=====Remote access===== The main tool for remote access to the APO classes related university servers and computes is the SSH protocol (Secure Shell), which provides secure access to the remote command line, file transfer, as well as the ability to run remote graphics applications. On UNIX-like systems including GNU/Linux or Mac, you can use the program ''ssh'' of same name. On OS Windows, we recommend a program [[https://www.ssh.com/ssh/putty/windows/|Putty]] All these tools enable to connect to the server ''postel.felk.cvut.cz'', which provides both native and cross-compilation tool-chains as well as a [[courses:b35apo:documentation:qtmips:|QtMips]] simulator and there are also stored example sources shown and used as templates for exercises. The SCP protocol can then be used for file transfers as well as other clients supporting the SCP/SFTP protocol. Use ''ssh'' to connect to the server using your CTU login and [[https://ist.cvut.cz/podpora/navody/faq-heslo/|CTU Passwords]] by following command: ssh your_login@postel.felk.cvut.cz In case of high server load or if you plan to run **more demanding** tasks, **do not** directly use the Remote Access Gateway (virtual server ''postel''), but run one of the computers in the lab. To access and allocate the lab computers use ''student'' account with the generic password ''xxx'' on the gateway server. ssh student@postel.felk.cvut.cz You will then be asked to provide your CTU username and select a laboratory from which you will be offered the currently least busy machine. More on page [[https://support.dce.felk.cvut.cz/mediawiki/index.php?title=Vzd%C3%A1len%C3%BD_p%C5%99%C3%ADstup_do_laborato%C5%99%C3%AD |Remote access to Laboratories]] at pages of [[https://support.dce.felk.cvut.cz/mediawiki/index.php/Hlavn%C3%AD_strana|K13135 IT Department]] ====SSH Keys==== A more secure and convenient option than using a password is using the SSH key. Its public portion must be available on the target server and paired with your account. The private part must be kept secret and should not leave your computer(s). To access ''postel.felk.cvut.cz'' you can use your existing key or generate a new one. You can generate both components of the same key with the following command: ssh-keygen Since a command can only generate 2048-bit RSA wit default options, the author of this article recommends using a modern elliptical curve with a command ssh-keygen -t ed25519 Or use at least 4096 bit RSA selected by next command: ssh-keygen -b 4096 All variants of the command will ask you 2 questions: - where to store the key - we recommend using the default directory (''~/.ssh/''). If you generate your first key, use the full default name. - the password for the private part of your key. The private part can also be encrypted within your computer. If you do not enter a password, the key is left without a password. If you believe your computer is a safe place, you don't really need to enter a password. If you choose to enter a password, for security reasons **the number of characters you enter may not be visible**. The symbol ''~'' is shortcut for your home directory. So you have both parts of the key in the default settings saved to the ''.ssh'' folder in your home directory. You can now send the public part of the key to the server and pair it with your account with a command: ssh-copy-id yor_login@postel.felk.cvut.cz SSH related tools search for keys by default in directory ''~/.ssh/''. If you chose a different file in a different directory when generating a key, you can define it using the ''-i option'': (it doesn't matter if the public or private part - the program always sends the right one) ssh-copy-id -i path/to/key/file your_login@postel.felk.cvut.cz From now on, it should be possible (with the exception of checking if you are still a student) to log on to the server without a CTU password, using only an SSH key. ===SSH Agent=== If you have chosen a password for the key during generation, you must enter it by default every time you use the key to connect to a remote server. If you connect to the server frequently, it can get a little annoying. To avoid always having to enter the password, you can temporarily decript and store the your key in an SSH agent within your computer. So you only enter the password when you load the key to the agent and when password is required later it is already decrypted and used from agent. The decrypted key is removed from the agent when the agent exits, such as when the computer shuts down or yu log off. To load keys from the default directory ''~/.ssh/'' into an agent, use the command: ssh-add If non default key is used, specify the key file path: ssh-add path/to/key/file ===Other Use of SSH Key=== You can use the SSH key in addition to accessing the server ''postel.felk.cvut.cz'' for example to access the school GIT - see. [[courses:b35apo:documentation:githowto:|instructions]] ====Mount Remote Folders into Your Local System==== Your entire user account on the server ''postel.felk.cvut.cz'' can be mapped to a local directory on your GNU/Linux or Mac OS system via the utility [[http://man7.org/linux/man-pages/man1/sshfs.1.html|sshfs]]. You'll only need an empty local directory. The whole connection is based on SSH, so you use the same login details or keys as in the classic SSH command line connection. Before the first connection, you might want to prepare an empty folder in your home directory, for example: mkdir remote_home Then you mount remote home directory to the local folder by command: sshfs your_login@postel.felk.cvut.cz: remote_home The mounting, folder is disconnected/unmounted by command: fusermount -u remote_home ====Running Graphics (GUI) Applications Remotelly==== Run graphics applications directly on the server ''postel.felk.cvut.cz'' server if it is only short shot **trifle** - for example, for testing. From systems that support the standardized X-windows protocol (or is equipped by X11 emulator), it is possible to remotely start a graphics application so that its graphics output is redirected to your desktop display. When running an SSH session, the parameter ''-X''(capital X) added to the ''ssh'' command requests to forward the graphics protocol. Subsequently, you can use SSH to run a graphics application on a remote server (for example, the QtMips simulator) and the window will appear on your monitor. ssh -X your_login@postel.felk.cvut.cz Run simulator: qtmips_gui A rgood Internet connection with low latency to the univesity server is required to run a remote graphics application smoothly. A more rconvenient option is to have the simulator installed on your computer. **For any applications that burden a remote computer, however, the recommended procedure is to start one of the computers in the student labs** - see the introduction to this page. ====Alternative Options and Protocols to Run Remote Applications==== Alternative options that are more responsive and reduce data bandwidth for a GUI session and that can be used by nonstandard systems (Windows) are ''xpra'' and ''spice'' protocols. To use them, you must always turn on one of the computers in the labs. It cannot be run on the gateway server ''postel.felk.cvut.cz'' directly. To access applications via ''xpra'' install a corresponding package, for Debian or Ubuntu it can be done apt install xpra You need version 3.0 and later, which supports the SSH->SSH login protocol. For legacy Debian or Ubuntu distribution can be obtained from bacports echo "deb http://ftp.cz.debian.org/debian buster-backports main contrib non-free" | \ sudo cat >/etc/apt/sources.list.d/debian-backports.list sudo apt update sudo apt install -t buster-backports xpra On the remote laboratory computer check if a desktop session is started on the computer remote-desktop list If it is not listed start the graphics desktop session remote-desktop start xpra Write down the display number and store it in the dialog windows of ''Xpra'' client program started on your computer. {{..:..:..:documentation:remote:xpra-to-k23-2-connect.png?direct&400|}} Use ''postel'' server to access your data and home directory, the NFS home volume is common for all coputers.