The main tool for remote access to the APO classes related university servers and computes is the SSH protocol (Secure Shell), which provides secure access to the remote command line, file transfer, as well as the ability to run remote graphics applications. On UNIX-like systems including GNU/Linux or Mac, you can use the program ssh of same name. On OS Windows, we recommend a program Putty

All these tools enable to connect to the server postel.felk.cvut.cz, which provides both native and cross-compilation tool-chains as well as a QtMips simulator and there are also stored example sources shown and used as templates for exercises.

The SCP protocol can then be used for file transfers as well as other clients supporting the SCP/SFTP protocol.

Use ssh to connect to the server using your CTU login and CTU Passwords by following command:

ssh your_login@postel.felk.cvut.cz

In case of high server load or if you plan to run more demanding tasks, do not directly use the Remote Access Gateway (virtual server postel), but run one of the computers in the lab. To access and allocate the lab computers use student account with the generic password xxx on the gateway server.

ssh student@postel.felk.cvut.cz

You will then be asked to provide your CTU username and select a laboratory from which you will be offered the currently least busy machine. More on page Remote access to Laboratories at pages of K13135 IT Department

A more secure and convenient option than using a password is using the SSH key. Its public portion must be available on the target server and paired with your account. The private part must be kept secret and should not leave your computer(s). To access postel.felk.cvut.cz you can use your existing key or generate a new one.

You can generate both components of the same key with the following command:

ssh-keygen

Since a command can only generate 2048-bit RSA wit default options, the author of this article recommends using a modern elliptical curve with a command

ssh-keygen -t ed25519

Or use at least 4096 bit RSA selected by next command:

ssh-keygen -b 4096

All variants of the command will ask you 2 questions:

1. where to store the key - we recommend using the default directory (~/.ssh/). If you generate your first key, use the full default name.
2. the password for the private part of your key. The private part can also be encrypted within your computer. If you do not enter a password, the key is left without a password. If you believe your computer is a safe place, you don't really need to enter a password. If you choose to enter a password, for security reasons the number of characters you enter may not be visible.

The symbol ~ is shortcut for your home directory. So you have both parts of the key in the default settings saved to the .ssh folder in your home directory.

You can now send the public part of the key to the server and pair it with your account with a command:

ssh-copy-id yor_login@postel.felk.cvut.cz

SSH related tools search for keys by default in directory ~/.ssh/. If you chose a different file in a different directory when generating a key, you can define it using the -i option: (it doesn't matter if the public or private part - the program always sends the right one)

ssh-copy-id -i path/to/key/file your_login@postel.felk.cvut.cz

From now on, it should be possible (with the exception of checking if you are still a student) to log on to the server without a CTU password, using only an SSH key.

If you have chosen a password for the key during generation, you must enter it by default every time you use the key to connect to a remote server. If you connect to the server frequently, it can get a little annoying. To avoid always having to enter the password, you can temporarily decript and store the your key in an SSH agent within your computer. So you only enter the password when you load the key to the agent and when password is required later it is already decrypted and used from agent. The decrypted key is removed from the agent when the agent exits, such as when the computer shuts down or yu log off.

To load keys from the default directory ~/.ssh/ into an agent, use the command:

ssh-add

If non default key is used, specify the key file path:

ssh-add path/to/key/file

You can use the SSH key in addition to accessing the server postel.felk.cvut.cz for example to access the school GIT - see. instructions

Your entire user account on the server postel.felk.cvut.cz can be mapped to a local directory on your GNU/Linux or Mac OS system via the utility sshfs. You'll only need an empty local directory. The whole connection is based on SSH, so you use the same login details or keys as in the classic SSH command line connection.

Before the first connection, you might want to prepare an empty folder in your home directory, for example:

mkdir remote_home

Then you mount remote home directory to the local folder by command:

sshfs your_login@postel.felk.cvut.cz: remote_home

The mounting, folder is disconnected/unmounted by command:

fusermount -u remote_home

Run graphics applications directly on the server postel.felk.cvut.cz server if it is only short shot trifle - for example, for testing. From systems that support the standardized X-windows protocol (or is equipped by X11 emulator), it is possible to remotely start a graphics application so that its graphics output is redirected to your desktop display. When running an SSH session, the parameter -X(capital X) added to the ssh command requests to forward the graphics protocol. Subsequently, you can use SSH to run a graphics application on a remote server (for example, the QtMips simulator) and the window will appear on your monitor.

ssh -X your_login@postel.felk.cvut.cz

Run simulator:

qtmips_gui

A rgood Internet connection with low latency to the univesity server is required to run a remote graphics application smoothly. A more rconvenient option is to have the simulator installed on your computer.

For any applications that burden a remote computer, however, the recommended procedure is to start one of the computers in the student labs - see the introduction to this page.

Alternative options that are more responsive and reduce data bandwidth for a GUI session and that can be used by nonstandard systems (Windows) are xpra and spice protocols. To use them, you must always turn on one of the computers in the labs. It cannot be run on the gateway server postel.felk.cvut.cz directly.

To access applications via xpra install a corresponding package, for Debian or Ubuntu it can be done

apt install xpra 

You need version 3.0 and later, which supports the SSH→SSH login protocol. For legacy Debian or Ubuntu distribution can be obtained from bacports

echo "deb http://ftp.cz.debian.org/debian buster-backports main contrib non-free" | \
  sudo cat >/etc/apt/sources.list.d/debian-backports.list
sudo apt update
sudo apt install -t buster-backports xpra

On the remote laboratory computer check if a desktop session is started on the computer

remote-desktop list

If it is not listed start the graphics desktop session

remote-desktop start xpra

Write down the display number and store it in the dialog windows of Xpra client program started on your computer.

Use postel server to access your data and home directory, the NFS home volume is common for all coputers.