================================================ How to get Access to the Linux Lab from Wherever ================================================ -Ian! D. Allen idallen@idallen.ca The Algonquin Linux Lab in room WT-127 is currently on a private network visible only to machines "inside" the College. "Inside" includes most of the machines on campus, machines connected via the College dial-up service, and machines connected via the Virtual Private Network (VPN) software. ------------ VPN Software ------------ The Cisco/Microsoft VPN software is supported by ITS only under Windows and MAC, not under Linux. ITS supplies a poorly documented and completely unsupported closed-source version of the Cisco VPN software that may or may not work with your particular version of Linux. For ITS VPN download and installation, look for "Connecting from Home" and "VPN Client" under: http://www.algonquincollege.com/its/ The open source Linux "vpnc" package may also work for you. In all cases, be careful about your VPN settings if your computer is already on another network that matters to you. The VPN may take over your machine and route *all* network traffic down the VPN tunnel to Algonquin College, even traffic that should not go that way. You will find your Google searches sending packets into the VPN tunnel, in through the (overloaded) College network connection to the VPN concentrator, out the (overloaded) College network connection to Google. The return packets will reverse the process. Every packet has to traverse the overloaded College network connection twice, instead of going straight to/from Google! The "vpnc" software can be configured to run in "split" mode, where only packets for Algonquin College go into the VPN and the rest go directly to their destination. --------- Addresses --------- The private IP addresses of the 31 machines in the T127 lab are these: 10.50.15.1xx where xx ranges from 01 to 31, e.g. 10.50.15.101 to 10.50.15.131 These are the private IP addresses you must use to connect to the Linux Lab. The College does not currently have names assigned to these addresses; you have to remember the IP addresses. The above IP addresses are private and are not visible from the public Internet. You must be in the right place on the internal College network (possibly connected via the VPN or dial-up) to use the above addresses. See the "Lab Access" heading, below, for a list of places that are allowed to connect to these private addresses. --------------------- Disconnection Warning --------------------- You may be connected to one of the Linux Lab machines at the same time as someone else, and that includes someone sitting in front of the machine in the Linux Lab itself. If the person in the Linux Lab decides to push the RESET button or otherwise reboot the machine, you will be disconnected without notice and whatever you were editing at the time may be lost. The VI/VIM editor may save all or part of a file you are editing so that you can recover it when you reconnect. Use the "-r" option to recover: $ vim -r filename The recovery may or may not work, depending on how the machine was shut down and what you were doing when you edited the file. I have asked ITS and CS to set up a dedicated machine for use by people connecting remotely, one that cannot be rebooted, to avoid this problem. It isn't a priority for them. --------------------------------- Connecting from Microsoft Windows --------------------------------- From "inside" the firewall (on campus, or via the VPN) you can use the free PuTTY application to connect to Linux from Microsoft Windows machines. You will find PuTTY under the "Programs" menu. PuTTY can connect in "telnet" mode (port 23 - not recommended) or in "ssh" mode (port 22 - recommended). Use the "ssh" mode of PuTTY. You can also use the built-in Windows "telnet" application; but, your login password and session will be unencrypted. The Windows telnet client also isn't very good at keeping your screen updated (especially the one in Windows 95/98). Select START -> RUN and then enter "telnet" followed by an argument that is a machine name or IP address. For the Linux Lab, machine 01, you would enter: telnet 10.50.15.101 # WARNING: TELNET IS INSECURE You can also type this same thing from a DOS prompt. But use the ssh mode of PuTTY instead. PuTTY also has secure "scp" and "sftp" applications available for file transfer between Windows and Unix machines. (Plain FTP is not secure.) --------------------------------------------- Connecting from a Unix/Linux/OSX shell prompt --------------------------------------------- From a Unix/Linux shell prompt, you can use the "ssh" command with your userid and an argument that is the name or IP address of the machine to which you wish to connect. You can use one of two equivalent syntaxes: $ ssh -l abcd0001 10.50.15.101 abcd0001@10.50.15.101's password: $ ssh abcd0001@10.50.15.101 abcd0001@10.50.15.101's password: The argument following "-l" is your Linux Lab userid. The IP address is the address of one of the Linux Lab client machines. You can also use the "telnet" command; but, it is less secure since it doesn't hide your password or anything you type over the network: $ telnet 10.50.15.101 # WARNING: TELNET IS INSECURE Connected to 10.50.15.101. login: abcd0001 Password: The ssh command is preferred, since it keeps your password and session traffic encrypted over the network (telnet does not!). To transfer files, you can use scp or sftp (encrypted, secure) or plain ftp (unencrypted, insecure). $ scp -p abcd0001@10.50.15.101:myfile.txt foo.txt abcd0001@10.50.15.101's password: $ scp -p foo.txt abcd0001@10.50.15.101:myfile.txt abcd0001@10.50.15.101's password: $ sftp abcd0001@10.50.15.101 abcd0001@10.50.15.101's password: sftp> help $ ftp 10.50.15.101 # WARNING: FTP IS INSECURE Connected to 10.50.15.101. 220 (vsFTPd 2.0.1) Name (wt127-1:abcd0001): abcd0001 331 Password required for abcd0001. Password: 230 User abcd0001 logged in. Remote system type is UNIX. Using binary mode to transfer files. ftp> help ---------- Lab Access ---------- The exact list of machines and networks allowed to access the Linux Lab private network has been changed several times by ITS without notice. What is documented here is a snapshot of what has seemed to work at some point. It may change again without notice. Locations that are currently allowed access to Linux Lab machines: Algonquin dial-up lines (via modem) Sympatico HSE (PPPoE) open access centres in T building faculty offices in T building anywhere via Cisco/Microsoft Windows VPN client anywhere via Cisco/Linux VPN client for RedHat Linux [unsupported] anywhere via Linux VPN client http://www.unix-ag.uni-kl.de/~massar/vpnc/ Locations that are currently *NOT* allowed direct access to Linux Lab machines: acadunix anywhere on the Internet (without using the VPN) You can connect from the Linux Lab to ACADUNIX using telnet or ssh; but, you cannot connect the other way around. ACADUNIX sometimes does not permit incoming "ssh" connections; you can also use "telnet" to reach ACADUNIX (but your password and session will be in cleartext!). ---------------------------- Using EMail in the Linux Lab ---------------------------- If you use a GUI EMail client and set up SMTP authentication to "outmail.algonquincollege.com", you can probably send EMail from the Linux Lab using that client. Every GUI client must be configured separately. Linux command-line email, using sendmail or the "mail" or "mutt" commands, e.g. "mail user@domain.ca", probably won't work for you unless you're sending email to an on-campus "algonquin.com" address. Any other address will likely give the error "Relaying denied"; because, the Algonquin SMTP server doesn't recognize the Linux Lab as being on campus. The SMTP port is blocked at the campus boundary; you cannot connect to any SMTP servers off-campus while you are on-campus. You must drop off all email via the SMTP server at "outmail.algonquincollege.com". Yes, the Linux Lab is considered "on campus" for SMTP port blocking (the port is blocked), and it is simultaneously considered "off campus" for SMTP mail delivery (relaying is denied from off-campus machines). ------------------------------- Diagnosing problems: Using ping ------------------------------- Everywhere else but Algonquin College, you can usually use the "ping" utility from a DOS or Unix command line to see if a machine is responding. The ITS department at Algonquin has disabled the use of ping between most machines on- and off-campus. As of the writing of this document, ping works *within* the Linux Lab; but, not to machines outside: $ ping -c 4 10.50.15.101 PING 10.50.15.101 (10.50.15.101): 56 octets data 64 octets from 10.50.15.101: icmp_seq=0 ttl=252 time=0.4 ms 64 octets from 10.50.15.101: icmp_seq=1 ttl=252 time=0.4 ms 64 octets from 10.50.15.101: icmp_seq=2 ttl=252 time=0.3 ms 64 octets from 10.50.15.101: icmp_seq=3 ttl=252 time=0.3 ms --- 10.50.15.101 ping statistics --- 4 packets transmitted, 4 packets received, 0% packet loss round-trip min/avg/max = 0.3/0.3/0.4 ms If a machine in the Lab is not responding: $ ping -c 4 10.50.15.126 PING 10.50.15.126 (10.50.15.126): 56 octets data --- 10.50.15.126 ping statistics --- 4 packets transmitted, 0 packets received, 100% packet loss If you cannot get a "ping" response between Linux Lab machines, you will not be able to connect via ssh, telnet, or ftp. ITS will not let you use "ping" to machines outside the Lab, nor is it likely that you will be able to "ping" machines in the Lab from anywhere else (perhaps not even using the VPN). This changes.