There are many different ways to various systems and services remotely, and these notes aim to help cover some of them ...

None of these systems are maintained by CEMAC, and though we may be able to advise / assist with remote connections, we probably won't be able to do anything if these systems break!

• Considerations
• Email
• VPN
• SSH
• File Transfers
• Graphical Linux
• Windows Desktop
• ARC
• JASMIN
• Further Notes

During periods where lots of people are working remotely, it can increase the load on the systems used for remote access.

If there is work which you are able to complete without connecting in to the University, that may help reduce the load on the campus systems.

If working remotely, it is important to make sure anything you do is backed up regularly, for example if you are synchronising your work using git via a service such as GitHub or GitLab (there is a version of the Software Carpentry Git notes available here, if they may be of interest), or synchronising your files with the OneDrive service provided via the University's subscription to Office365.

There are some notes provided by central IT regarding OneDrive available here. If using a Linux system, you can use the rclone software to connect to OneDrive files. Instructions on how to configure. Note that, if you are setting up access on a remote machine, select "no" when it prompts about auto-config, so you can get the authorisation code on your local machine and copy it across. Then, to mount OneDrive, follow these instructions.

If connecting to a system on campus remotely, it is worth keeping an eye on how much resources your processes are consuming on busy machines (e.g. see-gw-01, foe-linux), for example using the top command.

The thing most likely to cause issues (other than unpredictable network problems, file server problems, power cuts ...) is if all of the system memory is used up, so it is worth keeping and eye on memory usage, otherwise these systems should be able to cope with large numbers of simultaneous users.

If you notice that a machine has hung up or become unresponsive, particularly it is a machine which may be used by a large number of people, if you are able to report the issue to central IT support ([email protected]), so any problems can be resolved as quickly as possible, that would be appreciated by everyone!

The University of Leeds email system is hosted by Microsoft's Office365 service. The University of Leeds IT documentation provides information for connecting from various mail clients and devices here.

The Office365 web interface can be accessed at https://office365.leeds.ac.uk.

IMAP server details:

IMAP access to Microsoft / Office 365 accounts has now been disabled ...

SMTP Server details

SMTP access to Microsoft / Office 365 accounts has now been disabled ...

Connecting IMAP and SMTP clients to Office 365 via davmail is possible, and will work with two factor authentication.

The University provides a service via a Juniper VPN device. Once connected to the University VPN, various on campus system can be accessed via the VPN connection.

The University of Leeds IT documentation regarding the VPN can be found here

There is a limit to the number of simultaneous connections which can be made to the University VPN, so when there are times when a large number of people may be working remotely, this limit may be reached and a connection will not be possible. It is good practice to make sure the connecting to the VPN is closed when not in use, and this will also help to avoid using licenses unnecessarily.

If using a Linux system, the OpenConnect software can be used to connect to the VPN, and this is available in the standard repositories for most Linux distributions, for example:

Most Linux distributions will have OpenConnect packages available in their standard repositories. Installation will vary depending on distribution, for example:

dnf package manger:

sudo dnf install openconnect

yum package manager:

sudo yum install openconnect

apt package manager:

sudo apt-get install openconnect

pacman package manager:

sudo pacman -S openconnect

Once the OpenConnect software is installed, a connection to the University VPN can be made from a shell. sudo privileges are required:

Before Nov 30th 2021

sudo openconnect -u username --juniper  vpn.leeds.ac.uk

After Nov 30th 2021 (works prior to this date as well)

sudo openconnect -u username --juniper -C "DSID=<DSID cookie>" uolvpn.leeds.ac.uk/connect

Replace username as appropriate.

You will need to obtain a Authorization cookie <DSID cookie> via your browser outlined below:

visit https://uolvpn.leeds.ac.uk/connect and enter your credential and follow Duo authorization steps.

You'll now be on a blankish page on your browser with an access cookie stored.

firefox

1. Press Ctrl+Shift+C to bring up a console
2. click storage tab
3. then from the cookies dropdown select https://uolvpn.leeds.ac.uk/connect to reveal the cookies
4. Copy the value from the cookie named DSID

Chrome

1. Press Ctrl+Shift+C to bring up a console
2. click application
3. expand the storage panel
4. then from the cookies dropdown select https://uolvpn.leeds.ac.uk/connect to reveal the vpn cookies
5. Copy the value field from the cookie named DSID

For information on how to do this on Edge and Safari please refer to these info pages (Edge, Safari) following similar steps as above)

This value should be copied and pasted to replace <DSID cookie> in the below command in your terminal

sudo openconnect -u username --juniper -C "DSID=<DSID cookie>" uolvpn.leeds.ac.uk/connect

There will be some informational output as the connection is made, and a prompt for the Leeds password will be presented. The connection to the University VPN should then complete, but the process will remain in the foreground until the connection is broken.

To break the connection from the VPN, press Ctrl+C in the shell.

more information on using openconnect can be found here

There is a centrally provided system named remote-access.leeds.ac.uk, which can be connected to via SSH by (I think) anyone with a University of Leeds username and password.

The remote-access system is intended only to be used as a gateway to connect on to other systems in the University, and does not have access to any networked storage.

The Earth and Environment systems which will be accessible from remote-access are:

• see-gw-01 (Staff and postgraduate students)
• foe-linux

Connecting to foe-linux name (e.g. ssh foe-linux) will open a session on one of these machines, which can also be connected to directly:

• foe-linux-01
• foe-linux-02
• foe-linux-03
• foe-linux-04

The following Linux systems within Earth and Environment are accessible via SSH from outside the University network:

• see-gw-01
• foe-linux-01

SSH access to these systems from outside the University network is available only to those usernames for which access has been requested.

SSH access to these systems can be requested by contacting the central IT support folks.

Once connected to the VPN, the following Linux systems within Earth and Environment are accessible via SSH:

• see-gw-01 (Staff and postgraduate students)
• foe-linux

Connecting to foe-linux name (e.g. ssh foe-linux) will open a session on one of these machines, which can also be connected to directly:

• foe-linux-01
• foe-linux-02
• foe-linux-03
• foe-linux-04

There are some further notes regarding connecting to Earth and Environment systems via SSH on the central IT web pages here.

Some SSH useful configuration options can be set on remote machines to make connecting to systems within the University more simple.

The SSH configuration file is located at ~/.ssh/config, and if the file does not exist, it can be created, and will then be used by the SSH program.

If using a Linux or Apple computer, SSH client programs will most liekly already be installed. If using a Windows system various SSH client programs are available, such as Putty and MobaXterm. The MobaXterm program provides a shell from which the ~/.ssh/config file can be created (you may need to make sure that the persistent home directory setting is enabled in the configuration options).

If your username was earzzz, and you wanted to connect to the system system-999 within Earth and Environment via the host see-gw-01.leeds.ac.uk in a single command, an entry could be added to the ~/.ssh/config file such as:

Host system-999
  ProxyJump [email protected]
  User earzzz

This would enable the command ssh system-999 to be run on the remote computer, which would then connect through see-gw-01 to system-999 using the correct University username.

The SSH configuration file is also used by other SSH based tools, such as scp or rsync, so in this example it would also be possible to run commands such as scp system-999:/path/to/file .

Where possible, it might be more suitable to use services such as GitHub, GitLab, or OneDrive where possible, for synchronising files between different machines.

There are some notes provided by central IT regarding OneDrive available here. If using a Linux system, you can use the rclone software to connect to OneDrive files, notes here.

SSH based file transfers, using programs such as scp or sftp, or graphical tools such as FileZilla or WinSCP, as restricted by the same restrictions as mentioned as above - request has to requested for direct SSH access to see-gw-01 and foe-linux-01, and see-gw-01 as well as the foe-linux systems can be accessed once connected to the VPN.

It is worth noting that file transfer speeds from VPN connections can be quite slow ...

Once connected to the VPN, it is possible to access storage systems within the School via Windows file shares.

When accessing files via the Windows shares, it is likely that you will be prompted for credentials to access the files, and will need to enter your username in the for DS\username.

To access your home directory files, the file server will either be see-fs-01, see-fs-02 or foe-fs-01 - if you run echo ${HOME}, that should provide the answer.

From a remote Windows system, the path to the home directory files will be \\file-server.leeds.ac.uk\username. If your username is earzzz and your home directory is located on the file server see-fs-01, the path to your home directory files would be:

\\see-fs-01.leeds.ac.uk\earzzz

In Windows, the file share path can be entered in to the address bar of a file browser window, or it is also possible to map a network drive to the location.

From an Apple or Linux system, the same files should be accessible via the path:

smb://see-fs-01.leeds.ac.uk/earzzz

From an Apple computer, the path can be entered in to the options within Finder > Go > Connect to server. From a Linux desktop session, it should be possible to enter the path in to the address bar of a file browser (provided all required components are installed).

Access to the large volume file systems in the Faculty (where the file systems are usually named in a similar form to a999), is available via the file server envdfs.leeds.ac.uk.

For example the files system a999 should be available from a Windows system using the path:

\\envdfs.leeds.ac.uk\a999

or from an Apple or Linux systems using the path:

smb://envdfs.leeds.ac.uk/a999

Connecting to Linux via SSH with X11 forwarding enabled (ssh -X, ssh -Y) will allow any graphical output from programs to be displayed. You will need to remember to add the SSH option (-X, -Y) if connecting onwards to other hosts.

Though this method works, performance is generally quite poor when working away from campus.

The foe-linux systems within Earth and Environment have X2Go software installed, which handles graphical output efficiently, and is recommended for working remotely with graphical programs.

There are some notes on how to get connected on the central IT web pages here.

X2Go makes connections via SSH, so the same restrictions on SSH connections as mentioned above apply. If a connection to the University VPN is made, it should be possible to connect to any of the foe-linux systems from the X2Go client.

If you do not wish to load a whole desktop session remotely, a terminal can be selected as the session type. Within the session configuration set Session type to Single application and select terminal from the drop down menu.

The X2Go software includes capability for tunneling the connection via a gateway SSH server, which can be useful if there are issues connecting to the VPN ...

For example, if you wished to connect to one of the foe-linux machines, you could tunnel the connection via the central SSH gateway remote-access.leeds.ac.uk.

In the X2Go session preferences, selecting the Use Proxy server for SSH connection option will the relevant settings, where the Type should be set to SSH, and the Host can be set to remote-access.leeds.ac.uk. The Login option also needs to be set, but selecting the Same login as X2Go Server and Same password as on X2Go server options should be appropriate for University system.

If for any reason, you have a X2Go session running on a remote machine which will not reconnect, it may be necessary to log in to the remote machine via SSH and kill all of your processes before starting up a fresh X2Go session.

One reason why a remote X2Go session may get in to a state where it is not possible to reconnect is the session has been running for some time without any active connection, as after roughly two weeks some of the temporary files which are used by the session will 'expire'.

If you know that you will not be reconnecting to a session for more than a week or so, it's best to log out of the remote machine, if possible.

To kill X2Go processes running under your username on a remote machine, if you first connect to the system via SSH, you can then run the command:

pkill -u ${USER} -f x2go

This should kill the X2Go session, and any processes which are running within the session.

If you wish to be a bit bore forceful, and kill all of your processes running on the remote machine, you can try:

pkill -u ${USER}

Once connected to the University VPN, it is possible to connect to the foe-linux systems via web browser at the address:

• https://www.see.leeds.ac.uk/linux/desktop/

There are further notes regarding this system available via the central IT web pages here.

It is possible to connect to a graphical VNC session on any of the School Linux systems, and things usually work quite well, though the set up process is a little bit fiddly.

This example would be for the username earzzz to connect to the remote Linux system system-999, connecting via the central SSH gateway remote-access.leeds.ac.uk, from a Windows ,achine, using the MobaXterm software.

To start the VNC server process connect to system-999 via SSH, and run:

vncserver :35

If you have not used VNC before, you will be prompted to set a password for you VNC session. Pick an unimportant password.

The vncserver command will start a VNC process running on system-999, which will keep running on system-999 until the machine is shut down, or it is killed, e.g.:

vncserver -kill :35

35 is a number from 1 -> 99, which sets the VNC server port, and as long as nobody else has a VNC process running on the same port, any should be fine.

Once the VNC server process is running, you can log out of system-999, and should only need to restart the vncserver process if the server is rebooted, or if you kill the process.

Create a new session in MobaXterm by clicking the session button, or from Sessions > New session

Select VNC.

Enter system-999.leeds.ac.uk in the Remote hostname ... box, and in the port enter 5900 + the number of the port you used in the vncserver command, which would be 5935 in this example.

In the Network settings tab, tick in the Connect through SSH gateway box, and for the Gateway SSH server, set the value to remote-access.leeds.ac.uk.

Enter your Leeds username in the User box.

Click the OK button, and if all is well, that should connect you straight through to the VNC session on system-999.

You should be able to disconnect from / reconnect to the session as you wish (unless the server is rebooted).

In MobaXterm, there is toggle scaling button which may help, as well as making the window as large as possible, hiding the sidebar, etc.

It is also posisble to set the geometry when starting the vncserver process.

It may be necessary to test a few different options to find the setting which works best for your screen size.

First, kill the running vncserver process (which will terminate all processes running in the VNC session):

vncserver -kill :35

The vncserver can then be restarted with a specified geometry:

vncserver -geometry 1200x800 :35

There are three Windows terminal servers within Environment, which are accessible via a remote desktop client, once connected to the VPN:

• foe-rdsh-01.leeds.ac.uk
• foe-rdsh-02.leeds.ac.uk
• foe-rdsh-03.leeds.ac.uk

Most / all (?) Windows systems should include a remote desktop connection client, for Apple systems a Microsoft remote desktop client should be available from the Apple 'App Store', for Linux systems clients such as rdesktop and xfreerdp can be used to connect.

When connecting to these machines, you may need to specify the username in the form DS\username.

If there are issues connecting to the VPN, it is possible to connect to the Windows terminal servers through a SSH tunnel.

If connecting from a Windows system, the MobaXterm has SSH tunneling functionality built in:

• Create a new session (Session > New session)
• Select RDP
• Enter the name of the machine to which you wish to connect in the Remote host box (e.g. foe-rdsh-02.leeds.ac.uk)
• Enter your username in the form DS\username in the Username box
• Select the Network settings tab, and tick in Connect through SSH gateway
• Enter the name of the Gateway SSH server (probably remote-access.leeds.ac.uk, see-gw-01.leeds.ac.uk or foe-linux-01.leeds.ac.uk)
• Enter your username (without the DS\ prefix) in the Network setting > User box

Click the OK button, and the session should connect, and be saved in your MobaXterm session list.

From a Linux system or an Apple system with the ssh program installed, there are various ways in which a tunnel can be created ... If your username was earzzz and you wished to create a tunnel to the Windows system foe-rdsh-01.leeds.ac.uk via the SSH gateway remote-access.leeds.ac.uk, you could run a command such as:

ssh -L 3389:foe-rdsh-01.leeds.ac.uk:3389 [email protected] cat

The -L option specifies the local port which will be forwarded to the specified port on the remote machine (local_port:remote_host:remote_port), [email protected] specifies the connection information for the SSH gateway host and the cat command is used to keep the connection open.

Once connected, the process will 'hang' in the terminal.

It should then be possible to point a remote desktop client at localhost, and the connect through to the remote Windows system.

Both the local and remote port are set to 3389 in this example, which is the default port for remote desktop connection, to make things slightly easier. If you select a different local port, e.g.:

ssh -L 8889:foe-rdsh-01.leeds.ac.uk:3389 [email protected] cat

you will need to specify this in your remote desktop client, connecting to localhost:8889 rather than localhost.

Once you have finished working on the remote machine, you can press Ctrl+C in the 'hanging' terminal to break the SSH connection.

The centrally provided Desktop Anywhere system provides an Environment which is more limited and generally worse performing than the Faculty Windows systems but may provide everything which is required for some work. The documentation is available here.

The University of Leeds ARC systems can not be accessed directly from outside of the University network.

The ARC systems can be accessed remotely by first connecting to the VPN, or by first connecting to a SSH gateway service to which you have access (e.g. remote-access.leeds.ac.uk, see-gw-01.leeds.ac.uk).

The central IT notes are available here.

The JASMIN web pages include lots of helpful information about how to connect to and use their systems.

It is worth noting that they have three login systems which are remotely accessible via SSH:

• login1.jasmin.ac.uk
• login2.jasmin.ac.uk
• login3.jasmin.ac.uk
• login4.jasmin.ac.uk
• cems-login1.cems.rl.ac.uk

The hosts jasmin-login1 and cems-login1 are configured to accept connections only from academic institutions - you wouldn't be able to connect directly to these systems from a computer at home.

However, it is possible to connect directly to jasmin-login2 from any remote connection. If you wish to connect directly to jasmin-login2 from a remote system, remember that you will need a copy of your SSH private key.

It is possible to connect to certain JASMIN system using the X2Go client, and there are some notes available here. The connection requires creating tunnels via SSH, and does work well enough, but may be too fiddly for some ... !

The central IT folks provide further notes on working remotely here.