- Virtual Private Network (VPN)
- Secure Shell (SSH) Client
- X11 Forwarding (Optional)
- Secure Copy Protocol (SCP)
- Secure File Transfer Protocol (SFTP)
- Conclusion
To connect to Binghamton University computer systems when using a personal system, one must pass through a firewall. In order to do this, we will use a VPN client called Ivanti Secure Access Client and open an SSL connection. If you do not use the VPN, you will not be able to connect to Remote, and unfortunately it doesn't generate some sort of error message either. You're just left waiting for a connection that never happens ...
- Connect to ssl.binghamton.edu
- Login with your BU Domain (CAS) login, including your 2FA authentication code
- Select "Ivanti Secure Access Client for Windows"
- Download and install the appropriate .msi file for your PC. If you have a recent computer with an Intel or AMD CPU, this is probably the 64-bit file. Otherwise, choose the 32-bit file or the ARM 64-bit file if you have an ARM CPU.
- Open the Ivanti/Pulse Secure program that was installed:
- Click the "+" button to add a connection.
- Choose "Policy Secure (UAC) or Connect Secure (VPN)", give a useful name to this connection (I use "BU VPN"), and enter
ssl.binghamton.edu
as the "Server URL". - If given an option, click "Remember this connection".
- Enter your CAS login credentials, wait for the system to authenticate, and observe that the status of your connection has a green checkmark and the word "Connected"
- Subsequent logins will only require you to choose your connection and enter your credentials.
- Connect to ssl.binghamton.edu
- Login with your BU Domain (CAS) login, including your 2FA authentication code
- Select "Ivanti Secure Access Client for Mac"
- Download and install the appropriate .dmg file for your Mac. Note that only a 64-bit version is available, so if you have an older MacOS than 10.10, you won't be able to get a VPN and need to contact ITC for an older version of the software.
- Open the Ivanti/Pulse Secure program that was installed:
- Click the "+" button to add a connection.
- Choose "Policy Secure (UAC) or Connect Secure (VPN)", give a useful name to this connection (I use "BU VPN"), and enter
ssl.binghamton.edu
as the "Server URL". - If given an option, click "Remember this connection".
- Enter your CAS login credentials, wait for the system to authenticate, and observe that the status of your connection has a green checkmark and the word "Connected"
- Subsequent logins will only require you to choose your connection and enter your credentials.
- Connect to ssl.binghamton.edu
- Login with your BU Domain (CAS) login, including your 2FA authentication code
- Select "Ivanti Secure Access Client for Linux"
- Download and install the appropriate file for your computer (either .deb for distributions such as Debian, Ubuntu, Mint, or PopOS; or .rpm for distributions such as Fedora, CentOS, or OpenSUSE). Note that only a 64-bit version is available, so if you have an older CPU, you won't be able to get a VPN and need to contact ITC for an older version of the software.
- Open the Ivanti/Pulse Secure program that was installed:
- Click the "+" button to add a connection.
- Choose "Policy Secure (UAC) or Connect Secure (VPN)", give a useful name to this connection (I use "BU VPN"), and enter
ssl.binghamton.edu
as the "Server URL". - If given an option, click "Remember this connection".
- Enter your CAS login credentials, wait for the system to authenticate, and observe that the status of your connection has a green checkmark and the word "Connected"
- Subsequent logins will only require you to choose your connection and enter your credentials.
Recent Windows have an SSH client for Powershell, often pre-installed. If you need to install Powershell, see Installing Powershell on Windows. To verify you have the Windows OpenSSH Client installed:
- Open Powershell
- Type the command
Get-WindowsCapability -Online | ? Name -like "openssh*"
. - If you see "State:Installed" in the output, you're set.
- If you don't see it installed, reopen Powershell as an administrator and type
Add-WindowsCapability -Online -Name openssh.client
then restart the computer.
MacOS comes with the OpenSSH client pre-installed. Open a terminal and use which ssh
to verify.
Linux distributions usually come with a ssh client pre-installed. Open a terminal and use which ssh
to verify.
SSH has many command line interface (CLI) options. For us, it is sufficient to use the following command:
ssh ldap-account@remote.cs.binghamton.edu
Note that we are now using our CS department LDAP account credentials, not the university CAS account credentials!
You will likely be asked to accept the SSH fingerprint the first time, this is normal and you can type "yes" to proceed.
If you want to know why, I recommend CS 558 (Introduction to Computer Security), where we talk extensively about how the SSH protocol works.
Finally, you should now see a command prompt for Remote placing you in your home directory (not your desktop, as you see when you first login at the lab. To get there, you need to run the command cd ~/Desktop
).
Your favorite text editor (i.e. Visual Studio) may have a SSH client built in. DO NOT USE THIS CLIENT, instead code locally and use SCP/SFTP to transfer the files to Remote. Why?
- They often keep persistent connections open even after you think you've logged out,
- They consume large amounts of bandwidth, more than an SSH connection normally would, because they cache large amounts of information,
- Those large cache files on the remote machine will overwhelm your limited home directory storage
This all leads to students denying themselves and their fellow students access to Remote. In 2022, we actually had an outage during the last week of classes when everyone was trying to work on their final project at the same time. This required the system administrator to do emergency after-hours work to reset the system, and everyone lost a lot of time waiting for him to complete the maintenance!
When a server runs an X server (as do most Linux distributions, like Debian, which is what Remote runs), it is possible to send GUI windows from Remote to your computer. Do this with caution: it requires much more bandwidth, and you will likely find the applications run much slower, particularly Visual Studio and other IDEs. Nontheless, it is an option.
You have two options:
- Install PuTTY and Cygwin and see the documentation to enable X11 forwarding
- Install XMing
Unfortunately, without a Windows computer, I cannot help you much more.
You have one option:
- Install XQuartz.
Note that you must start the XQuartz application each time you wish to run SSH with X11 forwarding. Personally, I've set it as a login item.
However, once you've started XQuartz, you don't have to use its terminal emulator "xterm".
If you choose to instead use the MacOS terminal application, you must set the DISPLAY
variable by adding the following line to ~/.bashrc
or ~/.zshrc
depending on your shell: if [ -z $DISPLAY ]; then export DISPLAY=:0.0; fi
See me if you have any questions.
Linux desktop distributions almost always come with an X11 server and client installed, and you do not need to do anything to start them.
Once we have our X client installed, two things change in our SSH usage.
- We now use either/or the
-X
and-Y
options to enable forwarding. Useman ssh
to see which enables X11 forwarding - When we open a program in the shell, we want it run as a background application so that we get control of our shell back after it starts. To do so, add
&
after the command that opens the program. For example:gedit hello.c &
We can move files from one computer to another using the scp program from coreutils.
The basic form of the command is scp [OPTIONS] source ... target
.
So for me to move three files from my lab laptop to my Downloads folder on Remote, I can use a command on my laptop's terminal like this:
scp /home/matthew/proj/main.c /home/matthew/proj/functions.c \
/home/matthew/proj/functions.h \
mcole8@remote.cs.binghamton.edu:/home/mcole8/Downloads
The breakdown of the last argument is this:
mcole8@remote.cs.binghamton.edu:/home/mcole8/Downloads
| | |
| | +-- the destination path on the server,
| | where the sources will be copied
| +-- the server domain
+-- my user name on the server
Unfortunately, unless my laptop has a permanent IP or a hostname on the network, I can't easily send a file in the other direction (e.g. from Remote to the laptop). For this, we'll use a SFTP program.
There are many SFTP clients out there. I like Filezilla because it is open source and cross-platform. Filezilla is already installed on Remote under "Applications > Internet". Installing and using it is mostly beyond the scope of this writeup, but fortunately the Filezilla client installation documentation is well written. However, I can give you the configuration that you need to enter once you start the application:
- Host:
remote.cs.binghamton.edu
- Username: Your LDAP account, e.g.
mcole8
- Password: Your LDAP password
- Port: 22
Once you connect, the left hand side is the computer running Filezilla, and the right hand side is Remote. Clicking on a folder in the upper pane causes the files and subdirectories in that directory to be shown. You can now drag and drop files in either direction and Filezilla will run the necessary commands to transfer them.
A typical workflow for a students looks something like this:
- Do some coding on a local text editor or IDE
- Build and test as necessary until satisfied.
- Open a VPN connection
- Use Filezilla to send the source files to Remote.
- Open an SSH connection
- Build and test the source files on Remote
- If everything works, exit the SSH connection and submit your code to Brightspace.
If you have any questions about any of this, or just want to know more about how something is working, email me or see me during office hours. Good luck and happy coding!