This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
institute_lorentz:institutelorentz_remoteaccess [2020/09/07 08:05] – lenocil | institute_lorentz:institutelorentz_remoteaccess [2021/01/27 14:24] – [Remote Access to your Workstation] lenocil | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | :!: Note that as January 2020 novamaris is no longer supported. Access to maris should go through '' | ||
- | |||
====== Remote Access to your Workstation ====== | ====== Remote Access to your Workstation ====== | ||
- | For security reasons, access to your Lorentz workstation is only possible within the Lorentz | + | For security reasons, access to your Lorentz workstation is only possible within the Lorentz |
+ | |||
+ | Following are some examples that demonstrate the concept of SSH tunnelling. For alternative methods of connection, please see the relevant documentation. | ||
+ | |||
+ | Starting January 2021 you can enable [[institute_lorentz: | ||
+ | |||
+ | :!: The examples below have been tested with OpenSSH v7.3+. | ||
+ | |||
+ | ===== SSH tunneling ===== | ||
+ | By means of an SSH tunnel you can transport any arbitrary data over an encrypted SSH connection. Members of the Lorentz Institute can use | ||
+ | this technique to gain remote shell access to their workstation across our firewall which would prevent access otherwise. | ||
+ | |||
+ | ==== How does it work? ==== | ||
+ | |||
+ | |You must have an ssh client installed on your personal device -- e.g. laptop, PC -- in order to establish a // | ||
+ | |The Lorentz Institute has a dedicated server (SSH server) ready to listen to any (authenticated) client connections.| | ||
+ | |Once a client-server connection is established, | ||
+ | |The SSH client in turns forwards all encrypted application data to the server which finally communicates with the actual application server.| | ||
+ | |||
+ | For remote ssh connections to your IL workstation, | ||
==== Example 1 ==== | ==== Example 1 ==== | ||
- | Should you want to open an ssh session | + | Establish |
<code bash> | <code bash> | ||
- | ssh -f < | + | ssh -o ProxyCommand=" |
- | </ | + | |
- | instructs your machine to `tunnel' | + | |
- | <code bash> | + | |
- | ps aux | grep ss[h] | + | |
- | your_username | + | |
- | </ | + | |
- | At this point you are ready to initiate an ssh session to your workstation | + | |
- | < | + | |
- | ssh -p 2222 localhost | + | |
</ | </ | ||
- | NOTE: Should you want ssh to set the DISPLAY environment variable, | + | :!: For connections that will use the DISPLAY environment variable |
==== Example 2 ==== | ==== Example 2 ==== | ||
- | Case scenario: you are at home and you would like to connect to your workstation named `asselijn' | + | As in //Example 1// but this time using your client ssh configuration |
- | Locally (e.g. on your laptop), create a file '' | + | |
- | < | + | |
- | Host asselijn.lorentz.leidenuniv.nl asselijn | + | |
- | | + | |
- | </ | + | |
- | And if you have a different username locally and on the institute desktops, that can be added like this: | + | |
< | < | ||
- | Host asselijn.lorentz.leidenuniv.nl | + | # cat $HOME/ |
- | | + | Host workstation.lorentz.leidenuniv.nl |
- | User username | + | |
+ | | ||
</ | </ | ||
- | If you need access to multiple hosts, just copy and edit the example above. | ||
- | Once this configuration is in place, a simple '' | + | Once this configuration is in place, a simple '' |
==== Example 3 ==== | ==== Example 3 ==== | ||
- | :!: Users are encouraged | + | Establish a web browser connection |
- | You sit in your office at the IL and have started a jupyter notebook on marisXX port YYYY. To connect to your notebook using the browser on your workstation you must tunnel through `marishead'. Edit your local .ssh/ | + | Configure |
- | < | + | |
- | Host maris | + | < |
- | | + | Host styx |
+ | | ||
| | ||
- | Host marisXX | + | Host workstation |
- | | + | |
- | | + | |
| | ||
- | |||
</ | </ | ||
- | You are now ready to tunnel your connections through marishead and visualize your notebook at '' | + | Browse |
- | **NOTE**: For this to work your workstation must have OpenSSH v7.3+. | ||
==== Example 4 ==== | ==== Example 4 ==== | ||
- | :!: Users are encouraged to use [[https:// | + | Establish a web browser connection to a Jupyter Notebook session running on node marisXX when outside the IL intranet ((This method will only work if you have a slurm-controlled running jupyter session on marisXX. See [[institute_lorentz:xmaris|xmaris]]. \\ You are strongly |
- | + | ||
- | + | ||
- | Same situation as in Example 3 but this time you sit behind your laptop at home. | + | |
< | < | ||
Host lorentz | Host lorentz | ||
| | ||
- | | + | User username |
- | | + | |
Host maris | Host maris | ||
- | | + | |
| | ||
- | IdentityFile ~/ | + | User username |
- | User < | + | |
Host marisXX | Host marisXX | ||
| | ||
| | ||
- | IdentityFile ~/ | + | User username |
- | User < | + | |
| | ||
</ | </ | ||
- | ==== Example 5: Using Putty ==== | + | Browse |
- | + | ||
- | :!: In the snapshots that follow, please replace all occurrences of '' | + | |
- | + | ||
- | You will need to open two putty sessions. The first one opens a tunnel, the second one uses it. For the sake of clarity let us call the first session `Tunnel' | + | |
- | === Session 1: Tunnel === | + | |
- | Open putty and create a session called Tunnel, then set it according to the snapshots below | + | |
- | + | ||
- | {{ : | + | |
- | + | ||
- | {{ : | + | |
- | + | ||
- | + | ||
- | + | ||
- | Please note the settings in the port forwarding panel. We use an arbitrary port (2222), but you can choose any numbers above 1024 provided they are not currently in use. By pushing `Open', | + | |
- | with the creation of session `Tunnel_use' | + | |
- | + | ||
- | {{ : | + | |
- | + | ||
- | Now push `Open' and a terminal will appear asking your authentication credentials on '' | + | |
- | ===== VNC: GNU/Linux ===== | + | |
- | For detailed instructions on how to set up a vnc session you are encouraged to follow [[: | + | |
- | instructions. | + | |
- | + | ||
- | Finally, take a look at [[linux: | + | |
- | ===== VNC: Windows Users ===== | + | |
- | Please read [[linux: | + | |
- | ===== Proxy Browsing ===== | ||
- | Read [[: |