Remote log-in to central Linux machines

Logging in to another desktop from a standard departmental desktop

To log in to another desktop from your departmentally administered Linux desktop, log in with your physics user name and password either using 'ssh' or 'remote desktop'.

ssh

You will need to know the name of the other desktop machine and possibly the fully qualified domain name. What this means is, if you are trying to log into a machine called 'tplxdt01' there are several possibilities. Try them in this order.

ssh -X tplxdt01
ssh -X tplxdt01.physics.ox.ac.uk
ssh -X tplxdt01.nat.physics.ox.ac.uk

For atmos users, also try:

ssh -X tplxdt01.atm.ox.ac.uk

The '-X' setting allows graphics to be passed back to the machine you are sat in front of.

Passwordless authentication over ssh (advanced users).

Assuming that you want to log on to "pplxdt25.nat.physics.ox.ac.uk" from the first desktop, add the following to your ${HOME}/.ssh/config file:

host pplxdt25.nat.physics.ox.ac.uk HostName pplxdt25.nat.physics.ox.ac.uk GSSAPIAuthentication yes GSSAPIDelegateCredentials yes
  • Note, we have not yet configured all desktops or servers to accept incoming passwordless kerberized connections. Please let us know if you need to prioritize one in particular. Servers will work well with ssh-keys as well as kerberos tokens but esktops will not. The follwoing talks about kerberos tokens. There are other resources discussing ssh-key based passwordless login - e.g. here.
  • The kerberos method here should be used in strong preference to ssh keys in order to log in to desktops, as your home directories will not always be available when ssh keys are used.
    [**]Whether ssh keys work depends on whether you are already logged in to the remote machine, the persmissions of $HOME and $HOME/.ssh and how long ago you logged in.

Passwordless Access to your desktop from another Linux machine located outside of the physics department (very advanced)

Setup

From outside of physics on a linux laptop, assuming you want to log on to "pplxdt25.nat.physics.ox.ac.uk", and your name is 'brisbane' add the following to your ${HOME}/.ssh/config file:

host pplxdt25.nat.physics.ox.ac.uk hostname pplxdt25.nat.physics.ox.ac.uk ForwardAgent yes GSSAPIAuthentication yes GSSAPIDelegateCredentials yes GSSAPITrustDNS no ProxyCommand ssh -X brisbane@ssh2014.physics.ox.ac.uk /bin/nc %h %p 2> /dev/null User brisbane

You will need to find out the IP address for the desktop to which you are connecting, eg for pplxdt25:

> ssh ssh.physics.ox.ac.uk > dig +short pplxdt25.nat.physics.ox.ac.uk 10.130.0.8

then, in this case, add the following to /etc/hosts

10.130.0.8 pplxdt25.nat.physics.ox.ac.uk pplxdt25

That completes the setup.

Access

Whenever you want to log in, simply type kinit {username}@PHYSICS.OX.AC.UK and then you will be able log in to the desktop as many times as you like without typing a password using the command:

ssh pplxdt25.nat.physics.ox.ac.uk

  • If you administer your own machine, you will additionally need to install and configure the various kerberos Liraries and possibly add additional ssh configuration. At this point it is best to set up a face to face meeting bringing your laptop.

Categories: SSH | central linux | ubuntu