Last updates: Fri Aug 28 16:59:04 2020
This FAQ discusses use of two or more computers or desktops at the same time. It is important to remember that any files that you save from a VPN-connected browser are on your client machine, not on some University of Utah system. However, files saved from inside a remote desktop are on the campus fileserver used by the RDP compute server. Make sure that you understand which environment you are in when you save files, so that you can easily find them later!
Other FAQs that provide more background, details, and examples for the topics discussed here include files, login, software, wired network access, and wireless network access.
Why do I need remote access?
The Internet potentially makes it possible for any pair of computers to communicate, independent of their physical locations. However, some campus resources, such as commercial software and library databases, are licensed products where it is common to permit access from machines within the campus or department network, but not from machines outside. In order to access those resources legally, you must use them from campus machines, or at least from within the campus network, via a virtual private network (VPN) or remote desktop (RDP). Later answers in this FAQ show how to do that.
How do I connect with secure shell?
For computers that run a Unix-family operating system (which includes Apple macOS, DragonFlyBSD, FreeBSD, Linux, NetBSD, OpenBSD, OpenIndiana, Solaris, and many others, but not normally Microsoft Windows), all that is needed is a secure shell (ssh) connection from a remote machine to one of the departmental machines that is available to all users with Department of Mathematics accounts.
All traffic on an ssh connection is encrypted end to end with strong public-key cryptography used for initial key exchange for any of several symmetric key algorithms, and random new encryption keys are regenerated periodically, according to time-in-use for the current key, and amount of data transmitted. It should be resistant to almost any attack, including by hostile nation states.
For Microsoft Windows, there are several possibilities, all under active development for several years, and believed to be reliable and usable for years to come:
To provide more reliable service, rather than connect to a specific machine whose hostname you are familiar with, it is better to use a generic hostname that stands for any one of a pool of several physical machines. That way, if a machine that you used previously happens to be down, you still get access to another pool member. Your login directory that holds all of your personal files resides on a central replicated fileserver, with frequent snapshots and daily backups, so no matter which machine you compute on, your files remain accessible. Here is how you do that:
% ssh email@example.com Password: ************
You are now logged in via a secure encrypted connection, just as if you had logged in on a laboratory or office computer. The main difference is that you are in a terminal window where you can run normal Unix commands, rather than in a graphical-user interface (GUI) desktop. You can still run programs that normally display a separate window, such as LibreOffice, Maple, Mathematica, Matlab, Octave, and RStudio, as long as your ssh connection supports X11 window forwarding. You can check whether it does with by examining the value of the DISPLAY variable. If X11 forwarding is working, you see something like this:
% echo $DISPLAY localhost:116.0
If X11 forwarding is not working, you instead see
% echo $DISPLAY DISPLAY: Undefined variable.
If there is no X11 connection, simply logout and log back in with the -Y option that requests trusted X11 forwarding:
% ssh -Y firstname.lastname@example.org Password: ************
The X11 Window System was designed in the 1980s, long before wide area networking was common, and was consequently not optimized to keep the number of network packets small. If you are on a slow network with low bandwidth, or long latency (time for a round trip of a single network packet), X11 windows may be sluggish, and perhaps even nearly unusable.
You can test your network speeds at the Web site http://www.speedtest.net. With network service providers in Salt Lake City, you might see latencies (the PING report) of 10 to 20 milliseconds, download speeds of 25 Mbps (megabits per second) or higher, and upload speeds that are similar, or perhaps 30 times slower.
How do I connect with FastX?
If most of what you do expects a windowing desktop, then the FastX service is the recommended solution, because its communications protocols have been optimized for modern networks. FastX is a licensed product on the server side, but client side software is free. FastX is available both inside a Web browser, and via a standlone program that is installed on your client machine. Avoid the browser approach, both because of its lower performance, and because the browser may capture certain keystroke sequences that are needed for the program that you are running.
You can download and install FastX from this link. Navigate to your Downloads directory, run the installer, use the Search box to find its location, and for future convenience, create a link from there to the desktop, or the task bar. The FastX icon on the desktop is a black X with a surrounding ring of clouds.
Here is an example of running the standalone client from a terminal command line:
That pops up a small window with a three-stroke menu icon on the top left, and a plus icon on the top right. Select the plus icon, and choose either SSH (preferred) or Web. For a first-time login, that pops up another small window with five input boxes, only four of which you need to fill in:
Name * your label for this session Host * xrdp.math.utah.edu Port * 22 User * your Department of Mathematics username
The hostname shown there is a generic one for a pool of servers, and it does not matter which pool member you get because your login directory is common to all of them.
Once you have supplied the needed fields, press the Save icon in the lower right corner. FastX remembers your values for the next time that you run it.
A new window pops up with one or more large icons that are small versions of a remote desktop, each with a circled right-pointing triangle. Click on the triangle to connect.
You now have a working remote desktop that can be resized to your needs, and importantly, that recognizes cut-and-paste operations between windows within that desktop, as well as between them and other windows on your computer.
If you have already supplied session details, then clicking the plus icon puts up a small window with several icons, including Gnome, KDE, MATE, XFCE, Xinitrc, and xterm. Except for the last, they each provide a different remote desktop manager, and you double click to select the desired one. For xterm, you just get a terminal window on the remote machine, but from it, you can start programs that put up their own windows.
To exit from the remote desktop, use its normal logout method. Multiple desktop managers are available on our systems, and their logout and screen lock controls vary:
If your remote connection breaks for any reason, your remote desktop should normally be preserved when you resume the connection. Our servers are reliable and have emergency power backup, so they normally run nonstop for weeks or months. However, all computers, and networks, can fail, or get software updates that mandate rebooting. Thus, if you expect to return to a remote desktop later, make sure to save any work in progress before you leave it, just in case that desktop is later lost.
Most things work on a remote desktop like a local desktop, except that video may be somewhat jittery, and audio is not currently supported.
You can have more than one remote desktop at a time. That could be useful if you work in two or more departments, or you would like to do side-by-side comparison of different desktop managers, or you just like to restrict a desktop to a single project, but need to work on multiple projects at the same time, such as for different classes, or for administration / research / teaching.
If you already have a connection to a campus machine where you can run a Web browser, then you can also get a remote desktop inside a browser window by visiting this special URL: https://xrdp.math.utah.edu:3300/. However, for the reasons discussed earlier, that is not likely to be satisfactory for prolonged use.
The University of Utah Center for High Performance Computing provides further information about FastX (oriented to their systems, rather than ours) here. Near the beginning of that Web page is a link to a training video, Introduction to FastX, that may help you better understand what FastX does, and why it is useful.
How do I connect on a Virtual Private Network?
If you have already installed FastX, you can skip this section entirely: you do not need the VPN service at all.
The University of Utah central IT services gateway machine, vpn.utah.edu, provides a connection to the campus network on a Virtual Private Network (VPN) that gives your off-campus machine a temporary on-campus network address.
NB: To limit network bandwidth needs, the campus VPN blocks all video traffic; the preferred FastX approach does not.
Two-factor authentication is required to login to the VPN: you need both your UNID and password (unrelated to, and independent of, the Department of Mathematics username and password), and then you must respond to a Duo authentication request on a previously registered mobile device, or supply a multidigit token from a Duo key fob, to complete login. That is the same familiar procedure used by students to access coursework on Canvas, and other IT services, and staff and faculty to access Canvas, grading, payroll, personnel, and other services.
The first time that you connect to the campus VPN site in a browser, it puts up a Web page with download links for GlobalProtect clients for Apple macOS and Microsoft Windows. If your system is neither of those, the VPN solution cannot work. Otherwise, select the correct download, let it complete, then navigate to wherever you store downloaded files (typically Downloads on most systems), run the GlobalProtect64 installer, then use the Search box to find where the GlobalProtect executable was installed, and create a desktop or taskbar link to make it easy to find again. The GlobalProtect icon on your desktop is a world globe with a small checkbox.
Each time you run the GlobalProtect program, it produces a small popup window with a blue Connect button. Select that button to get a two-factor login request panel from campus IT, and authenticate. Once you have done so, your local browser appears to be inside the campus network, and you can access resources as if you were logged into a physical machine on campus.
How do I copy files between local and remote systems?
On all Unix-family systems, you can use the secure copy command, scp. It works just like a standard cp command, but allows source and/or destinations to be prefixed by user@host:
# Copies within local filesystem: % cp infile outfile % cp infile1 infile2 ... outdirectory # Copies between local and remote filesystem: % scp infile user@host:outfile % scp infile1 infile2 ... user@host:outdirectory % scp user@host:infile1 user@host:infile2 ... outdirectory % scp user@host:infile1 user@host:infile2 ... otheruser@otherhost:outdirectory
The user@ prefix can be omitted when the usernames on both ends are identical. The file and directory names can be absolute or relative pathnames if needed.
In each of those cases, complete files are transferred. Often, however, you want to replace a destination file with a rather similar source file. In that case, a better choice is the rsync command that uses a clever algorithm on both sides of the connection to traverse the files, comparing checksums of large blocks of data, until a mismatch is found, the differences are transferred, and checksumming is resumed. The argument syntax is the same as for scp, and the transfer time can often be hundreds to thousands of times shorter.
It is generally useful to add options to get a progress report (-v), preserve file timestamps and other metadata (-a), and use data compression for large transfers (-z). The author's favorite incantation then looks like this:
% rsync -vaz infile1 infile2 ... user@host:outdirectory
For more on file handling, consult our Files FAQ. It discusses how to set up convenient shorthands for ssh usernames and hostnames, to save typing, and increase accuracy. It also discusses recursive copying of entire directory trees.
Some users might prefer a graphical view with file icons, and use drag-and-drop actions. The long used tool on Apple macOS, fugu, for that feature is no longer maintained, and has been replaced by the free software tool FileZilla for which binary package downloads are available for all of the BSD family, plus Linux, macOS, and Windows. Here are instructions for starting a FileZilla session (the settings are remembered for future use):
Open the "Site Manager" Click on "New site", change the name from "New site" to "Math" (or whatever you prefer) Change "Protocol:" to "SFTP - SSH File Transfer Protocol" Enter for "Host:" - "xserver.math.utah.edu" Leave "Port:" blank Leave "Logon Type:" set to "Ask for password" Enter for "User:" - "your Department of Mathematics username" Leave "Password:" blank Click "OK"