Remote Access

Logging in to optics.szfki.kfki.hu

Method 1: using secure shell

Use the SSH protocol to log in to optics.szfki.kfki.hu. From a Linux or Mac client, it is as simple as executing the shell command ssh optics.szfki.kfki.hu in a terminal window. Windows users may use PuTTY, a free ssh client (see its download page).

For Linux/Mac users

For Windows users

1. Start the ssh client PuTTY.
2. In Host Name (or IP address) type optics.szfki.kfki.hu
3. Click on Open and authenticate yourself with the name and password you use in the intranet for log-in.

Accessing the poultry farm

Most of the machines in the optics network are behind a firewall and, therefore, are not accessible directly from the Internet. To access these computers, you need to tunnel your connection through the gateway server optics.szfki.kfki.hu. Here are a few tips how to do this:

Method 1: Log-in only

If the only thing you want is to log in, you can simply log in to optics.szfki.kfki.hu first and then further to the selected host. Follow the instructions in the previous section, and than go further to another host in the poultry farm (e.g., pulyka.optics).

For Linux/Mac users

For Windows users

1. Start PuTTY (a free ssh client, see the download page).
2. In Host Name (or IP address) type optics.szfki.kfki.hu
3. Click on Open and authenticate yourself with the name and password you use in the intranet for log-in.
4. Type "ssh pulyka.optics" in the shell.

Method 2: SSH/SCP access via SSH tunneling

You can even copy your files using scp or sftp. The trick is that you tunnel your connection through optics.szfki.kfki.hu. First log in to optics.szfki.kfki.hu and forward the SSH port of pulyka.optics to your machine to a local port of your machine (say 2222). Than address yourself to your own machine through that local port.

For Linux/Mac users

yourpc:~$ ssh -L 2222:pulyka.optics:22 optics.szfki.kfki.hu sleep 1d &
Than you can log in
yourpc:~$ ssh -p 2222 -l remoteusername localhost
or even copy files
yourpc:~$ scp -P 2222 localfile.ext remoteusername@localhost:
Do not forget to kill your sleeping connection to optics.szfki.kfki.hu when you are done.

For Windows users

1. Start the ssh client PuTTY.
2. In Host Name (or IP address) type optics.szfki.kfki.hu
3. Go to category Connection->SSH->Tunnels in the left panel and set
   • Source port: 2222
   • Destination: pulyka.optics:22
   • then select Local and click on Add.
4. Click on Open and authenticate yourself with the name and password you use on the intranet.
5. Type "sleep 1d" in the shell on optics.szfki.kfki.hu to prevent automatic log-out, and leave the shell open.
6. Start another the ssh client PuTTY.
   1. In Host Name (or IP address) type localhost, in Port type 2222.
   2. Click on Open and authenticate yourself as you would do it in the intranet.
7. Or use WinSCP of Filezilla similarly.

Method 3: ssh proxy

When using the OpenSSH SSH client on Linux machines, another solution is to use the ProxyCommand option, and combine it with the netcat (nc) command.

For Linux/Mac users only

ssh -AX -o CheckHostIP=no -o ProxyCommand='ssh -ax -o ClearAllForwardings=yes optics.szfki.kfki.hu "nc %h %p"' pulyka.optics

Alternatively, you can add the following snippet to your ~/.ssh/config file on your machine, and connect simply by typing "ssh pulyka".

 HostName optics.szfki.kfki.hu
 ForwardAgent no
 ForwardX11 no
 ClearAllForwardings yes

 ProxyCommand ssh optics-tunnel 'nc -w 1 %h %p'
 ForwardAgent yes
 ForwardX11 yes
 CheckHostIP no

Accessing on-line journals

If you can't get access to subscription content via VPN, check this link: How to See If Your VPN Is Leaking Your IP Address (and How to Stop It)

Method 1: SSH tunnel + HTTP proxy

This method uses the Privoxy proxy server installed on optics.szfki.kfki.hu through an ssh tunnel. This is probably the easiest to set up, however, once activated all browser traffic is redirected through the proxy server, adding an overhead to browsing.

For Linux/Mac users

1. Log in with local port forwarding using the following command in the shell:
   ssh optics.szfki.kfki.hu -L3128:localhost:3128
   
   Alternatively, you can use
   ssh optics-http-proxy
   after adding this to your ~/.ssh/config file:
   Host optics-http-proxy
HostName optics.szfki.kfki.hu
LocalForward 3128 localhost:3128
   
2. In your browser's preferences (or in Gnome in System>Preferences>Network Proxy), select Manual proxy configuration, set localhost at port 3128 for HTTP proxy, and check Use the same proxy for all protocols.
3. Leave your ssh session open until you are done.

For Windows users

1. Start PuTTY (a free ssh client, see the download page).
2. In Host Name (or IP address) type optics.szfki.kfki.hu
3. Go to category Connection->SSH->Tunnels in the left panel and set
   • Source port: 3128
   • Destination: localhost:3128
   • then select Local and click on Add.
4. Click on Open and authenticate yourself with the name and password you use in the intranet for log-in.
5. In your browser's preferences (Tools>Internet Settings>Connections>Local Network Settings), check Use proxy server on local network, and set localhost at port 3128 for HTTP proxy.
6. Leave your ssh session open until you are done.

Method 2: SSH SOCKS proxy

This method uses ssh as SOCKS proxy server and does not require the HTTP proxy server to run. Therefore, it can be used not only with optics.szfki.kfki.hu, but with any SSH server within the kfki.hu domain. HTTP proxies are more HTTP-aware and do higher level filtering, while SOCKS proxies are bidirectional and can also forward UDP traffic.

For Linux/Mac users

1. Log in with dynamic port forwarding using the following command in the shell:
   ssh optics.szfki.kfki.hu -D 8080
   
   Alternatively, you can use
   ssh optics-socks-proxy
   after adding this to your ~/.ssh/config file:
   Host optics-socks-proxy
HostName optics.szfki.kfki.hu
DynamicForward 8080
   
2. In your browser's preferences (or in Gnome in System>Preferences>Network Proxy), select Manual proxy configuration, set localhost at port 8080 for Socks host, and leave all other protocols blank.
3. Leave your ssh session open until you are done.

For Windows users

1. Start PuTTY (a free ssh client, see the download page).
2. In Host Name (or IP address) type optics.szfki.kfki.hu
3. Go to category Connection->SSH->Tunnels in the left panel and set
   • Source port: 8080
   • then select Dynamic and click on Add.
4. Click on Open and authenticate yourself with the name and password you use in the intranet for log-in.
5. In your browser's preferences (Tools>Internet Settings>Connections>Local Network Settings), check Use proxy server on local network, then click on Special and set localhost at port 8080 for Socks proxy.
6. Leave your ssh session open until you are done.

3. The OpenVPN way

Journals that are accessible from within the kfki.hu domain can be accessed using the KFKI OpenVPN service as instructed on the SZHK webpage. This VPN service requires the same registration as the spam filtering service, which can be requested from the webmaster .

The major drawback of using the openvpn setup as instructed on the SZHK webpage is that all internet traffic will be routed through the KFKI network, adding significant overhead to browsing. My solution was to only add specific domains which should be accessible through the OpenVPN tunnel, and leave general internet traffic traverse directly. A significant advantage of this setup is that this Openvpn connection can even be made permanent, i.e., set up to load at boot time. Unfortunately, the recipe works only for Linux/Unix systems, and I'm not even sure that the exact same commands work for MacOS X...

The recipe is as follows. Setup your openvpn as instructed at SZHK webpage, you can save it, e.g., as kfki.conf. Then copy kfki.conf to kfki-journals.conf and make the following changes to it:

• Comment out everything related to DNS servers and resolve conf.
• Add the following lines at the end of kfki-journals.conf
  ##########
# Try to route only the necessary packets
#
# APS journals
route 209.133.34.0 255.255.255.0 vpn_gateway
# Scitation
route 192.58.150.35 255.255.255.255 vpn_gateway
# EISZ (www.eisz.hu)
route 193.6.21.4 255.255.255.255 vpn_gateway
# EISZ Web of science (wosportal.om.hu)
route 193.225.13.152 255.255.255.255 vpn_gateway
# Science Direct (www.sciencedirect.com)
route 198.81.200.2 255.255.255.255 vpn_gateway
  # IOP Journals (www.iop.org)
  route 193.131.119.37 255.255.255.255 vpn_gateway
  # Keep all the rest as they were
  route default net_gateway
  # Some routes get added by openvpn that cover up the default route
  # This little script will try to remove them
  route-up /etc/openvpn/kfki-journals.routefix.sh
  
• The following lines in kfki-journals.routefix.sh seem to do the job for me (make sure the file is set to be executable):
  @@# For some reason these routes get added by openvpn
  # They seem to actually cover up the entire default route
  route del -net 0.0.0.0 netmask 128.0.0.0
  route del -net 128.0.0.0 netmask 128.0.0.0
  

Editing the wiki pages

The pages in this site can be edited after authentication through the "Login" link in the top right corner (see PmWiki for instructions). However, log-in is allowed only for intranet users, and the "Login" link does not show up if you are trying to access the site from outside the Department. Your IP address is now 3.222.251.91, thus you are currently disallowed to log in. The solution to the problem of remote log-in is simple if you can use ssh.

For Linux/Mac users

1. Into the shell type ssh optics.szfki.kfki.hu -L8080:optics.szfki.kfki.hu:80.
2. Authenticate yourself with the name and password you use in the intranet for log-in.
3. Point your browser to http://localhost:8080 (you can click on this link right now).
4. Leave your ssh session open until you are done.

For Windows users

1. Start PuTTY (a free ssh client, see the download page).
2. In Host Name (or IP address) type optics.szfki.kfki.hu
3. Go to category Connection->SSH->Tunnels in the left panel and set
   • Source port: 8080
   • Destination: optics.szfki.kfki.hu:80
   • then select Local and click on Add.
4. Click on Open and authenticate yourself with the name and password you use in the intranet for log-in.
5. Point your browser to http://localhost:8080 (you can click on this link right now).
6. Leave your ssh session open until you are done.

Caveats -- connection refused

Normally you should be able to log in to optics.szfki.kfki.hu in the way described above. For security reasons, however, the server might refuse connection requests from misconfigured hosts. Should the server refuse your connection, then it probably means that you are trying to log in from some suspicious location. A solution to this problem is to use another server (e.g., mail.szfki.hu) as "proxy". Here are a few tips how to do this.

Method 1: two consecutive log-ins

Log in first to mail.szfki.hu and then proceed further to our server.

For Linux/Mac users

For Windows users

1. Start the ssh client PuTTY.
2. In Host Name (or IP address) type mail.szfki.hu
3. Click on Open and authenticate yourself with the name and password you use in the intranet for log-in.
4. Type "ssh optics.szfki.kfki.hu" in the shell on mail.szfki.hu.
   mail:~$ ssh optics.szfki.kfki.hu

Method 2: local port forwarding

By forwarding the SSH port of optics.szfki.kfki.hu to your machine, you can even copy files using scp or sftp. After mapping port 22 of optics.szfki.kfki.hu to a local port of your machine (say 2222), you address yourself to your own machine through that local port instead of optics.szfki.kfki.hu.

For Linux/Mac users

yourpc:~$ ssh -L 2222:optics.szfki.kfki.hu:22 mail.szfki.hu sleep 1d &
Than you can log in
yourpc:~$ ssh -p 2222 -l remoteusername localhost
or even copy files
yourpc:~$ scp -P 2222 localfile.ext remoteusername@localhost:
Do not forget to kill your sleeping connection to mail.szfki.hu when you are done.

For Windows users

1. Start the ssh client PuTTY.
2. In Host Name (or IP address) type mail.szfki.hu
3. Go to category Connection->SSH->Tunnels in the left panel and set
   • Source port: 2222
   • Destination: optics.szfki.kfki.hu:22
   • then select Local and click on Add.
4. Click on Open and authenticate yourself with the name and password you use on mail.szfki.hu.
5. Type "sleep 1d" in the shell on mail.szfki.hu to prevent automatic log-out, and leave the shell open.
6. Start another the ssh client PuTTY.
   1. In Host Name (or IP address) type localhost, in Port type 2222.
   2. Click on Open and authenticate yourself as you would do it in the intranet.
7. Or use WinSCP of Filezilla similarly.

Method 3: ssh proxy

When using the OpenSSH SSH client on Linux machines, another solution is to use the ProxyCommand option, and combine it with the netcat (nc) command.

For Linux/Mac users only

ssh -AX -o CheckHostIP=no -o ProxyCommand='ssh -ax -o ClearAllForwardings=yes mail.szfki.hu "nc %h %p"' optics.szfki.kfki.hu

Alternatively, you can add the following snippet to your ~/.ssh/config file on your machine, and connect simply by typing "ssh optics-tunnel".
Host szfki-tunnel
HostName mail.szfki.hu
ForwardAgent no
ForwardX11 no
ClearAllForwardings yes

Host optics-tunnel
HostName optics.szfki.kfki.hu
ProxyCommand ssh szfki-tunnel 'nc %h %p'
ForwardAgent yes
ForwardX11 yes
CheckHostIP no
HostKeyAlias optics