RX-M courses can be delivered in conjunction with a cloud based lab environment. To access a cloud lab system, students will need to have an ssh client installed on their computer and internet ssh access (port 22).
Any mainstream ssh client will work and macOS/Linux computer systems have a good ssh client preinstalled.
In order to use private key files with ssh on Linux systems, you must change the security attributes so that you alone have READ-ONLY access. Use the following bash command to achieve this result:
$ chmod 400 key.pem
The file will retain these permissions after you perform this step once.
Next, start an ssh session with a shell.
Windows 10 supports ssh natively via Command Prompt and PowerShell but also supports 3rd party ssh client tools (you do not need to install any or all of them; use what works best for you).
Links to 3rd party installers:
- GitBash ssh command line client (free, part of Git distribution) [Windows/OSX/Linux] https://git-scm.com/downloads
- MobaXTerm (free and paid) [Windows] https://mobaxterm.mobatek.net/download.html
- PuTTY (free) [Windows] https://www.putty.org/
Next, configure SSH key permissions based on your platform of choice:
In order to use private key files with ssh with Windows Command Prompt or PowerShell, you must change the security attributes so that you alone have READ-ONLY access. Use the following procedure to achieve this result:
- Locate the pem file in Windows Explorer, right-click on it then select "Properties".
-
In the "Properties" window, (1) Navigate to the "Security" tab and (2) click "Advanced".
-
In the "Advanced Security Settings" window:
- (3) Only if the "Owner" is not your account, change the owner to you by clicking the "Change" link.
- (4) Click on the [ Disable Inheritance ] button in the lower left corner.
- In the "Block Inheritance" pop-up, select, "Remove all inherited permissions from this object"
- (1) In the "Permission entries" pane, select an existing permission and (2) click the [ Remove ] button.
- Repeat steps 1 & 2 for each permission, deleting all existing permissions.
- After all existing permissions are removed, select the [ Add ] button.
- In the "Permission Entry" window:
- Select the "Select a Principal" link.
- In the "Select User or Group" window:
- (1) In the "Enter the object name to select (examples)" text box, type your username.
- (2) Click the [ Check Names ] button to autofill and/or check the username.
- After checking the name, the proper syntax should be applied
- Click the [ OK ] button.
- Back in the "Permission Entry" window:
- (1) Under "Principal", make sure your user is present.
- (2) Under "Basic Permissions", add a check (√) to the "Full control" option.
- (3) Click the [ OK ] button.
- Back in the "Advanced Security Settings" window, your user should be the only permission in the "Permission entries" field.
- Click the [ OK ] button.
- Finally, back in the "Properties" window, under "Group or user names:", only your user should appear.
- Click the [ OK ] button.
Now SSH will not complain about file permissions being too open and you can ssh from Windows natively. The file will retain these permissions after you perform this step once.
Next, start an ssh session with a shell.
Both GitBash and MobaXTerm understand the PEM format; no configuration necessary.
Next, start an ssh session:
PuTTY does not natively support the PEM format that cloud environments use, so you need to convert your PEM file to a PPK file (PPK = PuTTY Private Key) before gaining access. To do this, you use the PuTTYgen utility.
To start PuTTYgen the utility you can type puttygen in the Windows start dialog box.
In the PuTTYgen dialog box, click the [ Load ] button:
When browsing for your pem file be sure to select All Files in the dropdown list that is located to the right of the File name field:
Select the .pem file that you received (called "student.pem" in the screenshot above) and click [ Open ].
Read the PuTTYgen Notice and then click [ Ok ].
As the notice states, click on [ Save private key ]:
N.B. if you are asked if you want to save they key without a passphrase you can safely click "Yes".
Name the private key file and save it to a path that is easy to remember (we will use the path to the file in putty).
Next, start an ssh session with PuTTY.
Command line clients like a Linux shell, the macOS Terminal app, or Windows GitBash, Command Prompt, or PowerShell can generally access the cloud lab site by opening the related app/shell and typing a command like this:
$ ssh -i key.pem [email protected]
Where:
- The
-iswitch (for identity) is typically required and allows you to pass a key file to the ssh client ("key.pem" in the example) for extra security. - "
ubuntu" is the default username (the instructor may supply students with a different username in class) - "
host.ip.ad.dr" is the host IP address of the student lab system supplied by the instructor during class (e.g. 54.23.87.45).
Start MobaXTerm and add a new session by clicking on the "Session" icon in the top-left corner or by selecting the "Sessions" menu and clicking on "New session".
In the "Session settings" window, click on SSH and enter the following information:
- In the "Remote host" text box, enter the IP address assigned to you (sent via email or assigned in class)
- Check the box next to "Specify username" and enter
ubuntu
- Click on the "Advanced SSH settings" tab
- Check the box next to "Use private key" and type the path to your .pem file or click on the browse icon which will let you navigate to the location where you saved it using Windows explorer.
Click on the [ OK ] button to start your SSH session.
Once you have converted the pem file to a ppk file, you are ready to use PuTTY. Open putty and type connection information in the "Host Name" text field:
- The user name for ubuntu VMs running in the cloud is "ubuntu"
- The IP address assigned to you (sent via email or assigned in class)
The format should look similar to: [email protected] (substituting your assigned IP for the example)
Next, in the "Category" column on the left, click on the "+" icon next to the SSH field to expand the section.
In the newly expanded section, click on "Auth".
In the "Private key file for authentication" text field, either type the path to your ppk file or click on the [ Browse... ] button to open the "Select private key file" dialog which will let you navigate to the location where you saved it using Windows explorer.
After setting the path to the private key file, you can optionally return to the "Session" category, and under the "Saved Sessions" text box you can name your session and save it by clicking the [ Save ] button.
Click the [ Open ] button to start your SSH session.
DO NOT follow these instructions unless explicitly instructed to do so.
To support browser GUI sessions over ssh the "X Window System" (X11 or simply X), a windowing system for bitmap displays, is required.
X11 is no longer included with Mac systems (see this support article), but X11 server and client libraries are available from the XQuartz project, which Apple created and contribues to.
- Open a browser and navigate to https://www.xquartz.org/
- Download the .dmg file and install
- Any time an SSH session is launched with the
-Xargument in the normal macOS terminal, the xQuartz program will automatically launch to support the X window.
Windows does not include built in X support. Solutions are per client.
- Mobaxterm: X11 is supported natively by mobaxterm and does not require any further installation.
- putty: Requires an external xserver and enabling via: Connection->SSH->X11->Enable X11 Forwarding
- git bash ssh: Requires an external xserver.
Windows X servers:
- VcXsrv: Free Windows X-server based on xorg git sources (like xming or cygwin's xwin, build with Visual Studio) https://sourceforge.net/projects/vcxsrv/files/
- XMing: Freemium Windows X-server based on xorg git sources: https://sourceforge.net/projects/xming/files/Xming/
Command line clients can generally access the cloud lab using X11 server with a command like this:
$ ssh -i key.pem -X [email protected]
Where "ubuntu" is the default user name (the instructor may supply students with a different user name in class) and "host.ip.ad.dr" is the host IP address of the student lab system supplied by the instructor during class (e.g. 54.23.87.45).
- The
-iswitch (for identity) is typically required in classes. This allows you to pass a key file to the ssh client ("key.pem" in the example) for extra security. - The
-Xswitch enables the X11 Window System for using remote GUI applications.
If using GUI applications on the remote server, on the remote machine export the DISPLAY variable:
ubuntu@remote-host:~$ export DISPLAY=localhost:10
Install, and launch firefox
ubuntu@remote-host:~$ sudo apt-get install firefox -y
...
ubuntu@remote-host:~$ firefox &
A window on your local system should open with an instance of the Firefox browser from the remote system.