Docstoc

2 Frequenty asked questions _FAQ_

Document Sample
2 Frequenty asked questions _FAQ_ Powered By Docstoc
					        Connecting to the VirtualRDC at CISER
                                     Lars Vilhuber
                                      May 10, 2006

  $Id: how-to-use-VirtualRDC.tex 53 2006-05-10 01:35:11Z vilhu001 $

                   An online version of this document is available at
              http://vrdc.ciser.cornell.edu/guides/how-to-use-VirtualRDC/


Contents

Contents                                                                                                                                         1

List of Figures                                                                                                                                  3

1 Using the VirtualRDC                                                                                                                            4
  1.1 Quick reference . . . . . . .      .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .    4
  1.2 Overview . . . . . . . . . . .     .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .    5
  1.3 Obtaining Software . . . . .       .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .    6
  1.4 First login . . . . . . . . . .    .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .    9
  1.5 Using NX . . . . . . . . . . .     .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   12
  1.6 Using VNC: SSH+VNC . . .           .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   21
  1.7 Making file transfers: SFTP         .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   29

2 Frequenty asked questions (FAQ)                                                                                                                29
  2.1 Where do I find support if I have problems? . . . . . . . . . . . .                                                     .   .   .   .   .   29
  2.2 I can’t log in . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .                                             .   .   .   .   .   29
  2.3 I get a black or a grey VNC screen . . . . . . . . . . . . . . . . .                                                   .   .   .   .   .   29
  2.4 My password is rejected by VNC . . . . . . . . . . . . . . . . . .                                                     .   .   .   .   .   30
  2.5 I forgot my password . . . . . . . . . . . . . . . . . . . . . . . . .                                                 .   .   .   .   .   31
  2.6 I get a ”Cannot open X display” message . . . . . . . . . . . . . .                                                    .   .   .   .   .   31
  2.7 What is this ’command line’ thing? . . . . . . . . . . . . . . . . .                                                   .   .   .   .   .   32
  2.8 I want to run SAS from the SSH prompt. It doesn’t work . . . .                                                         .   .   .   .   .   32
  2.9 But I still want to run SAS from the SSH or command prompt...                                                          .   .   .   .   .   32
  2.10 How do I launch SAS? . . . . . . . . . . . . . . . . . . . . . . . .                                                  .   .   .   .   .   32

                                                     1
VirtualRDC                                                              CISER-VirtualRDC

   2.11 I was told to write and edit files on the VRDC. How do I do that? . . . . 32
   2.12 NX is complaining about only allowing encrypted sessions. What do I do? 32
   2.13 NX login just disappears . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

A Using the SSH Windows client by SSH.com                                                 34
  A.1 First login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
  A.2 Using VNC: SSH+VNC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37




May 10, 2006                                                                            - 2-
VirtualRDC                                                                             CISER-VirtualRDC

List of Figures
   1    The PuTTY icon . . . . . . . . . . . . . . . . . .     .   .   .   .   .   .   .   .   .   .   .   .   .   .   .    9
   2    The Configuration Dialog, PuTTY . . . . . . . .         .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   10
   3    Verifying the identity of the server . . . . . . .     .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   11
   4    PuTTY Login screen . . . . . . . . . . . . . . .       .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   12
   5    The NX Connection Wizard . . . . . . . . . . .         .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   13
   6    Configuring a NX session . . . . . . . . . . . . .      .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   14
   7    Choosing the size of the NX windows . . . . . .        .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   15
   8    Finishing the NX connection wizard . . . . . .         .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   16
   9    Using NX to connect . . . . . . . . . . . . . . .      .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   17
   10   The VirtualRDC Desktop . . . . . . . . . . . . .       .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   18
   11   Leaving the NX session, version 1 . . . . . . . .      .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   19
   12   Leaving the NX session, version 2 . . . . . . . .      .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   20
   13   VNC server is not running . . . . . . . . . . . .      .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   22
   14   A VNC desktop is running . . . . . . . . . . . .       .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   23
   15   Finding the tunnel tab . . . . . . . . . . . . . .     .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   25
   16   Add tunnel dialog . . . . . . . . . . . . . . . . .    .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   26
   17   Tunnelled VNC connection . . . . . . . . . . . .       .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   28
   18   How to close the VNC session . . . . . . . . . .       .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   30
   19   The Quick Connect button, Secure Shell Client          .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   34
   20   The Quick Connect dialog . . . . . . . . . . . .       .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   35
   21   Verifying the identity of the server . . . . . . .     .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   36
   22   Password prompt . . . . . . . . . . . . . . . . .      .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   37
   23   Password prompt bug . . . . . . . . . . . . . . .      .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   38
   24   Saving the profile . . . . . . . . . . . . . . . . .    .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   38
   25   Editing the profile . . . . . . . . . . . . . . . . .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   39
   26   Finding the tunnel tab . . . . . . . . . . . . . .     .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   40
   27   Tunnel tab, adding a tunnel . . . . . . . . . . .      .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   41
   28   Add tunnel dialog . . . . . . . . . . . . . . . . .    .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   42




May 10, 2006                                                                                                               - 3-
VirtualRDC                                                         CISER-VirtualRDC

1     Using the VirtualRDC
1.1    Quick reference
    • The Virtual RDC is a cluster of Linux machines residing at CISER

    • Of primary interest is the 64bit Itanium node vrdc6401.ciser.cornell.edu

    • External access is limited to the SSH protocol

    • Using graphical desktops on VirtualRDC, using VNC

       1. Configure an SSH session to vrdc6401.ciser.cornell.edu that allows for tun-
          neling of a VNC session (Subsection 1.6). This is done only once.
       2. Set up a VNC session. Depending on the viewer you use, you may be able
          to save it (Subsection 1.6).
       3. In every day use, SSH connect to vrdc6401.ciser.cornell.edu, thus establish-
          ing a tunnel.
       4. Verify that you have a running VNC session
       5. Then connect to localhost using the VNC viewer on your computer.

    • Using graphical desktops on VirtualRDC, using NX

       1. Configure a NX session to vrdc6401.ciser.cornell.edu with encryption en-
          abled (Subsection 1.5). This is done only once. (note: NX takes care of any
          tunneling)
       2. In every day use, simply connect using the NX connect dialog.

Note that VRDC6401 also is called ’nero’. You will see references to Nero in the rest
of the document, but you can use both names interchangeably. However, the name
’nero’ will most likely go away in the near future.




May 10, 2006                                                                      - 4-
VirtualRDC                                                           CISER-VirtualRDC

1.2    Overview
The VirtualRDC is a Linux server within the CISER environment. Linux servers
are mostly administered separately from the Windows servers. In order to obtain ac-
cess, you need to request a login. At present, contact the VirtualRDC administrators
(virtualrdc@cornell.edu).
    The pilot VirtualRDC server is called vrdc6401.ciser.cornell.edu. It is a Itanium
test bed provided by Intel, a quad-processor Itanium with 16GB of memory. Its
primary purpose is to serve as a “Virtual RDC”, providing a development environ-
ment for applications and programs to be used within the RDC network on the large
Itanium-based servers. It will also serve to replicate results using synthetic data
produced within the RDC and released to the Virtual RDC.

      A note on vrdc6401: It is still very much a test and development machine.
      At present, logins are restricted to people having a need-to-access task, and
      the system may be rebooted quite often to test out new features.

    The only way to access these systems is by SSH, a secure protocol that serves as a
replacement for the old telnet. SSH provides security at both the login process and the
actual terminal session, both of which are encrypted. It can also provide compression,
accelerating any transfers made via SSH. Finally, it allows the creation of “tunnels”,
a method of transferring data between two systems that use other protocols. This is
similar to VPNs (Virtual Private Networks) on a per-application basis.
    Linux offers graphical desktops similar to Windows. The most commonly used are
Gnome (www.gnome.org) and KDE (www.kde.org). The VirtualRDC provides KDE
only. Modern implementations of these have often achieved a stability and user-
friendliness similar to, but not quite reaching the standards of Windows or Mac desk-
tops. When using the CISER Linux servers, you have the choice of restricting yourself
to the command-line, or using a graphical interface. How to set up and access the
graphical interface is described in Subsection 1.6.
    In the remainder of this document, we will describe how to use a graphical VNC
desktop on the Linux machines, either by using the SSH+VNC method (Section 1.6,
tunneling VNC through SSH, or by using the newer NX method (Section 1.5). Both
connnection methods rely on SSH for the connection, although this is transparent to
the user of NX.




May 10, 2006                                                                          - 5-
VirtualRDC                                                            CISER-VirtualRDC

1.3   Obtaining Software
SSH
The software needed is the widely available SSH client software. Several implemen-
tations are available for free for certain licensees (home and academic users in partic-
ular). The following is an (incomplete) list of available software. The first listed is the
one to be used in the illustrated examples, your mileage with the other SSH clients
may vary.

OS: Windows

       1. PuTTY (preferred) ( http://www.chiark.greenend.org.uk/˜sgtatham/putty/),
          free for all uses, SFTP client included, but for transfers, use WinSCP.
       2. WinSCP (http://winscp.net/), a SCP and SFTP Windows client providing
          similar functionality to SecureFTP, with some ability to sync directories.
          Used for transfers only.
       3. SSH Secure Shell for Workstations (http://www.ssh.com), Academic and Non-
          commercial use free, but government/commercial clients need a license; see
          Putty as an alternative. Includes SFTP client. At the time of writing, the
          latest version was 3.2.9 (direct link). Note: we no longer support use of this
          software. Please use PuTTY.
       4. SecureCRT (http://www.vandyke.com/), downloadable trial version, no free
          version, SFTP (SecureFX) client separate. At the present time, there seem
          to be some problems with this client.
       5. Entunnel (also http://www.vandyke.com/), downloadable trial version, no
          free version, tunneling capability ONLY (no terminal). Not tested.

OS: Linux/Unix

       1. OpenSSH (http://www.openssh.com/), all uses free, includes clients for SCP
          and SFTP transfers.
       2. SSH Secure Shell for Workstations (http://www.ssh.com), all uses free, in-
          cludes (command-line) SFTP client. Note: we no longer support this soft-
          ware. Please use OpenSSH.
       3. GFtp, a graphical client using the Gnome graphical desktop
       4. Konqueror, the standard navigator under KDE, has SFTP support in ver-
          sions 3.0.8+

OS: Mac OS X

       1. A command-line OpenSSH client is available by default on Mac OS X, and
          works the same as the OpenSSH version listed under Linux.

May 10, 2006                                                                          - 6-
VirtualRDC                                                         CISER-VirtualRDC

       2. Graphical clients exist, but we have not tested any. If you have any experi-
          ence, please let us know.

OS: Java

       1. Mindterm SSH client (http://www.appgate.com/mindterm/). A local copy is
          available at http://lservices.ciser.cornell.edu/ (password required)

VNC Client
From realvnc.com: “VNC stands for Virtual Network Computing. It is remote control
software which allows you to view and interact with one computer (the ”server”) using
a simple program (the ”viewer”) on another computer anywhere on the Internet. The
two computers don’t even have to be the same type, so for example you can use VNC
to view an office Linux machine on your Windows PC at home. VNC is freely and
publicly available and is in widespread active use by millions throughout industry,
academia and privately.”
    Most viewers are available for both Windows and other OSes from the same site,
so I don’t break out by OS here. I only list free clients and servers below. Also note
that most sites provide both the viewer and the server (or ’service’) component. You
only need the viewer.

   • TightVNC (preferred) (download from http://www.tightvnc.com/download.html)
     improves on the compression algorithm, and may allow for scaling of desktops.
     (direct link here)

   • RealVNC (download from here) is from the people who originally created it.

   • KDE (Linux only) comes with an integrated VNC viewer, look for “Remote Desk-
     top Connection” in the KDE menus.

   • There are several Mac OS X clients:

       – VNC Viewer
       – VNC Carbon
       – Chicken of the VNC

     A note: VNC should not be confused with what under Windows is called a
     “Remote Desktop Connection” or “Windows Terminal Services” (WTS). The
     two types of remote connections are incompatible with each other. WTS
     viewers exist for Macintosh and Windows computers (an unofficial one ex-
     ists for Linux computers), but only allow access to Windows servers.




May 10, 2006                                                                      - 7-
VirtualRDC                                                         CISER-VirtualRDC

NX client
From nomachine.com, with a bit of hype: “NoMachine NX is the Terminal Server for
Linux and Unix that is changing the shape of remote access and thin client comput-
ing.” There is a commercial and a free server implementation. The VirtualRDC uses
the free server implementation. Both are compatible with the commercial but no-cost
NX client. VirtualRDC users only need to download the free client from Nomachine’s
website at http://www.nomachine.com/download.php

   • Windows: http://www.nomachine.com/download client windows.php

   • Linux: http://www.nomachine.com/download client linux.php

   • MacOS X: http://www.nomachine.com/download client macosx.php. Some users
     have reported problems with the MacOS client. We are interested in your suc-
     cess rate. Please report both success and failure to virtualrdc-admin@cornell.edu.




May 10, 2006                                                                       - 8-
VirtualRDC                                                          CISER-VirtualRDC

1.4   First login
Regardless of the connection method you will use, NX (Section 1.5) SSH+VNC (Sec-
tion 1.6), or SFTP (Section 1.7), you will need to have available a SSH client. For the
SSH+VNC connection method, it is an integral part of the connection procedure. For
the NX and SFTP connection method, you will need the stand-alone SSH client only
for one thing: for the first-ever login, or after you have had your password reset. In
the examples below, we will use vrdc6401 for illustration. The procedures will work
in a similar manner for all other VirtualRDC nodes, only the host name will change
(e.g., instead of vrdc6401, you may be connecting to vrdc3201).

Initiating a session to VRDC6401
We will want to create a session configuration for vrdc6401. You only need to cre-
ate the session configuration once per node, afterwards, you will just use the existing
session profile to connect and establish the tunnel. The example uses PuTTy, instruc-
tions for using SecureShell are available in an appendix.

   • First, set up a standard session to vrdc6401. Double-click the PuTTY icon (Fig-
     ure 1), and you will get the PuTTY configuration screen. (Figure 2)

                                Figure 1: The PuTTY icon




   • Fill in the information:

        – Host Name: e.g. “vrdc6401.ciser.cornell.edu”
        – Port: 22 (as is)
        – Saved Sessions: “vrdc6401” (your choice of name, whatever you want to call
          it)

      Click on Save to save this profile, then Open to open a session (we will come
      back to this window later).




May 10, 2006                                                                       - 9-
VirtualRDC                                                CISER-VirtualRDC




               Figure 2: The Configuration Dialog, PuTTY




May 10, 2006                                                          - 10-
VirtualRDC                                                           CISER-VirtualRDC

   • If this is the first time you connect to vrdc6401.ciser.cornell.edu, then you will
     receive a PuTTY Security Alert, asking you whether you want to trust this
     server (Figure 3) This is fine the first time around, but if this occurs in later con-
     nection attempts, then it means either that changes have occurred on the server,
     or that you are not connecting to the server you thought you were connecting to
     (a so-called “man-in-the-middle” attack). The host key fingerprint should be one
     of the following two (May 10, 2006):

       vrdc6401:        8f:c4:59:bf:7b:f2:11:99:4c:a1:c7:6e:6d:4f:07:4f                     (dsa)
       vrdc6401:        e3:fb:d2:47:5f:5a:2d:6d:1b:c8:91:45:09:3a:e8:23                     (rsa)
       vrdc3201:        ff:55:e7:14:89:f5:c9:26:b1:8c:8f:52:71:73:8c:2a                     (dsa)
       vrdc3201:        f2:a3:4c:26:57:a0:95:10:90:99:88:a5:a3:90:e1:ad                     (rsa)


                    Figure 3: Verifying the identity of the server




   • Log in:
       – login as: (type your assigned VirtualRDC login name here)
       – Password: (type your password)
     You will then see the initial login screen (Figure 4)

Change the password the first time you log in
If this is the first time you log on, you will be immediately prompted to change your
password. Please do so. Use strong passwords!
   • You can now proceed with instructions for the connection method you have cho-
     sen: NX or SSH+VNC.


May 10, 2006                                                                        - 11-
VirtualRDC                                                         CISER-VirtualRDC


                           Figure 4: PuTTY Login screen




1.5   Using NX
Setting up NX
  1. Download the NX client for your system (see Section 1.3)

  2. Before going any further, if you are a first-time user of the VirtualRDC, or have
     just had your password reset, please follow the instructions in Section 1.4. Then
     return to here.

  3. Install the client. For windows, double-click the installer. On linux, use the
     system-specific tool, or simply type

       rpm -i {name of package}.rpm

  4. If not started automatically, start the NX Connection Wizard (Figure 5). Click
     on “Next”

  5. Give the session a name. You will use this name to find the configuration when
     starting NX the next time. A good choice is the short version of the system name
     (“vrdc6401”) or “VirtualRDC” (Figure 6).

May 10, 2006                                                                     - 12-
VirtualRDC                                                         CISER-VirtualRDC


                       Figure 5: The NX Connection Wizard




  6. Type the login node’s name in the “Host” field (“vrdc6401.ciser.cornell.edu”). The
     port should be left at “22”. On the slider, choose the speed of your internet
     connection. In most university and corporate environments, WAN should be
     fine. If you find the system non-responsive, you can later change it. Selections
     further to the left use more compression, resulting in slightly degraded image
     quality of your session, but better responsiveness (NX has been known to be
     used effectively over a dial-up modem).

  7. In the next screen, in the first selection area, leave the session defaults as is
     (“Unix”, “KDE” session).

  8. Select the size of the desktop you want to view. This depends on your monitor
     and how much of that monitor you want the NX window to take up.

  9. Important: Put a check mark next to ”Enable SSL encryption of all traffic”.

 10. You are almost done. If you wish to create an icon on your desktop, select the
     appropriate field. Then click on “finish.”




May 10, 2006                                                                      - 13-
VirtualRDC                                         CISER-VirtualRDC




               Figure 6: Configuring a NX session




May 10, 2006                                                   - 14-
VirtualRDC                                                     CISER-VirtualRDC




               Figure 7: Choosing the size of the NX windows




May 10, 2006                                                               - 15-
VirtualRDC                                                    CISER-VirtualRDC




               Figure 8: Finishing the NX connection wizard




May 10, 2006                                                              - 16-
VirtualRDC                                                            CISER-VirtualRDC

Connecting using the NX client
The setup wizard will take you directly to the connection window. You can also get to
this screen after having set up your session initially by clicking on the icon you created
on the your desktop, or by choosing the “NX Client” from the Programs Menu.

  1. Pick the session profile you want to use for connection. We will assume here
     that it is the session you configured in Section 1.5. Fill in the required other
     information:

        Login:    your VirtualRDC login name
        Password: your VirtualRDC password


                            Figure 9: Using NX to connect




  2. Click on Login.

  3. You will be connected, and will see your desktop (Figure 10) (if not, see the FAQ
     on 33). You can now interact with the VirtualRDC.

  4. To disconnect, use either the “Logout” option under the “N” (for Novell) logo
     (Figure 12) or by clicking on “x” in the top-right corner of your NX window frame

May 10, 2006                                                                         - 17-
VirtualRDC                                                           CISER-VirtualRDC


                        Figure 10: The VirtualRDC Desktop




     (Figure 11). You will be prompted in either case if you want to close/logout of the
     session.




May 10, 2006                                                                       - 18-
VirtualRDC                                                    CISER-VirtualRDC




               Figure 11: Leaving the NX session, version 1




May 10, 2006                                                              - 19-
VirtualRDC                                                    CISER-VirtualRDC




               Figure 12: Leaving the NX session, version 2




May 10, 2006                                                              - 20-
VirtualRDC                                                                     CISER-VirtualRDC

1.6    Using VNC: SSH+VNC
VNC can use many different ports, one per server. The standard configuration on the
server has one server per user.1 We will figure out which port to use in Subsection 1.6,
but we will work through the example with a standard port. Just keep in mind that
the port you will use will differ from the example.
   The following assumes that

   • a VNC connection is to be tunnelled

   • from client.anywhere.com, short: client

   • to vrdc6401.ciser.cornell.edu, short: vrdc6401

   • Port 22 (ssh standard) is open for at least outgoing connections on the firewall
     surrounding client.

   • No other open ports are necessary on vrdc6401

   • the VNC display (remote desktop) will be running on display 1.

      Note that the pictures may refer to “yeehaa.ciser.cornell.edu”. Please re-
      place with “vrdc6401.ciser.cornell.edu” where appropriate.




  1
    If the server gets rebooted, VNC sessions are killed. When restarting, you currently need to man-
ually restart your VNC server, and your port number may change. We are working on a fix.


May 10, 2006                                                                                    - 21-
VirtualRDC                                                           CISER-VirtualRDC

Log in for setup purposes
If you are setting up the VNC connection, then you should first login using SSH and
create a profile in your SSH client. Follow instructions in Section 1.4. Then return to
here.

Checking for an existing desktop
Always check if there is a VNC desktop running. The information about a running
server and its display number is provided every time you log on. You should check
that this corresponds to your configured tunnel:
   Upon first login, and after a reboot of the server, your login screen will look like
Figure 13, then you will want to start your VNC server as in Subsection 1.6.

                        Figure 13: VNC server is not running




   Otherwise you should output similar to Figure 14

Starting your personal VNC remote desktop
Normally, you only need to start a VNC desktop once. However, a VNC desktop does
not survive a reboot of the machine, and you will need to restart one if ever the server
is rebooted.

May 10, 2006                                                                       - 22-
VirtualRDC                                           CISER-VirtualRDC




               Figure 14: A VNC desktop is running




May 10, 2006                                                     - 23-
VirtualRDC                                                          CISER-VirtualRDC

   To start the VNC remote desktop, log in to vrdc6401 using SSH, and issue the
command ’vncserver’. You should get output similar to:
                                 ˜
               testuser@vrdc6401:> vncserver

               New ’vrdc6401’ desktop is vrdc6401:1

               Starting applications specified in /home/testuser/.vnc/xstartup
               Log file is /home/testuser/.vnc/vrdc6401:1.log


   Note that if this is the first time you run ’vncserver’, then you will be prompted to
create a VNC password:

                                 ˜
               testuser@vrdc6401:> vncserver

               You will require a password to access your desktops.

               Password:


   This password is managed separately from your normal login password, but you
may choose to enter the same password as your normal login password. You will also
be given the option to create a view-only password. You can safely say no to this
option (advanced users can consult the TightVNC website).

What port does VNC use? What is a display?
VNC typically has one server per user running. It also typically assigns desktop (or
“display”) numbers in sequence, starting with ’1’ for the first instance created, as in
the example in Subsection 1.6. To each desktop corresponds a port number. The port
number is computed as port= display + 5900. So in the above case, the VNC server is
listening for connections on port 5901.




May 10, 2006                                                                      - 24-
VirtualRDC                                                         CISER-VirtualRDC

Creating a tunnel for VNC
   • After disconnecting from your session (by typing “exit”), PuTTY will close. Open
     PuTTY again. In the “Saved Sessions” section, choose the name you saved ear-
     lier (Section 1.4, where you may have called it “vrdc6401”, see Figure 2), and
     click on Load.

   • In the left pane, choose the “SSH -¿ Tunnel” option (Figure 15).

                         Figure 15: Finding the tunnel tab




May 10, 2006                                                                    - 25-
VirtualRDC                                                                        CISER-VirtualRDC

   • Fill in the required information:(Figure 16)

         – Source Port: 59012
         – Destination: “127.0.0.1:59xx”3 where xx, the Destination Port, should be
           port = display + 5900, where display is the desktop number of your VNC
           session, which you identified in Subsection 1.6. Do not use the number in
           the Figure - the number is specific to you, and needs to be read off your
           login screen.


                                  Figure 16: Add tunnel dialog




   2
     The Listen port is in fact arbitrary, but should be “close” to 5900. One suggestion is to use an
algorithm: ListenP ort = display + 5900 + of f set where of f set = 50 or some other positive number. You
are safe to simply use of f set = 0 if this is the only tunneled VNC session that you have.
   3
     Do not use “vrdc6401.ciser.cornell.edu” or “localhost” for the destination system!




May 10, 2006                                                                                       - 26-
VirtualRDC                                                           CISER-VirtualRDC

   • Click “Add” to save the information (it should show up in the pane listing all tun-
     nels). Now go back to the “Session” option in the left pane (you should get back
     the configuration options as in Figure 15), and click Save to save the session
     configuration. You are finished editing this session profile.

   • You are now set to initiate the tunnel. Click on the session you wish to use, click
     on Load to load the settings, then Open to make the connection.




May 10, 2006                                                                       - 27-
VirtualRDC                                                          CISER-VirtualRDC

Connecting to your VNC remote desktop
We now need to initiate the connection to the VNC remote desktop. The example is
based on the Linux client - the procedure is the same for the Windows client. We will
assume that your desktop is ’1’ and that you used the algorithms for remote and local
port described above.

   • As the destination host (“VNC server” or “Remote desktop”), enter “localhost:Desktop.
     The desktop number you will be using should correspond to Desktop = ListenPort
     - 5900, where ListenPort was configured in Subsection 1.6.

   • In our example, enter “localhost:51” in that dialog. Click on “Connect”, and the
     connection will be established via the tunnel previously created.

                        Figure 17: Tunnelled VNC connection




   • Although some clients do not provide for a way to save sessions, previous ses-
     sions are typically accessible in a connection history.

   In essence, the VNC software thinks it is connecting to a computer with the named
address “localhost”, which is actually redirected to the computer in the tunnel created
above (in this case, vrdc6401.ciser.cornell.edu.




May 10, 2006                                                                      - 28-
VirtualRDC                                                         CISER-VirtualRDC

1.7    Making file transfers: SFTP
The above connection methods do not allow you to transfer files onto and off the Vir-
tualRDC compute nodes. To do so, you will need a client capable of SFTP (or SCP, an
older protocol) transfers. For Windows users, the simplest software to use is the free
WinSCP client (see above for download links, in Section 1.3). Download and install
the client software.
   Connection using the WinSCP client is simple, and very similar to the PuTTY soft-
ware. Once connected, depending on the initial interface chosen, you either have a
two-pane window or a single-pane window. If using the single-pane window, you sim-
ply drag-and-drop remote files onto your desktop as you would between two Windows
Explorer windows. If using the two-pane window, you transfer files by drag-and-drop
between the two panes. More details are available on the WinSCP Getting Started
Page.


2     Frequenty asked questions (FAQ)
2.1    Where do I find support if I have problems?
First, check the remainder of this document. If you don’t find your answer here, try
the CISERWiki. Finally, you can ask the VirtualRDC technical support for help.


2.2    I can’t log in
Many of you have had problems logging in the first time round. The passwords that
are sent out by the account creation program are quite long and complicated. That
is in part on purpose: you should change the password as soon as possible. The
command to do that is

      passwd

   when you are at the SSH prompt. You will be prompted to do so automatically at
first login.


2.3    I get a black or a grey VNC screen
Some of you successfully logged in, started the VNC server, and then came back the
next day to a black or grey screen. The typical reason is simple (this is not the only
reason this may occur, though). You logged out using the N-menu (Menu-¿Logout).
Understandable, and we will work to remove that option. In fact, you should leave
your VNC session active, and only kill the VNC client. In Figure 18, those of you
experiencing this problem presumably chose the red-circled ’Logout’ to exit for the
day. You should in fact choose the green-circled ”x” to close your VNC client. Your

May 10, 2006                                                                     - 29-
VirtualRDC                                                       CISER-VirtualRDC

VNC session will continue running, and you will then find the same desktop as on the
day before when you connect again using your SSH/VNC combination (this differs
somewhat from the real RDC, where you do need to log out. Those curious about the
reason for the difference can write to me off-list).

                     Figure 18: How to close the VNC session




   The solution is fairly straightforward: Restart your VNC session. At the SSH
prompt,
          vncserver -kill :<your_VNC_number>
          vncserver :<your_VNC_number>
This will restart your VNC session with the same number as before.

2.4   My password is rejected by VNC
If your password is rejected by the VNC client, you might be using your SSH pass-
word. The SSH and VNC passwords are not synchronized. Verify that you are using
the correct password. If you forgot your password, follow instructions in FAQ 2.5.

May 10, 2006                                                                   - 30-
VirtualRDC                                                            CISER-VirtualRDC

2.5    I forgot my password
   • If you forgot your SSH password, send an email to virtualrdc-admin@cornell.edu.

   • If you forgot your VNC password, at the shell prompt, type

        > vncpasswd

      and enter a new one.

2.6    I get a ”Cannot open X display” message
Some of you have tried to open SAS, xemacs, or kate from the ’command line’, without
success. Typical error messages are


ERROR: Cannot open X display. Check display name/server access authorization

ERROR: KUniqueApplication: Can’t determine DISPLAY. Aborting.


   The only application that launches is emacs, running within your SSH window (in
technical terms: in character mode, not GUI mode).
   I have tried to typically distinguish between a ’command line’ (the shell icon in the
taskbar) and the ’SSH prompt’, but may have been imperfect in that respect.

SSH prompt: You log in from your usual workstation (a Windows box, typically),
    using SSH. When successfully logged in, you are at a command prompt. We will
    call this the ”SSH prompt”

Command line A shell/terminal window/command line you opened within your VNC
   session.
      There are many ways you can open a command line in your VNC session. Your



      typical path will be to click the icon        in the taskbar.

    The difference between the two (for most people) is that within the VNC session at
the command line, you have a running X server: thus, if you launch ’sas’ from a com-
mand line within the VNC window, you will be successful, because the VNC window
is an X server. If you do this from your SSH window, you might be successful if you
happen to be running an X server on your workstation (Exceed, CygwinX, or a Linux
workstation). That being said, even if you did that, performance would probably be
slower than if you used the VNC client.

May 10, 2006                                                                       - 31-
VirtualRDC                                                         CISER-VirtualRDC

2.7    What is this ’command line’ thing?
See Question 2.6.

2.8    I want to run SAS from the SSH prompt. It doesn’t work
See Question 2.6.

2.9    But I still want to run SAS from the SSH or command prompt...
From the command line or SSH prompt (2.6), type ’sas lab4’ (assuming lab4.sas is
your program), and SAS will run (without GUI). You can then one of the editors (2.11)
to load and view the log and lst files.

2.10      How do I launch SAS?
You can invoke the SAS GUI from the N-menu (red N on green background: the
Novell/SLES logo): Click on ”N”, then ”VirtualRDC”. You should see SAS as one of
the options.

2.11      I was told to write and edit files on the VRDC. How do I
          do that?
You could edit your programs from within the SAS graphical interface (see Ques-
tion 2.10). That being said, the SAS Program Editor is not to be recommended under
Unix in general. The preferable way to program is to
   • write your program using other editors
   • submit your program as a batch job
   Editors can be found under N-¿Utilities-¿Editor. Your choice currently consists of
   • GNU Emacs
   • Kate
(both are graphical) and
   • vi
as a command-line editor for the hard-core Unix fans out there.

2.12      NX is complaining about only allowing encrypted sessions.
          What do I do?
Check Section 1.5, in particular Figure 7.

May 10, 2006                                                                     - 32-
VirtualRDC                                                     CISER-VirtualRDC

2.13   NX login just disappears
There is a known bug that seems to affect some combinatins of NX on Windows and
our server. We have not been able to nail it down. If you encounter this problem,
please switch to using the ’ssh+VNC’ (Section 1.6) method.




May 10, 2006                                                                 - 33-
VirtualRDC                                                         CISER-VirtualRDC

A     Using the SSH Windows client by SSH.com
A.1    First login
Initiating a session to VRDC6401
We will want to create a session configuration for vrdc6401, the current VirtualRDC.
You only need to create the session configuration once, afterwards, you will just use
the existing session profile to connect and establish the tunnel. The example uses
SecureShell, instructions for using PuTTy will be provided in the near future.

      Note that the pictures may refer to “yeehaa.ciser.cornell.edu”. Please re-
      place with “vrdc6401.ciser.cornell.edu” where appropriate.

    • First, set up a standard session to vrdc6401. In your SSH client click on the
      “Quick Connect” button (Figure 19 for SSH Secure Shell Client)

               Figure 19: The Quick Connect button, Secure Shell Client




    • Fill in the information (Host Name is “vrdc6401.ciser.cornell.edu”, your User
      Name, and the rest as is) (Figure 20).




May 10, 2006                                                                       - 34-
VirtualRDC                                           CISER-VirtualRDC




               Figure 20: The Quick Connect dialog




May 10, 2006                                                     - 35-
VirtualRDC                                                           CISER-VirtualRDC

   • If this is the first time you connect to vrdc6401.ciser.cornell.edu, then you will
     be prompted if you want to accept the identifying key provided by the server
     (Figure 21). This is fine the first time around, but if this occurs in later connec-
     tion attempts, then it means either that changes have occurred on the server, or
     that you are not connecting to the server you thought you were connecting to (a
     so-called “man-in-the-middle” attack). The host key fingerprint should be (May
     10, 2006):

             xuzak-likeh-nokod-gyrac-tutyb-dicib-
                    kosyb-medar-tusig-buvoh-tixex


                   Figure 21: Verifying the identity of the server




   • You will then be prompted to enter your password (Figure 22).

   • Currently, there is a “bug” in the connection, requiring you to click on “OK” a
     second time. (Figure 23)

   • Once connected, you have the option to save the settings to a “profile”. Give the
     profile a name (“vrdc6401” would be fine), and save. (Figure 24)




May 10, 2006                                                                      - 36-
VirtualRDC                                                          CISER-VirtualRDC


                            Figure 22: Password prompt




A.2   Using VNC: SSH+VNC
Creating a tunnel for VNC
   • After disconnecting from your session (by typing “exit”), click on the “Profile”
     button, and choose “Edit Profile...” (Figure 25). Choose the profile you have
     saved for this connection (you did save a profile in Subsection A.1, right?) Adding
     a tunnel cannot be done while you are connected, and you will need to reconnect
     to activate the tunnel.

   • Choose the profile just saved (i.e. “vrdc6401”) in the left panel, and click on the
     “Tunneling” tab in the right panel (Figure 26).




May 10, 2006                                                                      - 37-
VirtualRDC                                      CISER-VirtualRDC




               Figure 23: Password prompt bug




                Figure 24: Saving the profile




May 10, 2006                                                - 38-
VirtualRDC                                     CISER-VirtualRDC




               Figure 25: Editing the profile




May 10, 2006                                               - 39-
VirtualRDC                                         CISER-VirtualRDC




               Figure 26: Finding the tunnel tab




May 10, 2006                                                   - 40-
VirtualRDC                                                                        CISER-VirtualRDC

   • Click on “Add...” to add another tunnel connection. In the resulting dialog (Fig-
     ure 27)

                            Figure 27: Tunnel tab, adding a tunnel




   • Fill in the required information:

         – Display Name: An arbitrary name to identify this tunnel (i.e. “Virtual-
           RDC”)
         – Type: Choose “TCP” (the default)
         – The Listen Port should be 5900 + display + of f set. In the example, we are
           using of f set = 504
         – The Destination Host should be “127.0.0.1” and not “vrdc6401.ciser.cornell.edu”
           or “localhost”.
   4
    The Listen port is in fact arbitrary, but should be “close” to 5900. One suggestion is to use an
algorithm: ListenP ort = display + 5900 + of f set where of f set = 50 or some other positive number. You
are safe to simply use of f set = 0 if this is the only tunneled VNC session that you have.



May 10, 2006                                                                                       - 41-
VirtualRDC                                                          CISER-VirtualRDC

       – The Destination Port should be port = display + 5900, where display is
         the desktop number of your VNC session, which you identified in Subsec-
         tion 1.6.


                            Figure 28: Add tunnel dialog




   • Click “OK” to accept, and “OK” on the profile display to finish editing this profile.

   • You are now set to initiate the tunnel. Click again on the “Profile” button (see
     Figure 25), and choose the profile you just modified “vrdc6401”. Log in using
     your password, and the tunnel is established.




May 10, 2006                                                                      - 42-

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:0
posted:2/1/2013
language:English
pages:42
xuxianglp xuxianglp http://
About