Accessing computing resources remotely

Contents

Once you have obtained a VLSI computing account, you are not required to physically work in front of a VLSI machine. As a matter of fact, you can always access your VLSI machine remotely using the Secure Shell (SSH) connection protocol and just work as you would be in front of it. For security issues, VLSI and INFN machines allow remote access only through SSH. Connections using unsecured protocols such as FTP and Telnet are refused.

This chapter describes how you can access the VLSI computing resources remotely (both from Linux/Mac or Windows machines) and gives further information about some common tasks (e.g. remote file transfers through SCP/SFTP, tunnelling over SSH) necessary to successfully work remotely.

All IP addresses of the VLSI machines are visible from within the INFN computing networks, as well as from university computers. UNIX/Linux and Mac operating systems provide an SSH client out of the box which comes with the OpenSSH package, simply run the ssh command from any terminal application.

To remotely access your VLSI machine open a terminal and type

ssh -X username@eltxxxx.to.infn.it


The first time you connected you should retrive a warning message in the form

The authenticity of host <hostname (IP address)> can't be established.
RSA key fingerprint is <key>.
Are you sure you want to continue connecting (yes/no)?


This is required by the ssh client to add the machine to the list of known hosts. Simply enter yes and press the Return key. This stuff is required just once.

Since the VLSI tools extensively use graphical interfaces you must also enable the X forwarding with the -X option passed to the ssh command. This is required to open graphical windows remotely. If you are using a Mac computer use ssh -Y indeed, because Mac's operating systems are stricter about X forwarding compared to Linux. The -Y option enables a trusted X forwarding and will allow you to work without any problem. If you want to connect from a Windows computer indeed, please refer to Remote connections from Windows istructions.

Be aware that X forwarding needs specific UNIX configurations and permissions to be set on the remote machine you want to access (e.g. ~/.Xauthority file). Since these setups are not under your control, if the first time you connected you face any problems with X forwarding due to permission issues, please contact the VLSI system administrator (mazza@NOSPAMto.infn.it, remove NOSPAM in the address).

[tmp]
You might need to set the DISPLAY environment variable. This variable must to be set to the IP address of your computer followed by a screen address. The latter can always be taken to be :0.0.

setenv DISPLAY machine:0.0


For more details about the usage of the ssh command type man ssh.

Further readings and useful links are http://en.wikibooks.org/wiki/Guide_to_Unix/Explanations/Connecting_to_Remote_Unix and http://plaza.ufl.edu/cmcglone/eel5322/remote_setup.htm

If you are working on a system running Windows (XP, Vista, Seven) some additional software is required to deal with remote connections. In particular, you need

  • an SSH client for Windows to establish the remote connection
  • an X server for Windows to do X forwarding

Many different applications (both commercial and free) are available. For a free, simple and fast setup a popular choice is to use the PuTTY SSH client and the Xming display server. Another (actually quite complicated) free option is to use Cygwin.

PuTTY is a free and open source implementation of Telnet and SSH for Windows and UNIX platforms. It provides an xterm terminal emulator as well. If you don't need X forwarding PuTTY is enough to establish the remote connection and then interact with your machine through the command line only. It comes as a single executable (putty.exe, ~470 KB) which you can download from this page.
No installation is required, just save the file somewhere on your system. Since the C:\windows\ folder is included in the default Windows search path, this is the recommended place, but you can put the executable wherever you like (e.g. Desktop).

Beside this SSH client, if you want to run a VLSI design tool or any other application which requires graphical interfaces you need an X server. Xming is a free implementation of the UNIX/Linux X Window System for Windows operating systems. Downloads are available at http://www.straightrunning.com/XmingNotes/. Although donations must be made to download the latest releases, packages listed as Public Domain are completely free.
You can download the Xming main installer (Xming-6-9-0-31-setup.exe, 2.2 MB) from this direct link. An additional Xming-fonts package (Xming-fonts-7-5-0-47-setup.exe, ~31 MB) provides standard core X fonts which are required by the most common UNIX/Linux applications. The installation is very fast and easy, simply run the executables and follow the setup wizards. We can mention that along with the basic X server (Xming.exe) the default Xming full installation includes an enhanced version of PuTTY named PuTTY Link (plink.exe), which is a console SSH client similar to the ssh command on UNIX/Linux and Mac operating systems. The Xming-fonts package should be installed in the same directory where you installed Xming.

If you have successfully installed both PuTTY and Xming applications, follow the links reported below. They provide step-by-step instructions to setup and make a remote connection.


Note that Use can these instructions to connect through SSH to any remote machine (INFN machines, CERN lxplus etc).

Secure remote file transfers on Windows are possible as well and will be discussed later.

Useful links:


Different Web tutorials about the usage of PuTTY and Xming can be foud at:

Remote desktop access with NX Client

NX Client dovrebbe essere…. piu' veloce! e quindi si dovrebbe riuscire ad aprire cadence anche con meno banda! Esiste per Mac, Linux e Windows tranquillamente. Peccato che NX client funziona SOLO se sulla macchina su cui voglio collegarmi eltxxx.to.infn e' installato e correttamente configurato NX server !!!!!!

As an alternative to a SSH connection, you can try a remote desktop access with the NX Client tool. To set a remote desktop access, you must install the NX Client for Windows or NX Client for Linux in your computer. In the case of Windows, you must also install the “nxfonts-75dpi”

Setting up a VNC connection

Page:

VNC VLSI

VLSI machines are visible only from within INFN and university networks. You can always verify if your VLSI account is accessible using the ping command,

ping username@eltxxxx.to.infn.it

If you retrive an unknown host issue, then the machine cannot be accessed through a simple ssh.

However, sometimes you might need to access your VLSI account at home or from another institute. To do this, you must first connect through SSH to a machine of the INFN computing cluster. If you don't have an INFN computing account read here how to obtain it. If you already have an INFN UNIX account, available machines for public login are bennu.to.infn.it and phoinix.to.infn.it.

To connect to one of these remote machines, open a terminal and use

ssh [-X] username@bennu.to.infn.it


or configure a remote connection with PuTTY if you are working on Windows. Once logged into an INFN machine, you are back to the to.infn.it domain and you can access your VLSI machine eltxxxx.to.infn.it simply doing a further ssh at the new command prompt:

ssh [-X] username@eltxxxx.to.infn.it


A smarter way to do this stuff is called tunneling and is described here. Note that if you want to open graphical windows use the -X option in both ssh connections on configure PuTTY to enable X forwarding before connecting to INFN central machines.

Accessing your VLSI machine from outside the INFN domain is useful if you need to access Cadence simulation data or other files and documents placed in your local area.
On the other hand, be aware that running Cadence remotely on a machine not at the University of Turin might be specifically forbidden by a license agreement or some other technology restrictions! In particular, Cadence remote working is forbidden unless the remote machine is within a specified distance from the license host machine. Furthermore, the contract for the usage of a particular technology may specifically prevent to run Cadence attached to that PDK outside the company site.

Please, run the VLSI tools only at the University of Turin or ask the system administrator (mazza@NOSPAMto.infn.it, remove NOSPAM in the address) if you can remotely access Cadence and your technology from other sites.

You will be required quite often to deal with file transfers between a remote machine and your local system. For instance, you may have a file containing some Cadence simulation results located on your remote VLSI machine, and you need to download it to your laptop at home for further analysis. Since copying files to or from a remote system is a very common task, we provide here more information and how-to's about this topic.

There are many remote file transfer applications for both UNIX/Linux and Windows environments. As for security reasons VLSI and INFN machines allow remote access only through SSH, as well only encrypted file transfers using Secure Copy (SCP) and SSH File Transfer Protocol (SFTP) programs can be performed.

:!: Note
It's possible to disable scp and sftp and have only SSH access, quindi tutto il seguito ha senso solo se la remote machine e' configurata per permetter scp/sftp! Il permesso viene definito nel file di configurazione di ssh /etc/ssh/sshd_config

# override default of no subsystems
Subsystem	sftp    /usr/libexec/openssh/sftp-server

Se questa linea e' commentata… allora niente scp/sfp sulla macchina!


Secure Copy (SCP)

The SCP protocol allows files to be transferred remotely to, from or between different hosts through an encrypted connection. It uses SSH for data transfer and provides the same authentication and the same security level as SSH.

Similar to ssh, on both UNIX/Linux and Mac operating systems an SCP client comes with OpenSSH out of the box. Simply run the scp command in a terminal window. The usage of scp is similar to the well known cp command and follows the same basic syntax,

scp [options] <source> <destination>


If you want to copy a file from a local system to a remote system use

cd /path/to/filename/directory/  
scp filename username@hostname:~/path/to/destination

where hostname is the name of the remote machine on which you want to copy the file (e.g. eltxxxx.to.infn.it). You will be prompted to enter your remote login password to complete the operation. Don't forget to include the colon : before the destination path.
Giving an absolute destination path is optional, if you use

scp filename username@hostname:

the source file will be copied into your remote home directory ~/.
You can also copy multiple files at once, just provide a list of them,

scp filename1 filename2 username@hostname:~/path/to/destination

Finally, if you want to copy an entire directory you must use the -r option and make a recursive copy,

scp -r directory username@hostname:~/path/to/destination


In the same vein you can use scp to copy files from a remote system to a local system.
As the source file is located on the remote machine you must put the hostname followed by the absolute path of the filename to be copied in front of the local destination path,

cd /where/you/want/to/copy/your/file
scp username@hostname:~/path/to/filename .

The last dot . in the command means that the destination path is the current directory, but you can specify any absolute path.
This is actually the more usual case. As an example, you are working on a machine connected to INFN computing networks and you want to download a file from your remote VLSI machine or from your INFN UNIX account.


The most general syntax of scp allows copying files from a remote system to another remote system without actually having to log into either of them. This could be useful to share files with a colleague. The basic syntax is

scp username1@hostname1:~/path/to/filename username2@hostname2:~/path/to/destination

where username1@hostname1 is the source from which you want to copy the file and username2@hostname2 is the destination where you want it to be copied. At first you will be prompted to enter the login password for username1 on hostname1 and then a second time for username2 on hostname2.

To succesfully copying files remotely the remote machines must be visible in the network. Thus, you cannot use scp to directly access files located on your VLSI machine from ouside INFN and university networks. You must perform two consecutive scp's indeed. That is, you must first connect through ssh to an INFN central machine and copying files from the VLSI account to your INFN UNIX account,

ssh username@phoinix.to.infn.it
...
...
phoinix.to.infn.it> mkdir tmp
phoinix.to.infn.it> scp username@eltxxx.to.infn.it:~/path/to/filename ~/tmp/ 

then you can run a second scp on your local system (e.g. your laptop at home) and retrive the file from the INFN UNIX account.

scp username@phoinix.to.infn.it:~/tmp/filename .


For more detailed information about the scp usage and options run man scp to access the manual pages.
Further useful link about scp could be http://www2.imperial.ac.uk/~andy/sysnews/scp/ and http://kb.iu.edu/data/agye.html.


If you are working on a system running Windows (XP, Vista, Seven) you need to install an SCP client. both graphical and command line applications.

A free and easy to use option is PSCP (pscp.exe) provided by the PuTTY project. It is a command line the official documentation Using PSCP to transfer files securely



SSH File Transfer Protocol (SFTP)

The main disadvantage of scp is that if you want to copy a file from a remote system to a local system you must know a priori the exact absolute path of the remote file. An easier way to perform this operation is to use an SFTP program.

On both UNIX/Linux and Mac operating systems OpenSSH provides an SFTP client out of the box with the sftp command line application.
Unlike the standard unsecured ftp client, sftp performs all the operations (commands and data transfers) over an encrypted SSH connection, preventing passwords and sensitive information from being transmitted in the clear over a network.

To start an sftp session, open a terminal and run the command

sftp username@hostname

where hostname is the name of the remote machine you want to connect to (e.g. eltxxxx.to.infn.it). You will be asked to enter your login password.

After you have successfully logged into the remote machine, sftp moves to your remote home directory. The UNIX prompt changes into sftp> and you can start interacting with the remote system using sftp commands. Besides downloading files, you can move between directories and list directory contents, as well as creating and removing directories or deleting files.

To get a list of all available commands, type help at the sftp> prompt:

sftp> help
Available commands:
bye                                Quit sftp
cd path                            Change remote directory to 'path'
chgrp grp path                     Change group of file 'path' to 'grp'
chmod mode path                    Change permissions of file 'path' to 'mode'
chown own path                     Change owner of file 'path' to 'own'
df [-hi] [path]                    Display statistics for current directory or
                                   filesystem containing 'path'
exit                               Quit sftp
get [-P] remote-path [local-path]  Download file
help                               Display this help text
lcd path                           Change local directory to 'path'
lls [ls-options [path]]            Display local directory listing
lmkdir path                        Create local directory
ln oldpath newpath                 Symlink remote file
lpwd                               Print local working directory
ls [-1aflnrSt] [path]              Display remote directory listing
lumask umask                       Set local umask to 'umask'
mkdir path                         Create remote directory
progress                           Toggle display of progress meter
put [-P] local-path [remote-path]  Upload file
pwd                                Display remote working directory
quit                               Quit sftp
rename oldpath newpath             Rename remote file
rm path                            Delete remote file
rmdir path                         Remove remote directory
symlink oldpath newpath            Symlink remote file
version                            Show SFTP version
!command                           Execute 'command' in local shell
!                                  Escape to local shell
?                                  Synonym for help


Commands for navigating remote files and directories (cd, pwd, mkdir etc.) follow the same syntax of standard UNIX shell counterparts. The most notable difference is that there is a local and a remote version of each command, hence you can interact with both the remote and the local systems during an sftp session. In particular, commands prefixed by an l (lcd, lpwd, lmkdir etc.) idicate a local command.

The get command allows you to download files from the remote machine,

sftp> cd /path/to/filename/directory/
sftp> get filename [/local/path/where/you/want/to/put/the/file]

If you omit the destination path the file will be put in the local directory where you started sftp. You can also download multiple files at once by using the mget command,

sftp> mget filename1 filename2

Since sftp does not support recursive copies you cannot retrive an entire directory and all sub-directories. You can perform a multiple download over single files with mget,

sftp> cd /path/to/directory/
sftp> mget *

or use the scp -r command instead. Actually, the best work aroud when you want to copy a remote directory is to open a standard ssh session work and create a compressed archive of the directory with tar and gzip utilities. Then you can download the tar.gz file with scp or sftp.

You can also upload files from the local system to the remote system by using put and mput commands,

sftp> put /absolute/local/path/to/filename [/remote/path/where/you/want/to/put/the/file]

If you omit the destination path the file will be uploaded in the remote current directory.


To end the sftp session, simply type exit, quit or bye at the prompt, e.g.

sftp> exit


For more detailed information about sftp, run man scp to access the manual pages.

With PuTTY PSFTP (psftp.exe) the official documentation Using PSFTP to transfer files securely

Another free and open source application is Windows Secure Copy (WinSCP), which comes as a graphical interface tool. is an open source SFTP client for Windows.


Copying large files and directories

The best work aroud when you want to copy large files and directories is to create a compressed archive with tar and gzip utilities,

tar -xczf fileName.tar.gz fileName

Then you can download or upload the tar.gz file with scp or sftp.

Reading scientific literature play a central role in the research and design activity. Very often you will need to get online papers, largely from IEEE or Nuclear Instruments and Methods in Physics Research journals.

The majority of such documents is available after paying subscribers only and cannot be read or downloaded for free. Actually, academic and research institutes can purchase subscriptions for their users. That is, you can access online papers without any restrictions, because they have been purchased for you by the institute!
Both INFN and University of Turin provide this support, as well as CERN. Be aware that at present the subscription with IEEE is available through a CERN computing account only.

You are allowed to read and download papers without any authentication only by using a Web browser running on a machine which is part of the institute computing networks. Thus, if your are working on a machine connected to university or INFN networks you are ok, as well as if you are personally at CERN. Otherwise, you cannot access restricted pubblications for free from your home or another site, because you don't have a username and a password to do it. To get rid of this limitation, some further work around is required.

The quick-and-dirty way is to simply use X forwarding and open the Web browser on a remote machine. This would be a pain, because the connection speed would be saturated to display the the graphical window of the remote browser!

The most efficient solution is to create an SSH tunnel indeed, then configuring your browser to retrive Web data through it (port forwarding). Using an SSH tunnel is significantly faster than trying to open a remote session of the browser, because the display rendering is done on your local machine and not on the remote one.

The recommended browser for this purpose is Firefox. Step-by-step instructions to setup Firefox and create an SSH tunnel on both UNIX/Linux and and Windows operating systems can be found here.

The Secure Shell: The Definitive Guide

Tunnelling

Double-hop ssh tunnel (ssh on one machine, then on another)

Situation: A and B are remote hosts. Local machine can SSH into A, but not B. B ONLY accepts SSH connections from A.

one SSH from local to A that tunnels from a secondary local port (like 2121) to port 21 on B, and then you can SSH to localhost:2121 and login on B

Un modo ad esempio e':

ssh -l username -L 7777:eltXXX.to.infn.it:22 zoroastro.to.infn.it cat -

poi la shell rest ain hang, si apre un altro terminale e si mette

ssh -p 7777 username@localhost

e funziona!

See also http://picobit.wordpress.com/2009/04/26/linux-ssh-forwarding-tunneling-duble-ssh-using-the-console/



Performing SSH login and SCP without password

:!: Note
Tutto questo funziona SOLO se /etc/ssh/sshd_config sulla server machine e' stato configurato per permettere il login con un certificato!

#PubkeyAuthentication yes

di default e' commentato!

Enter your password every time you want to ssh into you machine is quite annoying!

~/.ssh directory in your home

cd ~/.ssh
ssh-keygen [options]

generate a key

generate a couple of keys, one public and one private with the ssh-keygen command which come with OpenSSH

You will be prompted to specify a path (the default one ~/.ssh/id_rsa works fine) and a passphrase (do not use an empty passphrase)

Generating public/private rsa key pair.
Enter file in which to save the key (/home/username/.ssh/id_rsa): <hit Return to leave default or specify a different path>
Enter passphrase (empty for no passphrase): <enter a passphrase or leave it empty>
Enter same passphrase again: <confirm passphrase>
The key fingerprint is:
53:f8:08:27:20:a1:82:d7:ad:ac:44:30:48:71:17:05 username@local.hostname

After keys has been succesfully generated you have to copy the public key on the remote system you want to connect to through SSH

ls ~/.ssh

you can use scp itself,

cd ~/.ssh
scp id_rsa.pub username@remote.hostname:~/  

login on the remote system,

ssh username@remote.hostname

move the id.rsa.pub as ~/.ssh/authorized_keys

mv ~/id.rsa.pub ~/.ssh/authorized_keys

E questo e' sufficiente, loggarsi e immettere il passphrase oppure nulla se non la si e' inserita.

http://www.thegeekstuff.com/2008/06/perform-ssh-and-scp-without-entering-password-on-openssh/



Last update: Luca Pacher - Mar 11, 2013

  • vlsi/workbook/computing/remote.txt
  • Ultima modifica: 09/04/2014 17:14
  • da pacher