This page will walk you through the steps required to set up remote acces to MathLAN from your windows machine. There are quite a few steps, so follow the instructions carefully. If anything looks wrong to you, stop immediately and ask for help.
As you follow the instructions for this setup process, you’ll be running commands locally on your Windows machine, and on MathLAN through a remote connection. Local commands will look like this:
$ this is a command you should run locally
Remote commands will look like this:
$ this is a command you should run on MathLAN
Both types of commands begin with a $ prompt character;
this is there to distinguish lines you type in from output, which will not begin with a prompt.
Do not type in the prompt character.
Start the Command Prompt app (I recommend using the search bar to find it). Once the command prompt opens, run the following commands:
$ cd %systemdrive%%homepath%
$ ssh-keygen -t rsa
Accept the default file to save the key. You do not need to use a passphrase, although it is an extra layer of security that I often use. When you finish all the prompts, you should see a fingerprint and an “image” output. If you see something different, something has gone wrong and you should ask for help.
We’re going to send the key you generated to MathLAN so you can use them to authenticate in the future. To do this, we’ll start a remote MathLAN session, use copy–paste in that remote session to send the key files to MathLAN, and then configure your account to allow authentication with the key you generated.
Open a browser and go to https://remote.cs.grinnell.edu. Log in with your Grinnell username and password; you should not include “@grinnell.edu” in your username. You will have to approve a Duo push or opt to receive a security code by phone or text. Choose the one that works best for you, and finish logging in.
Once you are logged in, click the Launch Session button. Choose “XFCE” and click Launch. The session should start in a new tab. You may need to tell your browser not to block the pop-up. You may need to refresh the page a few seconds after it opens to get the actual session window.
Open a terminal window in XFCE. You can find this under the application launcher (the X with a mouse on it) named Terminal Emulator. In the terminal, run the command below to create a directory to hold your SSH keys.
$ mkdir -p ~/.ssh
Now run the following command:
$ gedit ~/.ssh/id_rsa.pub
A window should appear with a blank document. If the document you open is not blank, you must have set up public key encryption already. Ask for help so we can figure out what to do next.
Move your cursor to the top edge of the screen in the remote MathLAN session, and a small white toolbar should appear. Click the left-most icon that looks like two pieces of paper. This will open an interface that lets you copy and paste between your local machine and the remote session.
Back on your Windows machine, switch to the command prompt application and run the following command to open the key you just generated:
$ notepad .ssh/id_rsa.pub
In notepad, select the entire line (which should begin with “ssh-rsa”) and hit ctrl+c to copy it. Please double-check to make sure you select and copy the entire line.
Switch back to your browser, paste the copied key into the clipboard field (ctrl+v), and click Send to Remote. At least for me, there is no evidence that anything happened after you press the button, but it does work. Click the clipboard button in the top toolbar to hide this pop-up. You should return to the text editor on MathLAN.
Now paste the copied key into the text file. You can type ctrl+v or, if that doesn’t work, right click in the document and choose paste. Make sure the pasted line begins with “ssh-rsa”, and check the end of the line against the document you have open in notepad as well.
Click the Save button in the text editor on MathLAN and close the window. You might see an error from the text editor when you return to your terminal—this is normal and shouldn’t be an issue.
Switch to the terminal on MathLAN if you don’t already have it open. Now run the following command:
$ cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
Switch back to the Command Prompt in Windows. Now you will try to connect to MathLAN with your public/private key pair. Run the following command, with your username in place of USERNAME:
$ ssh USERNAME@ssh.cs.grinnell.edu
You should see a message that looks like this:
The authenticity of host 'ssh.cs.grinnell.edu (132.161.196.198)' can't be established.
ECDSA key fingerprint is SHA256:+5WE1geAqv+AW8IF1/ud9af03RFKydcvM2kAmFkpmo4.
Are you sure you want to continue connecting (yes/no)?
If the host fingerprint you see matches the one in the example above, type “yes” and press Enter to trust the host identity. You should receive a Duo push on your phone after a few seconds. Approve this login attempt.
You should now have a connection to MathLAN via SSH. If you see something different from the instructions, stop and ask for help. Run this command just to verify that you are on Linux:
$ uname
Linux
If everything worked as-expected, you can log out of the remote XFCE session and close your browser. Run this command to disconnect:
$ exit
MathLAN is configured with an SSH gateway—that’s the ssh.cs.grinnell.edu machine you just connected to.
This machine serves as a point for all connections, but you should not use it to run most programs on MathLAN.
In this section, we’ll set up your SSH connection to go through the SSH gateway and on to a physical machine that will work for this course.
Go to your Windows terminal.
Make sure you are no longer connected to MathLAN;
the line waiting for your input should begin with C:\Users\USERNAME>, and not USERNAME@shaw:~$.
If you see the latter command prompt, type exit to close your connection to MathLAN.
We transferred your public key to MathLAN so you could log in from off campus. Now we’ll need to transfer your private key as well, so you are able to connect from one MathLAN machine to another without a password. This is an unusual situation for public/private keys, and you wouldn’t normally transfer the private key to the server. To do the transfer, run the following command in your Windows terminal (replace USERNAME with your MathLAN username):
$ scp .ssh/id_rsa USERNAME@ssh.cs.grinnell.edu:~/.ssh/
You should be prompted with another Duo push, which you’ll need to approve.
Now we will re-connect to MathLAN. Run this command and approve the Duo push:
$ ssh USERNAME@ssh.cs.grinnell.edu
Now that you are connected to MathLAN, we will make sure that only you have access to your private key. Run the following command on MathLAN to remove read, write, and execute permissions for members of your group and other users:
$ chmod go-rwx ~/.ssh/id_rsa
Close your connection to MathLAN with the exit command:
$ exit
Now we’re going to add an SSH configuration file that will route your connections to MathLAN machines through the SSH gateway you’ve been connecting to.
In the Windows command prompt, run this command to open an ssh configuration file:
$ notepad .ssh/config
You’ll be asked if you want to create the file. Choose Yes.
Paste the following text into the file, replacing both instances of USERNAME with your MathLAN username:
# Computers in Noyce 3815 and 3819, plus a wildcard rule for all cs.grinnell.edu machines
Host bellman.cs.grinnell.edu blanch.cs.grinnell.edu bollee.cs.grinnell.edu burroughs.cs.grinnell.edu chapanis.cs.grinnell.edu delamain.cs.grinnell.edu even.cs.grinnell.edu fasenmyer.cs.grinnell.edu flowers.cs.grinnell.edu forsythe.cs.grinnell.edu frege.cs.grinnell.edu gill.cs.grinnell.edu goedel.cs.grinnell.edu harary.cs.grinnell.edu hollerith.cs.grinnell.edu householder.cs.grinnell.edu kleene.cs.grinnell.edu landin.cs.grinnell.edu mauchly.cs.grinnell.edu mccarthy.cs.grinnell.edu motwani.cs.grinnell.edu naur.cs.grinnell.edu noyce.cs.grinnell.edu peano.cs.grinnell.edu rasiowa.cs.grinnell.edu ritchie.cs.grinnell.edu rosser.cs.grinnell.edu stanhope.cs.grinnell.edu stockmeyer.cs.grinnell.edu strachey.cs.grinnell.edu tarski.cs.grinnell.edu taussky.cs.grinnell.edu turing.cs.grinnell.edu wang.cs.grinnell.edu wheeler.cs.grinnell.edu wijngaarden.cs.grinnell.edu wilkins.cs.grinnell.edu wilkinson.cs.grinnell.edu zermelo.cs.grinnell.edu *.cs.grinnell.edu
User USERNAME
IdentityFile ~/.ssh/id_rsa
ProxyCommand C:\Windows\System32\OpenSSH\ssh.exe mathlan-gateway -W %h:%p
# The SSH gateway
Host mathlan-gateway
HostName ssh.cs.grinnell.edu
User USERNAME
IdentityFile ~/.ssh/id_rsa
Save the file and close Notepad. You should now be able to connect directly to any machine on campus, and SSH will take care of routing that connection through the SSH gateway. Test it by connecting to a different machine:
$ ssh noyce.cs.grinnell.edu
You’ll be asked to approve the host fingerprint (say “yes”) and then you’ll receive a Duo push. Approve the push and make sure you end up on a Linux machine:
$ uname
Linux
Close the connection to the remote machine:
$ exit
You can now close the Windows terminal as well. You’re all set for remote connections to MathLAN.