Changes

Page history
Update Graphical Logins authored by Larry Granroth's avatar Larry Granroth
Show whitespace changes
Inline Side-by-side
Graphical-Logins.md
View page @ 6bd84346
Access to [SPDR](SPDR) systems will have a number of connection and graphical interface options. All will use ssh connections. These may be as simple as a direct ssh session with X Window forwarding, using a command-line similar to: Access to [SPDR](SPDR) systems will have a number of connection and graphical interface options. All will use ssh connections. These may be as simple as a direct ssh session with X Window forwarding, using a command-line similar to:
`ssh -Y username@axanar.physics.uiowa.edu` ```bash
ssh -Y hawkid@axanar.physics.uiowa.edu
```
Or a simple X Server such as [MobaXterm](https://mobaxterm.mobatek.net/download-home-edition.ht) for Windows. Unless you're connecting from campus, however, these methods may be quite "laggy" with unacceptably long pauses between updates. As long as you're connecting from campus or through the [university VPN](https://its.uiowa.edu/support/article/1876) you will have the option to login with your hawkid/password. Or a simple X Server such as [MobaXterm](https://mobaxterm.mobatek.net/download-home-edition.html) for Windows. Unless you're connecting from campus, however, these methods may be quite "laggy" with unacceptably long pauses between updates. As long as you're connecting from campus or through the [university VPN](https://its.uiowa.edu/support/article/1876) you will have the option to login with your AD credentials (hawkid/password).
If you frequently require a graphical session from off campus, you will probably want to use one of the solutions that uses an alternative protocol which can minimize latency issues. One of these is [FastX3](https://clas.uiowa.edu/linux/help/fastx). Another solution is [X2go](https://wiki.x2go.org/doku.php/download:start). In any case, for graphical logins, I encourage you to use the MATE desktop environment. MATE occasionally has trouble when forwarding audio, so I suggest disabling audio from the media tab of the session preferences window. KDE has a severe problem with their Dolphin file manager trying to index the entire file system. Unless you know how to disable this indexing behavior, avoid KDE. If you frequently require a graphical session from off campus, you will probably want to use one of the solutions that uses an alternative protocol which can minimize latency issues. One of these is [FastX3](https://clas.uiowa.edu/linux/help/fastx). Another solution is [X2go](https://wiki.x2go.org/doku.php/download:start). In any case, for graphical logins, I encourage you to use the MATE desktop environment. MATE occasionally has trouble when forwarding audio, so I suggest disabling audio from the media tab of the session preferences window. KDE has a severe problem with their Dolphin file manager trying to index the entire file system. Unless you know how to disable this indexing behavior, avoid KDE.
...@@ -12,12 +14,16 @@ X2go occasionally gets into an oscillating state of failing and constantly resta ...@@ -12,12 +14,16 @@ X2go occasionally gets into an oscillating state of failing and constantly resta
The alternative ssh port previously used on the [legacy systems](Legacy-Systems) is also available, but will not accept password authentication. Instead, you must set up public/private key exchange (sometimes called PKI) to log in. If your local system is Linux or Mac, you can probably do the following (every Windows application seems to have unique requirements): The alternative ssh port previously used on the [legacy systems](Legacy-Systems) is also available, but will not accept password authentication. Instead, you must set up public/private key exchange (sometimes called PKI) to log in. If your local system is Linux or Mac, you can probably do the following (every Windows application seems to have unique requirements):
`ssh-keygen -b 4096` ```bash
ssh-keygen -b 4096
```
The requested passphrase is used to protect the private key on your local system and is not sent across the network. This will generate id_rsa (the private key) and id_rsa.pub (the public key) by default in your ~/.ssh/ directory. If you are connected on campus or have the university VPN running, you can do: The requested passphrase is used to protect the private key on your local system and is not sent across the network. This will generate `id_rsa` (the private key) and `id_rsa.pub` (the public key) by default in your `~/.ssh/` directory. If you are connected on campus or have the university VPN running, you can do:
`ssh-copy-id username@axanar.physics.uiowa.edu` ```bash
ssh-copy-id hawkid@axanar.physics.uiowa.edu
```
to put the public key on your account in the SPDR environment. Alternatively, if you can't get the VPN to work, or otherwise can't successfully run ssh-copy-id, then just email ~/.ssh/id_rsa.pub to me and I'll put it in the right location for you. This only has to be done once. Be sure to let me @ljg know if you have any reason to suspect that your private key is compromised, since that would give anyone who has it access to any and all systems holding the public key. to put the public key on your account in the SPDR environment. Alternatively, if you can't get the VPN to work, or otherwise can't successfully run ssh-copy-id, then just email `~/.ssh/id_rsa.pub` to me @ljg and I'll put it in the right location for you. This only has to be done once. Be sure to let me know if you have any reason to suspect that your private key is compromised, since that would give anyone who has it access to any and all systems holding the public key.
After setting up the public/private key exchange, you can ssh to the alternative port and avoid VPN timeouts and such. After setting up the public/private key exchange, you can ssh to the alternative port and avoid VPN timeouts and such.
\ No newline at end of file