Network, DNS, and RSA - shannonhouck/mayhall-lab-manual GitHub Wiki

Set Up Static IP/DNS

A static IP allows you to log into your workstation securely from off-campus. Your workstation must be hooked up to an active ethernet port for this to work.

A DNS allows you to “name” your workstation on the network, so you can use ssh [email protected] instead of having to remember and type out the whole static IP address. It’s much more convenient! (Note that your DNS name will always have a .chem.vt.edu attached to the end of it.)

To set these up, do the following:

  1. Go to Settings > Network.

  2. In Network, you should see a Wired subsection. Click on the settings icon.

  3. Go to Wired > IPv4. Change method to “Manual” and fill out the fields in the Addresses and DNS subsections appropriately.

  4. Click “Apply” and you should be good to go!

Access The Workstation Remotely

If you have VPN or open port set up, or if you are on the eduroam network, you can access your workstation remotely by using a secure shell client, ssh.

$ ssh [username]@[workstation].chem.vt.edu

You may be prompted for a password. For Linux and MacOS systems, you shouldn’t have to do any additional installations for this program. For Windows systems, you may have to use PuTTY (MobaXTerm may also come with ssh pre-packaged, but I’m not sure).

VPN and Setting Up Ports

In order to access your computer remotely, If you have a Mac or Windows machine, there’s a nice VPN client provided by Virginia Tech. Instructions can be found on the Virginia Tech website:

https://www.nis.vt.edu/ServicePortfolio/Network/RemoteAccess-VPN.html

However, if you have a Linux machine, don’t want to deal with the hassle of a VPN, and/or want to stick it to the man, you may want to consider opening a port on your workstation. Someday, our IT department may consider this a security risk. Today is not that day.

You can check which ports are open using the following command:

$ netstat -antu | grep LISTEN

This should produce output that looks like this:

tcp        0      0 0.0.0.0:1011            0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:17500           0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:17600         0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:17603         0.0.0.0:*               LISTEN     
tcp6       0      0 :::80                   :::*                    LISTEN     
tcp6       0      0 :::1011                 :::*                    LISTEN     
tcp6       0      0 :::22                   :::*                    LISTEN     
tcp6       0      0 ::1:631                 :::*                    LISTEN     
tcp6       0      0 :::17500                :::*                    LISTEN

To SSH into a particular port, use the -p argument:

$ ssh [email protected] -p22

Port 22 is the default and as such is likely protected. You may need to open a port.

Setting Up RSA Keys

Click here for a useful tutorial on setting up keys. This will allow you to ssh into workstations and the ARC clusters without having to enter a password or go through the DUO authentication process.