Skip to content | Change text size

eSolutions home

Quick links
 

Linux Labs Remote Access

For access to Linux Labs software outside of the labs, there are two shell servers, ra-clay1.its.monash.edu.au or ra-clay2.its.monash.edu.au.

The remote access servers are a shared resource. Unfair or irresponsible use, or failure to observe the staff and student policies for acceptable use will lead to immediate loss of login privilege to the servers.

Supported Access Methods

The servers can only be accessed using SSH Protocol 2. The following are supported for accessing the servers. Do not use SSH1 clients, such as TeraTerm (TTSSH).

Use of unsupported SSH2 clients is the responsibility of the user.

Linux

  1. OpenSSH: Type ssh ra-clay1.its.monash.edu.au or ssh ra-clay2.its.monash.edu.au at a command line. One way to start the Terminal application in KDE: click the application menu button, choose System Tools, Terminal.

Mac

OSX clients only.

  1. OpenSSH: Use the Terminal application. Type ssh ra-clay1.its.monash.edu.au or ssh ra-clay2.its.monash.edu.au at the command line.
  2. Fugu (for file upload/download)

Windows

  1. PuTTY: Run PuTTY from the Start menu. Type in ra-clay1.its.monash.edu.au or ra-clay2.its.monash.edu.au in the Host Name box, and click Open.
  2. WinSCP (for file upload/download)

Known Issues

SSH Public Key Authentication

INFORMATION TECHNOLOGY SERVICES ONLY SUPPORTS PASSWORD ACCESS TO THE SERVERS.

THIS INFORMATION HAS SECURITY IMPLICATIONS. DO NOT DO THIS IF YOU CANNOT FULLY UNDERSTAND THE INFORMATION IN THIS SECTION. EXCELLENT KNOWLEDGE OF UNIX IS ASSUMED.

Due to the additional security of Kerberos and AFS home directories, and poor Kerberos and AFS support in OpenSSH, logging in using SSH public key authentication does not work completely. By following the steps below, you will be able to log in to the servers using public key authentication but not be able to write to your home directory immediately.

The SSH service on the servers does not support Kerberos 5 TGT passing, you will have to enter your Kerberos password at some stage to write or save files to your home directory.

The SSH service on the servers support AFS token passing, but this is useless because of the above point, so this option is switched off.

REMEMBER: the steps below will allow other users to read all your files which are not in the directories named private.

  1. cd $HOME; mkdir private
  2. Move all your private files to $HOME/private. Symlink any files that need be in $HOME to the real file in $HOME/private.
  3. cd $HOME/.ssh; mkdir private
  4. Except for authorized_keys, move all other files to the private directory and symlink them back to $HOME/.ssh
  5. fs setacl $HOME/.ssh system:anyuser rl
  6. fs setacl $HOME system:anyuser rl
  7. To test, leave your current session open and log in using a new session. Ensure that you log in with X forwarding switched off in your client, it will not have access to write the Xauth file.
  8. To write or save files to your home directory after successfully logging in using your public key, you must get a Kerberos TGT first by running kinit and then getting a service ticket for AFS by running aklog.

TeraTerm (TTSSH)

TTSSH is a Protocol 1 client. DO NOT USE TTSSH to access the servers.

If TTSSH is used, you will see this error:

External Links

ITS is not responsible for the contents at the links provided below.

http://www.openssh.com
http://www.chiark.greenend.org.uk/~sgtatham/putty.html
http://winscp.vse.cz/eng
http://rsug.itd.umich.edu/software/fugu