Remote Access
Logging in to optics.szfki.kfki.hu
Method 1: using secure shell
Use the SSH protocol to log in to optics.szfki.kfki.hu
. From a Linux or Mac client, it is as simple as executing the shell command ssh optics.szfki.kfki.hu
in a terminal window. Windows users may use PuTTY, a free ssh client (see its download page).
For Linux/Mac users
yourpc:~$ ssh optics.szfki.kfki.hu
bird:~$
For Windows users
- Start the ssh client PuTTY.
- In Host Name (or IP address) type
optics.szfki.kfki.hu
- Click on Open and authenticate yourself with the name and password you use in the intranet for log-in.
Accessing the poultry farm
Most of the machines in the optics network are behind a firewall and, therefore, are not accessible directly from the Internet. To access these computers, you need to tunnel your connection through the gateway server optics.szfki.kfki.hu
. Here are a few tips how to do this:
Method 1: Log-in only
If the only thing you want is to log in, you can simply log in to optics.szfki.kfki.hu
first and then further to the selected host. Follow the instructions in the previous section, and than go further to another host in the poultry farm (e.g., pulyka.optics
).
For Linux/Mac users
yourpc:~$ ssh optics.szfki.kfki.hu
optics:~$ ssh pulyka.optics
For Windows users
- Start PuTTY (a free ssh client, see the download page).
- In Host Name (or IP address) type
optics.szfki.kfki.hu
- Click on Open and authenticate yourself with the name and password you use in the intranet for log-in.
- Type "
ssh pulyka.optics
" in the shell.
Method 2: SSH/SCP access via SSH tunneling
You can even copy your files using scp
or sftp
. The trick is that you tunnel your connection through optics.szfki.kfki.hu
. First log in to optics.szfki.kfki.hu
and forward the SSH port of pulyka.optics
to your machine to a local port of your machine (say 2222). Than address yourself to your own machine through that local port.
For Linux/Mac users
yourpc:~$ ssh -L 2222:pulyka.optics:22 optics.szfki.kfki.hu sleep 1d &
Than you can log inyourpc:~$ ssh -p 2222 -l remoteusername localhost
or even copy filesyourpc:~$ scp -P 2222 localfile.ext remoteusername@localhost:
Do not forget to kill your sleeping connection to optics.szfki.kfki.hu
when you are done.
For Windows users
- Start the ssh client PuTTY.
- In Host Name (or IP address) type
optics.szfki.kfki.hu
- Go to category Connection->SSH->Tunnels in the left panel and set
- Source port:
2222
- Destination:
pulyka.optics:22
- then select Local and click on Add.
- Source port:
- Click on Open and authenticate yourself with the name and password you use on the intranet.
- Type "
sleep 1d
" in the shell onoptics.szfki.kfki.hu
to prevent automatic log-out, and leave the shell open. - Start another the ssh client PuTTY.
- In Host Name (or IP address) type
localhost
, in Port type 2222. - Click on Open and authenticate yourself as you would do it in the intranet.
- In Host Name (or IP address) type
- Or use WinSCP of Filezilla similarly.
Method 3: ssh proxy
When using the OpenSSH SSH client on Linux machines, another solution is to use the ProxyCommand option, and combine it with the netcat (nc
) command.
For Linux/Mac users only
ssh -AX -o CheckHostIP=no -o ProxyCommand='ssh -ax -o ClearAllForwardings=yes optics.szfki.kfki.hu "nc %h %p"' pulyka.optics
Alternatively, you can add the following snippet to your ~/.ssh/config
file on your machine, and connect simply by typing "ssh pulyka
".
Host optics-tunnel
HostName optics.szfki.kfki.hu ForwardAgent no ForwardX11 no ClearAllForwardings yes
Host sas daru gem gerle szarka
ProxyCommand ssh optics-tunnel 'nc -w 1 %h %p' ForwardAgent yes ForwardX11 yes CheckHostIP no
Accessing on-line journals
If you can't get access to subscription content via VPN, check this link: How to See If Your VPN Is Leaking Your IP Address (and How to Stop It)
Method 1: SSH tunnel + HTTP proxy
This method uses the Privoxy proxy server installed on optics.szfki.kfki.hu
through an ssh tunnel. This is probably the easiest to set up, however, once activated all browser traffic is redirected through the proxy server, adding an overhead to browsing.
For Linux/Mac users
- Log in with local port forwarding using the following command in the shell:
ssh optics.szfki.kfki.hu -L3128:localhost:3128
Alternatively, you can use
ssh optics-http-proxy
after adding this to your ~/.ssh/config file:
Host optics-http-proxy
HostName optics.szfki.kfki.hu
LocalForward 3128 localhost:3128
- In your browser's preferences (or in Gnome in System>Preferences>Network Proxy), select Manual proxy configuration, set
localhost
at port3128
for HTTP proxy, and check Use the same proxy for all protocols. - Leave your ssh session open until you are done.
For Windows users
- Start PuTTY (a free ssh client, see the download page).
- In Host Name (or IP address) type
optics.szfki.kfki.hu
- Go to category Connection->SSH->Tunnels in the left panel and set
- Source port:
3128
- Destination:
localhost:3128
- then select Local and click on Add.
- Source port:
- Click on Open and authenticate yourself with the name and password you use in the intranet for log-in.
- In your browser's preferences (Tools>Internet Settings>Connections>Local Network Settings), check Use proxy server on local network, and set
localhost
at port3128
for HTTP proxy. - Leave your ssh session open until you are done.
Method 2: SSH SOCKS proxy
This method uses ssh as SOCKS proxy server and does not require the HTTP proxy server to run.
Therefore, it can be used not only with optics.szfki.kfki.hu
, but with any SSH server within the kfki.hu
domain. HTTP proxies are more HTTP-aware and do higher level filtering, while SOCKS proxies are bidirectional and can also forward UDP traffic.
For Linux/Mac users
- Log in with dynamic port forwarding using the following command in the shell:
ssh optics.szfki.kfki.hu -D 8080
Alternatively, you can use
ssh optics-socks-proxy
after adding this to your ~/.ssh/config file:
Host optics-socks-proxy
HostName optics.szfki.kfki.hu
DynamicForward 8080
- In your browser's preferences (or in Gnome in System>Preferences>Network Proxy), select Manual proxy configuration, set
localhost
at port8080
for Socks host, and leave all other protocols blank. - Leave your ssh session open until you are done.
For Windows users
- Start PuTTY (a free ssh client, see the download page).
- In Host Name (or IP address) type
optics.szfki.kfki.hu
- Go to category Connection->SSH->Tunnels in the left panel and set
- Source port:
8080
- then select Dynamic and click on Add.
- Source port:
- Click on Open and authenticate yourself with the name and password you use in the intranet for log-in.
- In your browser's preferences (Tools>Internet Settings>Connections>Local Network Settings), check Use proxy server on local network, then click on Special and set
localhost
at port8080
for Socks proxy. - Leave your ssh session open until you are done.
3. The OpenVPN way
Journals that are accessible from within the kfki.hu
domain can be accessed using the KFKI OpenVPN service as instructed on the SZHK webpage. This VPN service requires the same registration as the spam filtering service, which can be requested from the
webmaster
.
The major drawback of using the openvpn setup as instructed on the SZHK webpage is that all internet traffic will be routed through the KFKI network, adding significant overhead to browsing. My solution was to only add specific domains which should be accessible through the OpenVPN tunnel, and leave general internet traffic traverse directly. A significant advantage of this setup is that this Openvpn connection can even be made permanent, i.e., set up to load at boot time. Unfortunately, the recipe works only for Linux/Unix systems, and I'm not even sure that the exact same commands work for MacOS X...
The recipe is as follows. Setup your openvpn as instructed at SZHK webpage, you can save it, e.g., as kfki.conf. Then copy kfki.conf to kfki-journals.conf and make the following changes to it:
- Comment out everything related to DNS servers and resolve conf.
- Add the following lines at the end of kfki-journals.conf
##########
route 198.81.200.2 255.255.255.255 vpn_gateway
# Try to route only the necessary packets
#
# APS journals
route 209.133.34.0 255.255.255.0 vpn_gateway
# Scitation
route 192.58.150.35 255.255.255.255 vpn_gateway
# EISZ (www.eisz.hu)
route 193.6.21.4 255.255.255.255 vpn_gateway
# EISZ Web of science (wosportal.om.hu)
route 193.225.13.152 255.255.255.255 vpn_gateway
# Science Direct (www.sciencedirect.com)
# IOP Journals (www.iop.org)
route 193.131.119.37 255.255.255.255 vpn_gateway
# Keep all the rest as they were
route default net_gateway
# Some routes get added by openvpn that cover up the default route
# This little script will try to remove them
route-up /etc/openvpn/kfki-journals.routefix.sh
- The following lines in kfki-journals.routefix.sh seem to do the job for me (make sure the file is set to be executable):
@@# For some reason these routes get added by openvpn
# They seem to actually cover up the entire default route
route del -net 0.0.0.0 netmask 128.0.0.0
route del -net 128.0.0.0 netmask 128.0.0.0
Editing the wiki pages
The pages in this site can be edited after authentication through the "Login" link in the top right corner (see PmWiki for instructions). However, log-in is allowed only for intranet users, and the "Login" link does not show up if you are trying to access the site from outside the Department. Your IP address is now 3.222.251.91, thus you are currently disallowed to log in. The solution to the problem of remote log-in is simple if you can use ssh.
For Linux/Mac users
- Into the shell type
ssh optics.szfki.kfki.hu -L8080:optics.szfki.kfki.hu:80
. - Authenticate yourself with the name and password you use in the intranet for log-in.
- Point your browser to
http://localhost:8080
(you can click on this link right now). - Leave your ssh session open until you are done.
For Windows users
- Start PuTTY (a free ssh client, see the download page).
- In Host Name (or IP address) type
optics.szfki.kfki.hu
- Go to category Connection->SSH->Tunnels in the left panel and set
- Source port:
8080
- Destination:
optics.szfki.kfki.hu:80
- then select Local and click on Add.
- Source port:
- Click on Open and authenticate yourself with the name and password you use in the intranet for log-in.
- Point your browser to
http://localhost:8080
(you can click on this link right now). - Leave your ssh session open until you are done.
Caveats -- connection refused
Normally you should be able to log in to optics.szfki.kfki.hu
in the way described above. For security reasons, however, the server might refuse connection requests from misconfigured hosts. Should the server refuse your connection, then it probably means that you are trying to log in from some suspicious location. A solution to this problem is to use another server (e.g., mail.szfki.hu
) as "proxy". Here are a few tips how to do this.
Method 1: two consecutive log-ins
Log in first to mail.szfki.hu
and then proceed further to our server.
For Linux/Mac users
yourpc:~$ ssh mail.szfki.hu
mail:~$ ssh optics.szfki.kfki.hu
For Windows users
- Start the ssh client PuTTY.
- In Host Name (or IP address) type
mail.szfki.hu
- Click on Open and authenticate yourself with the name and password you use in the intranet for log-in.
- Type "
ssh optics.szfki.kfki.hu
" in the shell onmail.szfki.hu
.mail:~$ ssh optics.szfki.kfki.hu
Method 2: local port forwarding
By forwarding the SSH port of optics.szfki.kfki.hu
to your machine, you can even copy files using scp
or sftp
. After mapping port 22 of optics.szfki.kfki.hu
to a local port of your machine (say 2222), you address yourself to your own machine through that local port instead of optics.szfki.kfki.hu
.
For Linux/Mac users
yourpc:~$ ssh -L 2222:optics.szfki.kfki.hu:22 mail.szfki.hu sleep 1d &
Than you can log inyourpc:~$ ssh -p 2222 -l remoteusername localhost
or even copy filesyourpc:~$ scp -P 2222 localfile.ext remoteusername@localhost:
Do not forget to kill your sleeping connection to mail.szfki.hu
when you are done.
For Windows users
- Start the ssh client PuTTY.
- In Host Name (or IP address) type
mail.szfki.hu
- Go to category Connection->SSH->Tunnels in the left panel and set
- Source port:
2222
- Destination:
optics.szfki.kfki.hu:22
- then select Local and click on Add.
- Source port:
- Click on Open and authenticate yourself with the name and password you use on
mail.szfki.hu
. - Type "
sleep 1d
" in the shell onmail.szfki.hu
to prevent automatic log-out, and leave the shell open. - Start another the ssh client PuTTY.
- In Host Name (or IP address) type
localhost
, in Port type 2222. - Click on Open and authenticate yourself as you would do it in the intranet.
- In Host Name (or IP address) type
- Or use WinSCP of Filezilla similarly.
Method 3: ssh proxy
When using the OpenSSH SSH client on Linux machines, another solution is to use the ProxyCommand option, and combine it with the netcat (nc
) command.
For Linux/Mac users only
ssh -AX -o CheckHostIP=no -o ProxyCommand='ssh -ax -o ClearAllForwardings=yes mail.szfki.hu "nc %h %p"' optics.szfki.kfki.hu
Alternatively, you can add the following snippet to your ~/.ssh/config
file on your machine, and connect simply by typing "ssh optics-tunnel
".Host szfki-tunnel
HostName mail.szfki.hu
ForwardAgent no
ForwardX11 no
ClearAllForwardings yes
Host optics-tunnel
HostName optics.szfki.kfki.hu
ProxyCommand ssh szfki-tunnel 'nc %h %p'
ForwardAgent yes
ForwardX11 yes
CheckHostIP no
HostKeyAlias optics