================================================ How to get Access to the Linux Lab from Wherever ================================================ -Ian! D. Allen idallen@idallen.ca The Algonquin Linux Lab in room WT-127 is currently on a private network visible only to machines "inside" the College. "Inside" includes most of the machines on campus, machines connected via the College dial-up service, and machines connected via the Algonquin Virtual Private Network (VPN) software. --------------------------------- Access to your "N:" drive in T127 --------------------------------- You can use your "N:" drive to store unused files in T127: $ share //algshare/home/ share: Attaching smb file system //algshare/home at /tmp/smb-abcd0001. Password: Spawning /bin/bash. Exit shell to unmount Samba share. $ cp -a directory-old /tmp/smb-abcd0001 # use your userid not abcd0001 $ rm -rf directory-old $ exit Unmounting /tmp/smb-abcd0001. ---------------------- Algonquin VPN Software ---------------------- The Cisco/Microsoft VPN software is supported by ITS only under Windows and MAC, not under Linux. ITS supplies a poorly documented and completely unsupported closed-source version of the Cisco VPN software that may or may not work with your particular version of Linux. For ITS VPN download and installation, look for "Connecting from Home" and "VPN Client" under: http://www.algonquincollege.com/its/ The open source Linux package "vpnc" may also work for you. (It works for me!): http://www.unix-ag.uni-kl.de/~massar/vpnc/ In all cases, be careful about your VPN settings if your computer is already on another network that matters to you (i.e. your home network). The Algonquin VPN may take over your machine and route *all* network traffic down the VPN tunnel to Algonquin College, even traffic that should not go that way. You will find your Google searches sending packets into the VPN tunnel, in through the (overloaded) College network connection to the VPN concentrator, out the (overloaded) College network connection to Google. The return packets will reverse the process. Every packet has to traverse the overloaded College network connection twice, instead of going straight to/from Google! The open source "vpnc" software can be configured to run in "split" mode, where only packets for Algonquin College go into the VPN and the rest go directly to their destination. --------- Addresses --------- The private IP addresses of the 31 machines in the T127 lab are these: 10.50.15.1xx where xx ranges from 01 to 31, e.g. 10.50.15.101 to 10.50.15.131 A remote login server, preferred for remote logins, is also available at 10.50.15.32. This server is physically located outside T127 but is on the same network. Use this remote login server whenever possible. Above are the private IP addresses you may use to connect to the machines in the T127 Linux Lab. The College does not currently have names assigned to these addresses; you have to remember the IP addresses. The above IP addresses are private and are not visible from the public Internet. You must be in the right place on the internal College network (possibly connected via the VPN or dial-up) to use the above addresses. See the "Lab Access" heading, below, for a list of places that are allowed to connect to these private addresses. ----- Ports ----- Access to most ports in the Linux Lab has been disabled. For the single machine wt127-32 the ports 49152 to 49251 have been modified to permit access (on host wt127-32 only). You can run servers on these ports and access the servers from other places on campus, or via the VPN. --------------------- Disconnection Warning --------------------- As of November 2007, the lab has a high-powered, multi-core, multi-GB, dedicated remote login server available at 10.50.15.32. If you use that server, no student will reboot the machine while you are working on it. If you remote login to any of the other 31 Linux Lab machines, you may be connected to one of the machines at the same time as someone else, and that includes someone sitting in front of the machine in the Linux Lab itself. If the person in the Linux Lab decides to push the RESET button, unplug the network cable, or reboot the machine, you will be disconnected without notice and whatever you were editing at the time may be lost. The VI/VIM editor may save all or part of a file you are editing so that you can recover it when you reconnect. Use the "-r" option to recover: $ vim -r filename The recovery may or may not work, depending on how the machine was shut down and what you were doing when you edited the file. Don't remote login to the 31 lab machines. Use the dedicated server at 10.50.15.32 for all remote logins. ----------------------------------------- Connecting to T127 from Microsoft Windows ----------------------------------------- Text Mode Connections --------------------- From "inside" the firewall (on campus, or via the VPN) you can use the free PuTTY application to connect to Linux from Microsoft Windows machines. You will find PuTTY under the "Programs" menu. PuTTY can connect in "telnet" mode (port 23 - not recommended) or in "ssh" mode (port 22 - recommended). Use the "ssh" mode of PuTTY. You can also use the built-in Windows "telnet" application; but, your login password and session will be unencrypted. The Windows telnet client also isn't very good at keeping your screen updated (especially the one in Windows 95/98). Select START -> RUN and then enter "telnet" followed by an argument that is a machine name or IP address. For the Linux Lab remote login server you would enter: telnet 10.50.15.32 # WARNING: TELNET IS INSECURE You can also type this same telnet command from a DOS prompt; but, use the ssh mode of PuTTY instead. PuTTY also has secure "scp" and "sftp" applications available for file transfer between Windows and Unix machines. (Plain FTP is not secure.) Graphics Mode Connections ------------------------- The new (November 2007) remote login server supports graphical VNC connections. You can connect to a full remote virtual desktop from any machine that runs a VNC client (e.g. from any Windows machine). From: Richard Campbell Date: Fri, 19 Oct 2007 14:51:09 -0400 Subject: Linux - New workstation A new Linux workstation has been configured and is now installed in the ITS server room. As it is on a UPS and there will be no console users, one can expect this machine to be always on. In Ian's terms, this is a "unbootable machine". This "Remote Access Server" (linuxras) has the same applications and configuration as the Linux workstations in lab T127. Exception: The Nvidia graphics drivers and library have not been installed. This workstation is dedicated for remote access. Home directories are NFS mounted as per usual. These services have been enabled: telnet, ftp, ssh and sftp. Rules: All user processes will belong to current logged in users. Logins of an unusually long duration will not be accepted. Remedial action will occur without warning. The IP address is 10.50.15.32. Alias host names are wt127-32 and linuxras. New graphical login service - VNC The X virtual network computing server (Xvnc) has been configured to run from the Internet services daemon (xinetd). This will simplify use by the remote user and also prevent having orphaned Xvnc daemons on the server. A vnc client provides a window of the X graphical interface that is very similar to the console user experience. The MS Windows XP client, VNC Viewer Free Edition, can be obtained from www.realvnc.com. The Fedora Core 6 client is vnc-4.1.2-3.fc6.i386.rpm. This a default install in the "System Tools" group. To use a default configuration of 1024x768 with colour depth 16, use command "vncviewer 10.50.15.32:1". With reference to the chart below, other resolutions and colour depths are available by specifying a different X display number. The 8 bit colour depths do not work. Chart for X display numbers (:xx). Colour Depth 8 16 24 Resolution (hxv) 640x480 :50 800x600 :51 :52 :53 1024x768 :54 :55 :56 1152x864 :57 :58 :59 1280x1024 :60 :61 :62 To use a configuration of 1152x1864 with colour depth 24, use command "vncviewer 10.50.15.32:59". ----------------------------------------------------- Connecting to T127 from a Unix/Linux/OSX shell prompt ----------------------------------------------------- From a Unix/Linux shell prompt, you can use the "ssh" command with your userid and an argument that is the name or IP address of the machine to which you wish to connect. You can use one of two equivalent syntaxes: $ ssh -l abcd0001 10.50.15.32 abcd0001@10.50.15.32's password: $ ssh abcd0001@10.50.15.32 abcd0001@10.50.15.32's password: The argument following "-l" is your Linux Lab userid. The IP address is the address of one of the Linux Lab client machines. From the command line, you can also use the "telnet" command; but, it is less secure since it doesn't hide your password or anything you type over the network: $ telnet 10.50.15.32 # WARNING: TELNET IS INSECURE Connected to 10.50.15.32. # DO NOT USE TELNET login: abcd0001 Password: # THIS PASSWORD IS SENT CLEARTEXT! The ssh command is preferred, since it keeps your password and session traffic encrypted over the network (telnet does not!). To transfer files from the command line, you can use scp or sftp (encrypted, secure) or plain ftp (unencrypted, insecure). $ scp -p abcd0001@10.50.15.32:myfile.txt foo.txt abcd0001@10.50.15.32's password: $ scp -p foo.txt abcd0001@10.50.15.32:myfile.txt abcd0001@10.50.15.32's password: $ sftp abcd0001@10.50.15.32 abcd0001@10.50.15.32's password: sftp> help $ ftp 10.50.15.32 # WARNING: FTP IS INSECURE Connected to 10.50.15.32. # DO NOT USE FTP 220 (vsFTPd 2.0.1) Name (wt127-32:abcd0001): abcd0001 331 Password required for abcd0001. Password: 230 User abcd0001 logged in. Remote system type is UNIX. Using binary mode to transfer files. ftp> help --------------- T127 Lab Access --------------- The exact list of machines and networks allowed to access the Linux Lab private network has been changed several times by ITS without notice. What is documented here is a snapshot of what has seemed to work at some point. It may change again without notice. Locations that are currently allowed access to Linux Lab machines: Algonquin dial-up lines (via modem) Algonquin open access centres in T building Algonquion faculty offices in T building anywhere via Cisco/Microsoft Windows VPN client anywhere via Cisco/Linux VPN client for RedHat Linux [unsupported] anywhere via Linux VPN client http://www.unix-ag.uni-kl.de/~massar/vpnc/ Locations that are currently *NOT* allowed direct access to Linux Lab machines: Algonquin ACADUNIX anywhere on the Internet (without using the VPN) You can connect from the Linux Lab to ACADUNIX using telnet or ssh; but, you cannot connect the other way around. ACADUNIX sometimes does not permit incoming "ssh" connections; you can also use "telnet" to reach ACADUNIX (but your password and session will be in cleartext!). --------------------------------- Using EMail in the T127 Linux Lab --------------------------------- If you use a GUI EMail client and set up SMTP authentication to "outmail.algonquincollege.com", you can probably send EMail from the Linux Lab using that client. Every GUI client must be configured separately. Linux command-line email, using sendmail or the "mail" or "mutt" commands, e.g. "mail user@domain.ca", probably won't work for you unless you're sending email to an on-campus "algonquincollege.com" address. Any other address will likely give the error "Relaying denied"; because, the Algonquin SMTP server doesn't recognize the Linux Lab as being on campus. The SMTP port is blocked at the campus boundary; you cannot connect to any SMTP servers off-campus while you are on-campus. You must drop off all email via the SMTP server at "outmail.algonquincollege.com". Yes, the Linux Lab is considered "on campus" for SMTP port blocking (the port is blocked), and it is simultaneously considered "off campus" for SMTP mail delivery (relaying is denied from off-campus machines). ------------------------------- Diagnosing problems: Using ping ------------------------------- Everywhere else but Algonquin College, you can usually use the "ping" utility from a DOS or Unix command line to see if a machine is responding. The ITS department at Algonquin has disabled the use of ping between most machines on- and off-campus. As of the writing of this document, ping works *within* the Linux Lab; but, not to machines outside: $ ping -c 4 10.50.15.101 # only works inside the T127 lab PING 10.50.15.101 (10.50.15.101): 56 octets data 64 octets from 10.50.15.101: icmp_seq=0 ttl=252 time=0.4 ms 64 octets from 10.50.15.101: icmp_seq=1 ttl=252 time=0.4 ms 64 octets from 10.50.15.101: icmp_seq=2 ttl=252 time=0.3 ms 64 octets from 10.50.15.101: icmp_seq=3 ttl=252 time=0.3 ms --- 10.50.15.101 ping statistics --- 4 packets transmitted, 4 packets received, 0% packet loss round-trip min/avg/max = 0.3/0.3/0.4 ms If a machine in the Lab is not responding: $ ping -c 4 10.50.15.126 PING 10.50.15.126 (10.50.15.126): 56 octets data --- 10.50.15.126 ping statistics --- 4 packets transmitted, 0 packets received, 100% packet loss If you cannot get a "ping" response between Linux Lab machines, you will not be able to connect via ssh, telnet, or ftp. ITS will not let you use "ping" to machines outside the Lab, nor is it likely that you will be able to "ping" machines in the Lab from anywhere else (perhaps not even using the VPN). This changes.