This is an old revision of the document!
For security reasons, access to your Lorentz workstation is only possible within the Lorentz network.
Should you want to open an ssh session to your workstation and you are located outside the Lorentz network you can tunnel your request through
ssh.lorentz.leidenuniv.nl. For example
ssh -f <your_username>@ssh.lorentz.leidenuniv.nl -L 2222:<your_workstation>.lorentz.leidenuniv.nl:22 -N
instructs your machine to `tunnel' requests to local port 2222 through
ssh.lorentz.leidenuniv.nl to finally reach port 22 (sshd) on your workstation. Use
ps to see if the command above executed successfully
ps aux | grep ss[h] your_username 6217 0.0 0.0 89612 2948 ? Ss 13:19 0:00 ssh -f firstname.lastname@example.org -L 2222:your_workstation.lorentz.leidenuniv.nl:22 -N
At this point you are ready to initiate an ssh session to your workstation
ssh -p 2222 localhost
NOTE: Should you want ssh to set the DISPLAY environment variable, you can use option
-X when you run ssh. You can invoke the ssh manual pages by typing
Case scenario: you are at home and you would like to connect to your workstation named `asselijn'.
Locally (e.g. on your laptop), create a file
.ssh/config with a section for the machine to which you want to log in, containing the ProxyCommand ssh option to do the tunnelling:
Host asselijn.lorentz.leidenuniv.nl asselijn ProxyCommand /usr/bin/ssh -W %h:%p ssh.lorentz.leidenuniv.nl
And if you have a different username locally and on the institute desktops, that can be added like this:
Host asselijn.lorentz.leidenuniv.nl asselijn ProxyCommand /usr/bin/ssh -W %h:%p email@example.com User username
If you need access to multiple hosts, just copy and edit the example above.
You sit in your office at the IL and have started a jupyter notebook on marisXX port YYYY. To connect to your notebook using the browser on your workstation you must tunnel through `novamaris'. Edit your local .ssh/config
Host maris HostName novamaris.lorentz.leidenuniv.nl LocalForward YYYY localhost:YYYY Host marisXX HostName marisXX ProxyJump maris LocalForward YYYY localhost:YYYY
You are now ready to tunnel your connections through novamaris and visualize your notebook at
NOTE: For this to work your workstation must have OpenSSH v7.3+.
Same situation as in Example 3 but this time you sit behind your laptop at home.
Host lorentz HostName ssh.lorentz.leidenuniv.nl User <your-IL-username> IdentityFile ~/.ssh/id_rsa Host maris HostName novamaris.lorentz.leidenuniv.nl ProxyJump lorentz IdentityFile ~/.ssh/id_rsa User <your-IL-username> Host marisXX HostName marisXX.lorentz.leidenuniv.nl ProxyJump maris IdentityFile ~/.ssh/id_rsa User <your-IL-username> LocalForward YYYY localhost:YYYY
You will need to open two putty sessions. The first one opens a tunnel, the second one uses it. For the sake of clarity let us call the first session `Tunnel' and the second one `Tunnel_use'. In this example we will establish a connection to the Maris headnode
novamaris through an ssh tunnel on
Open putty and create a session called Tunnel, then set it according to the snapshots below
Please note the settings in the port forwarding panel. We use an arbitrary port (2222), but you can choose any numbers above 1024 provided they are not currently in use. By pushing `Open', a terminal will appear so that you can authenticate using your Lorentz institute credentials. Leave this terminal open and proceed with the creation of session `Tunnel_use'
Now push `Open' and a terminal will appear asking your authentication credentials on
novamaris. Any other putty connection to
localhost:2222 will ssh directly to
For detailed instructions on how to set up a vnc session you are encouraged to follow these instructions.
Finally, take a look at x2go should you be interested.
Please read here.