====== Accessing GRU from home ======
===== grubin shell scripts =====
You can download some shell scripts that make it easy to do things like screen share and copy files from gru computers from home:
svn checkout http://gru.stanford.edu/svn/grubin grubin
Add the following to your shell path (e.g. in your .cshrc or .cshrc.mine file):
set path = ( $path ~/grubin )
Also, in your .cshrc or .cshrc.mine, you may want to put a line:
set gruDefaultHost=172.17.42.2
and replace 172.17.42.2 with the [[gruprivate:notes#ip_addresses|IP address of your work computer]]. This will make the commands default to using your own work computer.
The following commands are implemented.
- **grussh** SSH to your work computer from home. If you have gruDefaultHostname set, just type grussh, put in your password for gru.brain.riken.jp, then your password for you work computer and it will connect you to your work computer.
- **gruvnc** Screen share your work computer from home. If you have gruDefaultHostname set, just type gruvnc, put in your password for gru.brain.riken.jp, then your password for you work computer and it will bring up screen sharing.
- **gruls** List a directory on your work computer from home. If you have gruDefaultHostname set, just do: gruls Desktop. Otherwise, you can specify a computer: gruls terranova:Desktop.
- **gruscp** Copy files between your home and work computer. If you have gruDefaultHostname set, you can copy from your work computer to your home computer by doing: gruscp :Desktop/somefile homecomputerFile. Otherwise specify a computer: gruscp homecomputerFile terranova:Desktop/somefile.
- **grursync** Rsync files between your home and work computer. Works like gruscp but rsyncs files instead of scp.
- **gruhttp** This sets up your computer to access the network as if it is located in RIKEN. That way you can access journals etc. (This one only works on Mac OS X). It sets your System Preferences/Network/Advanced/Proxies to use a SOCKS proxy. Note that the default of the program is to set this for the "Airport" network service. If you are using some other network service like "Built-in Ethernet", you will have to specify in the command line which network service you are using for this to work.
- **gruafp** Mounts a drive of your work computer to your home computer.
Note that these commands can be used with a firewall other than gru.brain.riken.jp. For example, if you want to use golgi, you can add to your .cshrc
set gruFirewall=golgi.brain.riken.jp
==== SSH background process ====
Note that these commands start running an ssh process in the background on your computer. If you kill them while they are running (instead of letting them exit gracefully) they may leave that ssh process in the background and the next time you run, you will see errors like:
bind: Address already in use
channel_setup_fwd_listener: cannot listen to port: 7777
Could not request local forwarding.
To fix this you first go look for the processes using ps:
ps -A | grep -i ssh | grep -i gru
80888 ?? 0:05.11 ssh -l justin -L 7777:terranova:22 -CfN gru.brain.riken.jp
Then to kill the processes:
kill 80888
or to kill all ssh processes running:
killall ssh
===== Screen Sharing from home =====
If you want to Screen Share your work computer from home, you will need to do the following:
- Make sure you have a valid login for gru.brain.riken.jp (try: ssh gru.brain.riken.jp)
- Make sure that your __work computer__ has **Screen Sharing** and **Remote Login** turned on in System Preferences/Sharing and that your account has access to the function in the "Allow access for" panel. (see below for how to turn Screen Sharing on from the terminal). You should also click on "Computer Settings..." and choose either "Anyone may request permission to control screen" or "VNC viewers may control screen with password" and set a password.
- Make sure that your __work computer__ has **Wake for Ethernet network access** checked on in the __Energy Saver__ System Preferences.
- Use the function gruvnc or do the following:
- From your __home computer__, open up a terminal and type the following (replace terranova with your computer name)\\
ssh -L 1202:terranova:5900 -CN gru.brain.riken.jp
- **important notice: if your account name on the client computer(i.e. your home computer) is different from the one at gru server, you need to specify user name the server with -l option. For example, account on the server is "gru", while on the home is "bsi"**
ssh -L 1202:terranova:5900 -CN gru.brain.riken.jp -l gru
- Enter your password
- Form a web browser, enter the following address:
vnc://localhost:1202
What the above does is it tunnels through the gru server (which has a global ip address) and then sets your local port 1202 to map to the vnc port of your work computer (5900). So when you connect to vnc://localhost:1202 you are connecting to your local port 1202 which has been "tunneled" to your work computer.
Also, instead of using the Web browser in the last step, you can use the Screen Sharing application directly:
- Open up the Screen Sharing application (Found in /System/Library/CoreServices - you may want to find it using spotlight and then keep it in your dock).
- In the Connect to Shared Computer dialog enter
vnc://localhost:1202
Also, you can open Screen Sharing directly from the terminal by typing:
open vnc://localhost:1202 -a /System/Library/CoreServices/Screen\ Sharing.app/Contents/MacOS/Screen\ Sharing
==== Turning on Screen Sharing from a terminal ====
Finally, if you forgot to turn on Screen Sharing, but you can ssh into the computer, you can turn on Screen Sharing from the command line:
sudo sh -c "/bin/echo -n enabled > /Library/Preferences/com.apple.ScreenSharing.launchd"
in 10.6 (Snow Leopard):
sudo sh -c "/bin/echo -n enabled > /private/etc/ScreenSharing.launchd"
To disable Screen Sharing, just remove the file ScreenSharing.launchd
===== SSH from home =====
Basically you follow the same procedure for tunneling through gru to ScreenShare your computer:
- Make sure you have a valid login for gru.brain.riken.jp (try: ssh gru.brain.riken.jp)
- Make sure that your __work computer__ has **Remote Login** turned on in System Preferences/Sharing and that your account has access to the function in the "Allow access for" panel.
- Make sure that your __work computer__ has **Wake for Ethernet network access** checked on in the __Energy Saver__ System Preferences.
- From your __home computer__, run the function grussh or do the following
- open up a terminal and type the following (replace terranova with your computer name)
ssh -L 7777:terranova:22 gru.brain.riken.jp cat -
- Enter your password
- Now open up a new terminal tab/window on your home computer and do the following:
ssh -p 7777 localhost
===== Web browsing from home =====
You can use the RIKEN web connection from home so that you can download journal articles and access RIKEN restricted websites like common.brain.riken.jp. To do this, you can use the function gruhttp. To use gruhttp you may need to tell the program which network service you are using (Built-in Ethernet, Ethernet 1, Ethernet 2 or Airport). You can find this out by going to System Preferences/Network and seeing which service is being used. You may also be able to use the command (though I find this a bit flakey):
networksetup -listnetworkserviceorder
The default is to use Airport. If you want to change the default, in your .cshrc file add a line:
set gruNetworkService="Ethernet 2"
Then to start gruhttp do:
gruhttp on
When you are done it is a good idea to end it since it relies on an ssh tunnel running and if that ssh tunnel dies, your computer will not be able to connect to the internet:
gruhttp off
If you experience any trouble, follow the directions below for the Network settings and turn off "SOCKS proxy" and your computer should be able to connect to the internet normally again.
If you want to connect through a different computer (i.e. not gru.brain.riken.jp, but through a different University account for example), you can do:
gruhttp on janus.cns.nyu.edu
You can make the gruhttp connection manually by setting up a tunnel:
ssh -D 8080 -CN justin@gru.brain.riken.jp
Run the above (add the flag -f to makes it run in the background). It sets port 8080 on your local computer to send requests through gru.brain.riken.jp.
Now, you need to tell safari to use this local port for accessing the web. Go to Safari/Preferences/Advanced/Proxies/Change Setting... (you can also get to this from System Preferences/Network/Advanced/Proxies). Then click on the SOCKS Proxy and configure the proxy Manually to be localhost:8080:
{{:gru:proxysettings.png|}}
Click OK. Then click Apply from the Network panel. (Make sure to do both, otherwise the proxy won't be setup).
If the above worked ok, then you should be able to access common.brain.riken.jp from Safari. When you are done you can kill the ssh process (and all other ssh processes) by doing
killall ssh
And then turning off the SOCKS Proxy in the Network settings (remember to click OK **and** Apply.
You can also use this setup with Firefox, by setting up its SOCKS proxy in its Edit/Preferences/Advanced settings.
===== Passwordless ssh login to gru computers =====
- Create a public/private key pair on your **home computer** by running the command ssh-keygen -t rsa. You don't have to enter a passphrase, but it is probably better to do so. Mac OS X will allow you to store this in your keychain and so will only prompt you once when you first login to a gru computer for the passphrase. After that you will not need to enter your password or your passphrase.
- Save the public key part (.ssh/id_rsa.pub) to your **work computer** and to **gru.brain.riken.jp**. You can do this by copying the contents of .ssh/id_rsa.pub from your **home computer** to the file .ssh/authorized_keys on your **work computer** and to **gru.brain.riken.jp**