This page will provide documentation and tutorials for utilizing SSH to more effectively connect to AOS systems. You must have a valid AOSID to connect to shared systems.

About SSH

In addition to establishing a secure connection to access a shell on a remote system (like connecting to AOS Lab Computers), port forwarding via SSH (SSH tunneling) creates a secure connection between a local computer and a remote machine through which services can be relayed. Because the connection is encrypted, SSH tunneling is useful for transmitting information that uses an unencrypted protocol, such as IMAP, VNC, or IRC.

Basic instructions for using SSH to connect to a remote system can be found here: Using SSH


Port Forwarding

This tutorial assumes you are using a Linux/Mac machine connected to the AOS network (called local) and are connecting to a machine in the department (called remote).

Step 1: Setting up the tunnel

From your Terminal program, run the following command:

ssh -L 8888:remote.atmos.ucla.edu:9090 localhost

After executing this command you will be promoted for your account's password to local. This command will create a tunnel from port 8888 on local to port 9090 on work. The tunnel is open as soon as you keep the terminal connection open. You can then open up other processes between your local and remote machine.

Hint - Local port forwarding lets you connect from your local computer to another server. To use local port forwarding, you need to know your destination server, and two port numbers. You should already know your destination server, and for basic uses of port forwarding, for a list of ports and their services see Wikipedia's Port List: https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers

In the above example you can direct your web browser to http://localhost:8888 and your browser will connect you to the web server running on port 9090 on remote.

Note - You must have a service running on port 9090 on your remote computer for this tutorial to work.


X11 Forwarding

X11 forwarding is one of the most common methods of launching graphical applications remotely.

username@localhost:~$ ssh -X username@remotehost

After logging in to remotehost, you may then launch whatever application you'd like

username@remotehost:~$ matlab

Or if you'll be working with a lot of graphical applications:

username@remotehost:~$ gnome-terminal 

Note - Sometimes on macOS if you close out of an X11 application your X11 session can be interrupted, causing the following error to be displayed: Can't open display: DISPLAY is not set To reconnect to a GUI application you will need to log off of the remote machine and reconnect.


VNC Tunneling (Remote Desktop)

Whereas X11 forwarding can grant you access to specific X11 applications, VNC tunneling can give you full access to the desktop environment running on a remote machine.

Note - In order to establish a VNC tunnel, the remote host must be configured to run a VNC server. Please contact AOS Support if you are unsure if the remote system you are attempting to connect to offers VNC access.

Part 1: Configuring VNC

  • Step 1: Ensure VNC server is running on the remote system:
    If you have not already started a inc session for your desktop you must first SSH into the remote system and launch vncserver.
    Note - The first time that you run vncserver, the command creates a default configuration and allows you to set a password for your connection. This password is distinct from your AOSID and will not be synchronized when you update your AOSID.
username@localhost:~$ ssh username@remotehost


username@remotehost:~$ vncserver
New 'X' desktop is remotehost.atmos.ucla.edu:1
username@remotehost:~$ vncserver -kill :1


Note - Pay attention to the number following the :. This will be the display number that you will be connecting to in a bit.

  • Step 2: Configure your desktop environment:
    username@remotehost:~$ vim ~/.vnc/xstartup
    ~/.vnc/xstartup
    #!/bin/bash
    xrdb $HOME/.Xresources
    startxfce4 &


    Hint - To save & quit vim type :x

  • Step 3: Relaunch vncserver with your new xstartup file
    vncserver
    New 'X' desktop is remotehost.atmos.ucla.edu:1

You can now disconnect from remotehost

Note - You'll only need to do Part 1 Steps 1 & 2 once. Step 3 will need to be repeated whenever the system is rebooted.


Part 2: Connecting to VNC

Now that you have a VNC instance running on remotehost, we can establish an SSH tunnel and connect to the graphical display on remotehost by using a VNC viewer installed on your local computer. Mac's come preinstalled with a VNC viewer, but if you're using a different operating system and are unsure whether you have a VNC viewer please contact AOS Support.

  • Step 1: Establish an SSH tunnel
    username@localhost:~$ ssh -L 5901:localhost:5901 -N -f remotehost
    username@remotehost's password: 
     
    username@localhost:~$

Note - the port :5901 will vary depending on what port number was assigned with you started the vncserver Part 1:Step2, ie. if you see a message: New 'X' desktop is remotehost.atmos.ucla.edu:5, you would use port 5905 rather than 5901.

  • Step 2: Launch the VNC viewer
    From a Finder window select Go > Connect to Server… in the connect to server window, enter:
    vnc://localhost:5901

    into the Server Address field and click Connect.

Note - Use the port number that you specified above.

  • Step 3: Enter the VNC password you set in Part 1:Step1.