Accessing computing resources remotely
[ Home ] [ Design WorkBook ] [ Back to index ]
Contents
Keywords: ssh, X-server, scp, sftp, tunnelling
Introduction
Once you have obtained a VLSI computing account, you are not required to physically work in front of a VLSI machine. As a matter of fact, you can always access your VLSI machine remotely using the Secure Shell (SSH) connection protocol and just work as you would be in front of it. For security issues, VLSI and INFN machines allow remote access only through SSH. Connections using unsecured protocols such as FTP and Telnet are refused.
This chapter describes how you can access the VLSI computing resources remotely (both from Linux/Mac or Windows machines) and gives further information about some common tasks (e.g. remote file transfers through SCP/SFTP, tunnelling over SSH) necessary to successfully work remotely.
Connecting to a VLSI machine
All IP addresses of the VLSI machines are visible from within the INFN computing networks,
as well as from university computers. UNIX/Linux and Mac operating systems provide an SSH
client out of the box which comes with the OpenSSH package, simply run the
ssh command from any terminal application.
To remotely access your VLSI machine open a terminal and type
ssh -X username@eltxxxx.to.infn.it
The first time you connected you should retrive a warning message in the form
The authenticity of host <hostname (IP address)> can't be established. RSA key fingerprint is <key>. Are you sure you want to continue connecting (yes/no)?
This is required by the ssh client to add the machine to the list of known hosts.
Simply enter yes and press the Return key. This stuff is required just once.
Since the VLSI tools extensively use graphical interfaces you must also
enable the X forwarding with the -X option passed to the ssh command.
This is required to open graphical windows remotely. If you are using a Mac computer
use ssh -Y indeed, because Mac's operating systems are stricter about X forwarding
compared to Linux. The -Y option enables a trusted X forwarding and will allow
you to work without any problem. If you want to connect from a Windows computer indeed,
please refer to Remote connections from Windows
istructions.
Be aware that X forwarding needs specific UNIX configurations and permissions to be set
on the remote machine you want to access (e.g. ~/.Xauthority file).
Since these setups are not under your control, if the first time you connected you face
any problems with X forwarding due to permission issues,
please contact the VLSI system administrator (mazza@NOSPAMto.infn.it, remove NOSPAM in the address).
[tmp]
You might need to set the DISPLAY environment variable. This variable must to be set to
the IP address of your computer followed by a screen address.
The latter can always be taken to be :0.0.
setenv DISPLAY machine:0.0
For more details about the usage of the ssh command type man ssh.
Further readings and useful links are http://en.wikibooks.org/wiki/Guide_to_Unix/Explanations/Connecting_to_Remote_Unix and http://plaza.ufl.edu/cmcglone/eel5322/remote_setup.htm
Remote connections from Windows
If you are working on a system running Windows (XP, Vista, Seven) some additional software is required to deal with remote connections. In particular, you need
- an SSH client for Windows to establish the remote connection
- an X server for Windows to do X forwarding
Many different applications (both commercial and free) are available. For a free, simple and fast setup a popular choice is to use the PuTTY SSH client and the Xming display server. Another (actually quite complicated) free option is to use Cygwin.
PuTTY is a free and open source implementation of Telnet and SSH for Windows
and UNIX platforms. It provides an xterm terminal emulator as well. If you don't need
X forwarding PuTTY is enough to establish the remote connection and then interact with your machine
through the command line only. It comes as a single executable (putty.exe, ~470 KB) which you can download from
this page.
No installation is required, just save the file somewhere on your system.
Since the C:\windows\ folder is included in the default Windows search path,
this is the recommended place, but you can put the executable wherever you like (e.g. Desktop).
Beside this SSH client, if you want to run a VLSI design tool or any other
application which requires graphical interfaces you need an X server. Xming
is a free implementation of the UNIX/Linux X Window System for Windows operating systems.
Downloads are available at http://www.straightrunning.com/XmingNotes/.
Although donations must be made to download the latest releases, packages
listed as Public Domain are completely free.
You can download the Xming main installer (Xming-6-9-0-31-setup.exe, 2.2 MB)
from this direct link.
An additional Xming-fonts package (Xming-fonts-7-5-0-47-setup.exe, ~31 MB)
provides standard core X fonts which are required by the most common UNIX/Linux applications.
The installation is very fast and easy, simply run the executables and follow the setup
wizards. We can mention that along with the basic X server (Xming.exe) the
default Xming full installation includes an enhanced version of PuTTY named PuTTY Link (plink.exe),
which is a console SSH client similar to the ssh command on UNIX/Linux and
Mac operating systems. The Xming-fonts package should be installed in the same directory where
you installed Xming.
If you have successfully installed both PuTTY and Xming applications, follow the links reported below. They provide step-by-step instructions to setup and make a remote connection.
Note that
Use can these instructions to connect through SSH
to any remote machine (INFN machines, CERN lxplus etc).
Secure remote file transfers on Windows are possible as well and will be discussed later.
Useful links:
Different Web tutorials about the usage of PuTTY and Xming can be foud at:
Remote desktop access with NX Client
NX Client dovrebbe essere…. piu' veloce! e quindi si dovrebbe riuscire ad aprire cadence anche con meno banda! Esiste per Mac, Linux e Windows tranquillamente. Peccato che NX client funziona SOLO se sulla macchina su cui voglio collegarmi eltxxx.to.infn e' installato e correttamente configurato NX server !!!!!!
As an alternative to a SSH connection, you can try a remote desktop access with the NX Client tool. To set a remote desktop access, you must install the NX Client for Windows or NX Client for Linux in your computer. In the case of Windows, you must also install the “nxfonts-75dpi”
Setting up a VNC connection
Page:
Accessing VLSI machines from outside the INFN domain
VLSI machines are visible only from within INFN and university networks.
You can always verify if your VLSI account is accessible using the ping
command,
ping username@eltxxxx.to.infn.it
If you retrive an unknown host issue, then the machine cannot be accessed
through a simple ssh.
However, sometimes you might need to access your VLSI account at home or from another institute. To do this, you must first connect through SSH to a machine of the INFN computing cluster. If you don't have an INFN computing account read here how to obtain it. If you already have an INFN UNIX account, available machines for public login are bennu.to.infn.it and phoinix.to.infn.it.
To connect to one of these remote machines, open a terminal and use
ssh [-X] username@bennu.to.infn.it
or configure a remote connection with PuTTY if you are working on Windows.
Once logged into an INFN machine, you are back to the to.infn.it domain and you can access
your VLSI machine eltxxxx.to.infn.it simply doing a further ssh at the new command prompt:
ssh [-X] username@eltxxxx.to.infn.it
A smarter way to do this stuff is called tunneling and is described here.
Note that if you want to open graphical windows use the -X option in both ssh connections on configure PuTTY
to enable X forwarding before connecting to INFN central machines.
Accessing your VLSI machine from outside the INFN domain is useful if you need to access
Cadence simulation data or other files and documents placed in your local area.
On the other hand, be aware that running Cadence remotely on a machine not at the University
of Turin might be specifically forbidden by a license agreement or some other technology restrictions!
In particular, Cadence remote working is forbidden unless the remote machine is within a specified
distance from the license host machine. Furthermore, the contract for the usage of a particular
technology may specifically prevent to run Cadence attached to that PDK outside the company site.
Please, run the VLSI tools only at the University of Turin or ask the system administrator (mazza@NOSPAMto.infn.it, remove NOSPAM in the address) if you can remotely access Cadence and your technology from other sites.
Remote file transfers
You will be required quite often to deal with file transfers between a remote machine and your local system. For instance, you may have a file containing some Cadence simulation results located on your remote VLSI machine, and you need to download it to your laptop at home for further analysis. Since copying files to or from a remote system is a very common task, we provide here more information and how-to's about this topic.
There are many remote file transfer applications for both UNIX/Linux and Windows environments. As for security reasons VLSI and INFN machines allow remote access only through SSH, as well only encrypted file transfers using Secure Copy (SCP) and SSH File Transfer Protocol (SFTP) programs can be performed.
Note
It's possible to disable scp and sftp and have only SSH access, quindi
tutto il seguito ha senso solo se la remote machine e' configurata per permetter scp/sftp!
Il permesso viene definito nel file di configurazione di ssh /etc/ssh/sshd_config
# override default of no subsystems Subsystem sftp /usr/libexec/openssh/sftp-server
Se questa linea e' commentata… allora niente scp/sfp sulla macchina!
Secure Copy (SCP)
The SCP protocol allows files to be transferred remotely to, from or between different hosts through an encrypted connection. It uses SSH for data transfer and provides the same authentication and the same security level as SSH.
Similar to ssh, on both UNIX/Linux and Mac operating systems an SCP client comes with
OpenSSH out of the box. Simply run the scp command
in a terminal window. The usage of scp is similar to the well known cp command
and follows the same basic syntax,
scp [options] <source> <destination>
If you want to copy a file from a local system to a remote system use
cd /path/to/filename/directory/ scp filename username@hostname:~/path/to/destination
where hostname is the name of the remote machine on which you want to copy the file (e.g. eltxxxx.to.infn.it).
You will be prompted to enter your remote login password to complete the operation. Don't forget
to include the colon : before the destination path.
Giving an absolute destination path is optional, if you use
scp filename username@hostname:
the source file will be copied into your remote home directory ~/.
You can also copy multiple files at once, just provide a list
of them,
scp filename1 filename2 username@hostname:~/path/to/destination
Finally, if you want to copy an entire directory you must use the -r option
and make a recursive copy,
scp -r directory username@hostname:~/path/to/destination
In the same vein you can use scp to copy files from a remote system to a local system.
As the source file is located on the remote machine you must
put the hostname followed by the absolute path of the filename to be copied in front of the local
destination path,
cd /where/you/want/to/copy/your/file scp username@hostname:~/path/to/filename .
The last dot . in the command means that the destination path is the
current directory, but you can specify any absolute path.
This is actually the more usual case. As an example, you are working on a machine
connected to INFN computing networks and you want to download a file from your
remote VLSI machine or from your INFN UNIX account.
The most general syntax of scp allows copying files from a remote system to another remote system
without actually having to log into either of them. This could be useful to share files with
a colleague. The basic syntax is
scp username1@hostname1:~/path/to/filename username2@hostname2:~/path/to/destination
where username1@hostname1 is the source from which you want to copy the file and
username2@hostname2 is the destination where you want it to be copied.
At first you will be prompted to enter the login password for username1
on hostname1 and then a second time for username2 on hostname2.
To succesfully copying files remotely the remote machines must be visible in the network.
Thus, you cannot use scp to directly access files located on your VLSI machine
from ouside INFN and university networks. You must perform two consecutive scp's indeed.
That is, you must first connect through ssh to an INFN central machine and copying files
from the VLSI account to your INFN UNIX account,
ssh username@phoinix.to.infn.it ... ... phoinix.to.infn.it> mkdir tmp phoinix.to.infn.it> scp username@eltxxx.to.infn.it:~/path/to/filename ~/tmp/
then you can run a second scp on your local system (e.g. your laptop at home)
and retrive the file from the INFN UNIX account.
scp username@phoinix.to.infn.it:~/tmp/filename .
For more detailed information about the scp usage and options run man scp
to access the manual pages.
Further useful link about scp could be http://www2.imperial.ac.uk/~andy/sysnews/scp/
and http://kb.iu.edu/data/agye.html.
If you are working on a system running Windows (XP, Vista, Seven) you need to install
an SCP client. both graphical and command line applications.
A free and easy to use option is PSCP (pscp.exe) provided by the PuTTY project. It is a command line the official documentation Using PSCP to transfer files securely
SSH File Transfer Protocol (SFTP)
The main disadvantage of scp is that if you want to copy a file
from a remote system to a local system you must know a priori
the exact absolute path of the remote file. An easier way to perform
this operation is to use an SFTP program.
On both UNIX/Linux and Mac operating systems OpenSSH
provides an SFTP client out of the box with the sftp command line application.
Unlike the standard unsecured ftp client, sftp performs all the operations
(commands and data transfers) over an encrypted SSH connection,
preventing passwords and sensitive information from being transmitted in the clear over a network.
To start an sftp session, open a terminal and run the command
sftp username@hostname
where hostname is the name of the remote machine you want to connect to
(e.g. eltxxxx.to.infn.it). You will be asked to enter your login password.
After you have successfully logged into the remote machine,
sftp moves to your remote home directory. The UNIX prompt
changes into sftp> and you can start interacting with the remote system
using sftp commands. Besides downloading files, you can move between
directories and list directory contents, as well as creating and removing
directories or deleting files.
To get a list of all available commands, type help at the sftp> prompt:
sftp> help
Available commands:
bye Quit sftp
cd path Change remote directory to 'path'
chgrp grp path Change group of file 'path' to 'grp'
chmod mode path Change permissions of file 'path' to 'mode'
chown own path Change owner of file 'path' to 'own'
df [-hi] [path] Display statistics for current directory or
filesystem containing 'path'
exit Quit sftp
get [-P] remote-path [local-path] Download file
help Display this help text
lcd path Change local directory to 'path'
lls [ls-options [path]] Display local directory listing
lmkdir path Create local directory
ln oldpath newpath Symlink remote file
lpwd Print local working directory
ls [-1aflnrSt] [path] Display remote directory listing
lumask umask Set local umask to 'umask'
mkdir path Create remote directory
progress Toggle display of progress meter
put [-P] local-path [remote-path] Upload file
pwd Display remote working directory
quit Quit sftp
rename oldpath newpath Rename remote file
rm path Delete remote file
rmdir path Remove remote directory
symlink oldpath newpath Symlink remote file
version Show SFTP version
!command Execute 'command' in local shell
! Escape to local shell
? Synonym for help
Commands for navigating remote files and directories (cd, pwd, mkdir etc.)
follow the same syntax of standard UNIX shell counterparts. The most notable difference
is that there is a local and a remote version of each command, hence you can interact
with both the remote and the local systems during an sftp session.
In particular, commands prefixed by an l (lcd, lpwd, lmkdir etc.) idicate
a local command.
The get command allows you to download files from the remote machine,
sftp> cd /path/to/filename/directory/ sftp> get filename [/local/path/where/you/want/to/put/the/file]
If you omit the destination path the file will be put in the local
directory where you started sftp. You can also download multiple
files at once by using the mget command,
sftp> mget filename1 filename2
Since sftp does not support recursive copies you cannot retrive
an entire directory and all sub-directories. You can perform a multiple
download over single files with mget,
sftp> cd /path/to/directory/ sftp> mget *
or use the scp -r command instead. Actually, the best work aroud
when you want to copy a remote directory is to open a standard ssh session work
and create a compressed archive
of the directory with tar and gzip utilities. Then you can download the
tar.gz file with scp or sftp.
You can also upload files from the local system to the remote system
by using put and mput commands,
sftp> put /absolute/local/path/to/filename [/remote/path/where/you/want/to/put/the/file]
If you omit the destination path the file will be uploaded in the remote current directory.
To end the sftp session, simply type exit, quit or bye at the prompt, e.g.
sftp> exit
For more detailed information about sftp, run man scp to access the manual pages.
With PuTTY PSFTP (psftp.exe) the official documentation Using PSFTP to transfer files securely
Another free and open source application is Windows Secure Copy (WinSCP), which comes as a graphical interface tool. is an open source SFTP client for Windows.
Copying large files and directories
The best work aroud when you want to copy large files and directories is to
create a compressed archive
with tar and gzip utilities,
tar -xczf fileName.tar.gz fileName
Then you can download or upload the tar.gz file with scp or sftp.
Web browsing through SSH
Reading scientific literature play a central role in the research and design activity. Very often you will need to get online papers, largely from IEEE or Nuclear Instruments and Methods in Physics Research journals.
The majority of such documents is available after paying subscribers only and
cannot be read or downloaded for free. Actually, academic and research institutes
can purchase subscriptions for their users. That is, you can access online papers
without any restrictions, because they have been purchased for you by the institute!
Both INFN and University of Turin provide this support, as well as CERN.
Be aware that at present the subscription with IEEE is available through a CERN
computing account only.
You are allowed to read and download papers without any authentication only by using a Web browser running on a machine which is part of the institute computing networks. Thus, if your are working on a machine connected to university or INFN networks you are ok, as well as if you are personally at CERN. Otherwise, you cannot access restricted pubblications for free from your home or another site, because you don't have a username and a password to do it. To get rid of this limitation, some further work around is required.
The quick-and-dirty way is to simply use X forwarding and open the Web browser on a remote machine. This would be a pain, because the connection speed would be saturated to display the the graphical window of the remote browser!
The most efficient solution is to create an SSH tunnel indeed, then configuring your browser to retrive Web data through it (port forwarding). Using an SSH tunnel is significantly faster than trying to open a remote session of the browser, because the display rendering is done on your local machine and not on the remote one.
The recommended browser for this purpose is Firefox. Step-by-step instructions to setup Firefox and create an SSH tunnel on both UNIX/Linux and and Windows operating systems can be found here.
Tips and tricks
The Secure Shell: The Definitive Guide
Tunnelling
Double-hop ssh tunnel (ssh on one machine, then on another)
Situation: A and B are remote hosts. Local machine can SSH into A, but not B. B ONLY accepts SSH connections from A.
one SSH from local to A that tunnels from a secondary local port (like 2121) to port 21 on B, and then you can SSH to localhost:2121 and login on B
Un modo ad esempio e':
ssh -l username -L 7777:eltXXX.to.infn.it:22 zoroastro.to.infn.it cat -
poi la shell rest ain hang, si apre un altro terminale e si mette
ssh -p 7777 username@localhost
e funziona!
See also http://picobit.wordpress.com/2009/04/26/linux-ssh-forwarding-tunneling-duble-ssh-using-the-console/
Performing SSH login and SCP without password
Note
Tutto questo funziona SOLO se /etc/ssh/sshd_config sulla server machine e' stato configurato per
permettere il login con un certificato!
#PubkeyAuthentication yes
di default e' commentato!
Enter your password every time you want to ssh into you machine is quite annoying!
~/.ssh directory in your home
cd ~/.ssh ssh-keygen [options]
generate a key
generate a couple of keys, one public and one private with the ssh-keygen command
which come with OpenSSH
You will be prompted to specify a path (the default one ~/.ssh/id_rsa works fine) and a passphrase (do not
use an empty passphrase)
Generating public/private rsa key pair. Enter file in which to save the key (/home/username/.ssh/id_rsa): <hit Return to leave default or specify a different path> Enter passphrase (empty for no passphrase): <enter a passphrase or leave it empty> Enter same passphrase again: <confirm passphrase> The key fingerprint is: 53:f8:08:27:20:a1:82:d7:ad:ac:44:30:48:71:17:05 username@local.hostname
After keys has been succesfully generated you have to copy the public key on the remote system you want to connect to through SSH
ls ~/.ssh
you can use scp itself,
cd ~/.ssh scp id_rsa.pub username@remote.hostname:~/
login on the remote system,
ssh username@remote.hostname
move the id.rsa.pub as ~/.ssh/authorized_keys
mv ~/id.rsa.pub ~/.ssh/authorized_keys
E questo e' sufficiente, loggarsi e immettere il passphrase oppure nulla se non la si e' inserita.
http://www.thegeekstuff.com/2008/06/perform-ssh-and-scp-without-entering-password-on-openssh/