Remote access to the CS lab

Contents

Overview

The lab computers are intended to be usable remotely. This page is an attempt to describe how to do that. If your network connection is reasonably quick, you can work with the same interface that you'd have in the lab, but getting that set up involves several steps.

In what follows, we'll refer to the computer you are sitting at as your computer, and whatever lab computer you are using as cslabNN, where the NN will actually be anything in the range 01 to 25. We'll also use the fictional username mortimer.snerd.

Getting the software on your computer

You need two pieces of software on your computer: a secure shell (SSH) client and a VNC viewer.

Secure shell (SSH)

The first program that you need is a SSH client and terminal emulator. If your computer runs Mac OS X, you already have what you need. If you run Linux, make sure that you have OpenSSH installed.

If you have MS Windows, you'll need to add something; we suggest the program PuTTY, which you can download (at no cost) from

http://www.chiark.greenend.org.uk/~sgtatham/putty/

(If that doesn't work, try the mirror site here, or here.) You probably want the latest release version, and the specific file you want is probably the Windows installer. Install the program.

VNC

VNC is a system that provides remote access to "virtual desktops" on a variety of computers. We provide the half of the system (called the VNC server) that creates the desktop on a lab machine. You need to supply the other half (the VNC viewer) for your own computer. Free versions are available for most popular computer systems. On Mac OS, a couple of good choices (despite a corny name) is Chicken or Chicken of the VNC. (There are some nicer features in Chicken, but it seems to crash in some cases when the older Chicken of the VNC doesn't.) On MS Windows, we have experience with the viewer from Real VNC (look for the Free Edition) and TightVNC. On Linux, install a package that provides a "VNC viewer".

Basic terminal connection

If you are on campus, you should be able to connect directly to a lab computer; if you are not on campus, you'll need to see the slightly longer instructions below The first thing you need to be able to do is to do a basic connection to a lab computer with your SSH program. So start by picking a number in the range 01-25. (Keep the leading zero on it if it is less than ten.) We'll use 04 as an example. You also need to know your lab username; our example will be mortimer.snerd.

(MS Windows users may wish to jump ahead.)

Mac OS or Linux

To connect to cslab04.wheaton.edu, open a Terminal window, and type the command

ssh mortimer.snerd@cslab04.wheaton.edu
The first time you connect to a particular machine, you may get a message like
Warning: Permanently added the RSA host key for IP address '10.22.84.132' to the 
list of known hosts.
That warning is a bit of paranoia; you're probably OK, but the SSH software normally checks to make sure that you are connecting to the machine you intend; so it keeps a local list of "known hosts".

If, for some reason, the machine you are trying to connect to is not working, you might see

ssh: connect to host cslab04.wheaton.edu port 22: Operation timed out
If that happens, try another number. If nothing works, you'll need to troubleshoot your network connection--or we have a big problem in the lab.

You'll be prompted for your (lab) password; if you give it correctly, you should see a shell prompt--just as you would if you were to open a Terminal window when sitting at one of the lab computers. Congratulations. You've made the first step. Skip over the instructions for MS Windows.

MS Windows

Connecting with PuTTY looks a little different. When you launch PuTTY, you'll see a dialog box. First, set the 'Connection type' to SSH. Then fill in the 'Host Name' box with cslab04.wheaton.edu. Then click on 'Open'.

If you get Network error: Connection timed out, try another machine. (You can right-click on the title bar to get a menu and select 'New Session...' to get a new dialog.) If you can't connect to any of the machines, either you have network problem, the college has a network problem, or the lab is in serious trouble.

On your first connection to a machine, you are likely to get a 'PuTTY Security Alert' that reads something like:

The server's host key is not cached in the registry. You
have no guarantee that the server is the computer you
think it is.
The server's rsa2 fingerprint is:
ssh-rsa 2048 66:02:03:ff:e1:71:ca:09:45:6e:11:7f:16:16:a8:sd
If you trust this host, hit Yes to add the key to
PuTTY's cache and carry on connecting.
If you want to carry on connecting just once, without adding the key to 
the cache, hit No.
If you do not trust this host, hit Cancel to abandon the
connection.
In the absence of a reason for serious paranoia, you're probably OK hitting 'Yes'.

Now you'll be prompted for your (lab) username and password. That should get you to a shell prompt, just as if you opened a Terminal window when seated at one of the lab computers. Hurrah. That's the first step.

Using terminal connections

When you are connected in this fashion, you can do anything that you would be able to do inside a Terminal window. That means you can run xemacs without the ampersand and edit a file--provided you can manage to do everything from the keyboard, since you won't have any of the buttons or menus. Note that it is OK to open more than one SSH connection from your computer; to avoid confusion, though, you should make multiple connections to the same lab computer instead of spreading them around. You can also the Java compiler, and you can run your Java programs as long as they interact only through the terminal.

(If you want to work this way, you might try using the editor pico instead of emacs. It lacks many of Emacs's nice features, but it always displays a list of available keyboard commands at the bottom of the screen, and it's OK for doing fairly simple work.)

When you are finished using a terminal connection, type the command logout or exit to the shell prompt to end the session.

Getting a full desktop

To get a full version of the lab desktop environment on your own computer, you will need to get VNC client software for your computer. Once you have that, you'll need to establish a tunnel using SSH for connecting to the lab, and you'll need to start a VNC server on a lab machine.

One-time setup

Pick one of the lab machines and log in using SSH.

The very first time you use VNC in the lab, you'll need to supply an additional password for it. You should pick a different password from the one you use for campus; it should not be obvious, but it does not need to be too complicated, either, because this password only protects your VNC session from other users who have logged onto the same computer. Run the command

vncpasswd
and supply the password you will use. This password is stored under your home directory; so it will be the same on any of the lab computers.

Starting a VNC session

Assuming that you're still connected to one of the lab machines, you should now be able to run the command

vncserver

Note the first line printed; it should say something like

New 'X' desktop is cslab04:3
The number after the colon is important; this is your "display number".

Creating a tunnel

Now you need to use your SSH program to create a tunnel from your computer to this display on the lab computer. You do this by opening a new SSH connection from your computer. You'll specify port 5901 as the local end of the tunnel, and port 5900+x on localhost as the other end, with x being your display number. (In our example, that will be display 3, so port 5903.)

With PuTTY, you pick "New connection..." and fill in the host name as before. But before you open the connection, find 'Connection, SSH, Tunnels' in the tree of options on the left of the dialog. Fill in 5901 for the "Source port", and fill in localhost:5903 for the "Destination". Click "Add", then open the connection.

On Mac OS, you open a new Terminal window and (in our example) type the command

ssh -L 5901:localhost:5903 mserd@cslab04.wheaton.edu
After the -L, the first number is the local port, and the number after the second colon is the display number plus 5900. (If is possible to add a tunnel to an already existing connection, and it is possible to automate some of the connection process. Those tips wlll be described elsewhere.)

Connecting through the tunnel

Launch your VNC viewer and connect to localhost:1 (that's display 1 on localhost). If you've done everything, you should next be prompted for your VNC password and then, at long last, see your virtual desktop in a new window.

Your VNC session will keep running until you tell it to log out or someone restarts the computer. That means you can reconnect to it if your connection is interrupted, or if you simply close your VNC viewer and/or your SSH tunnel.

Because your VNC session continues, you do need to remember to log it out when you really are through with it. Some tips on how to find your VNC sessions will be posted elsewhere.

An easier way with Chicken

Chicken lets you create the tunnel from inside the program. To do that, skip the ssh login and just launch Chicken. In the "VNC Login" dialog, make sure that the Host is localhost and use the remote display number. Then check the "Tunnel over SSH" box near the bottom, and put your lab username and the the host where your server is running in the "SSH host" box (mortimer.snerd@cslab04.wheaton.edu in our example). Your VNC password goes in the "Password" box; you'll be prompted for your SSH (lab) password after you hit "Connect".

Connecting from off-campus

As a bit of extra protection, the college restricts what campus computers can be reached from off-campus. As a CS lab user, you can use SSH to connect to the system csgate.wheaton.edu from elsewhere on the Internet. From csgate, you can, in turn, use SSH to connect to one of the lab machines.

To tunnel your VNC session through csgate to a lab machine, you need to first create a tunnel to csgate, then create another tunnel from there to the lab machine you want to use; those two tunnels need a port number to connect them together.

So that we don't all pick the same number, I suggest that you use as your personal port number what you get when you add your cslab user-number to 10,000. You can use id -u to find out your user number. So, for example, if mortimer.snerd does that, he sees

2339
His personal port number then becomes 12339.

Our user Mortimer should therefore connect to csgate with a tunnel from local (source) port 5901 to port 12339. On Mac OS, that would use

ssh -L 5901:localhost:12399 mortimer.snerd@csgate.wheaton.edu
Once logged in there, he could connect on to display 3 on cslab04 with
ssh -L 12399:localhost:5903 mortimer.snerd@cslab04.wheaton.edu
Finally, he can point his VNC viewer at localhost display :1, which will be connected to his VNC session on cslab04.
Cary Gray
Last modified: Thu Aug 29 15:47:28 CDT 2013

Valid HTML 4.01!