- | |||
- | ''~/.ssh'' directory in your home | ||
- | |||
- | <code> | ||
- | cd ~/.ssh | ||
- | ssh-keygen [options] | ||
- | </code> | ||
- | |||
- | generate a key | ||
- | |||
- | |||
- | generate a couple of keys, one public and one private with the ''ssh-keygen'' command | ||
- | which come with OpenSSH | ||
- | |||
- | You will be prompted to specify a path (the default one ''~/.ssh/id_rsa'' works fine) and a **passphrase** (do not | ||
- | use an empty passphrase) | ||
- | |||
- | |||
- | <code> | ||
- | Generating public/private rsa key pair. | ||
- | Enter file in which to save the key (/home/username/.ssh/id_rsa): <hit Return to leave default or specify a different path> | ||
- | Enter passphrase (empty for no passphrase): <enter a passphrase or leave it empty> | ||
- | Enter same passphrase again: <confirm passphrase> | ||
- | The key fingerprint is: | ||
- | 53:f8:08:27:20:a1:82:d7:ad:ac:44:30:48:71:17:05 username@local.hostname | ||
- | </code> | ||
- | |||
- | |||
- | |||
- | After keys has been succesfully generated you have to **copy the public key on the remote system** | ||
- | you want to connect to through <nowiki>SSH</nowiki> | ||
- | |||
- | <code> | ||
- | ls ~/.ssh | ||
- | </code> | ||
- | |||
- | you can use ''scp'' itself, | ||
- | |||
- | <code> | ||
- | cd ~/.ssh | ||
- | scp id_rsa.pub username@remote.hostname:~/ | ||
- | </code> | ||
- | |||
- | |||
- | login on the remote system, | ||
- | |||
- | <code> | ||
- | ssh username@remote.hostname | ||
- | </code> | ||
- | |||
- | move the ''id.rsa.pub'' as ''~/.ssh/authorized_keys | ||
- | |||
- | <code> | ||
- | mv ~/id.rsa.pub ~/.ssh/authorized_keys | ||
- | </code> | ||
- | |||
- | |||
- | E questo e' sufficiente, loggarsi e immettere il passphrase oppure nulla se non la si e' | ||
- | inserita. | ||
- | |||
- | |||
- | |||
- | [[http://www.thegeekstuff.com/2008/06/perform-ssh-and-scp-without-entering-password-on-openssh/]] | ||
- | |||
- | |||
- | ====== ====== | ||
- | \\ | ||
- | ---- | ||
- | |||
- | Last update: [[ pacher@NOSPAMto.infn.it | Luca Pacher ]] - Mar 11, 2013 | ||
- | |||
- | ~~NOTOC~~ |