# Remote Access to the Workstation, Login without Password === A reference for [Lai Research Group Computing Infrastructure](https://hackmd.io/4tb1XuqMShK_6HLSySbk4g) === The IP address of the workstation is *sdss-yaolai.stanford.edu*. <!-- Niall commented out the below because it already exists in the onboarding computing email. 02/05/2024 --> <!-- Before login, one must: > 1. Contact Yao for applying an account of the workstation > 2. Within Princeton network, or access internet via [Princeton VPN service](https://informationsecurity.princeton.edu/connecting-to-princeton-n) --> For commandline (CLI) usage, it provides SSH login via: `ssh <your_account_name>@sdss-yaolai.stanford.edu` or, One can access desktop GUI via [Microsoft RDP](https://docs.microsoft.com/en-us/windows-workstation/remote/remote-desktop-services/clients/remote-desktop-clients) ### Tutorial and tips for SSH login --- #### Q: How can I login into the workstation? It's easy. Just open any terminal like cmd. Then type and enter to execute: `ssh <your_account_name>@yaolab.sdss-yaolai.edu` Then it will ask for password, type it, then you should successfully login into the workstation. :::success If it's your first time accessing the workstation on the device, it will ask you to add the workstation into 'known hosts', type `Yes`. You should **change your password immediately** after your first login.\ Command `passwd` can change your password. ::: #### Q: How can I avoid typing password each time? One can use terminals like [Mobaxterm](https://mobaxterm.mobatek.net/)(for Windows), or [iTerm2](https://iterm2.com/)(for Mac, :warning: NOT TESTED) which can remember the password locally. One can also use [Key-Authencation](https://en.wikipedia.org/wiki/Key_authentication) based ssh login. It involves mainly three steps: 1. Generate a key-pair on local device - Execute `ssh-keygen -t ed25519` in terminal - For the file name, one can just use the default (C:\Users\mrchou\.ssh\id_ed25519) - Passphrase can remain empty - The file id_ed25519 is the **private key**, **DO NOT** reveal it to anyone - The file id_ed25519.pub is **public key**, we shall add the content of this file onto workstation 2. Add public key of key-pair to the allowed identities list on target device (i.e. the workstation) > For Mac or WSL under Windows, it's a single step > > `ssh-copy-id -i <your identity file> <your account name>@sdss-yaolai.stanford.edu` > > It will ask for your passwrod to register the identity to the workstation. > For Windows (cmd/powershell) > - Login to the workstation > - Open the file `/home/<username>/.ssh/authorized_keys`. Create the file, or even the .ssh directory if they do not exist. > - Execute the following to create the file and the directory\ > `mkdir "~/.ssh" && touch ~/.ssh/authorized_keys` > - Edit the file by copy the content of previous **public key file (ida_ed25519.pub)** into the the authorized_keys. > - `type C:\Users\mrchou\.ssh\id_ed25519.pub` to display the content (can use Notepad instead) > - Though very long, all the content of public key file is only single line. > - One can add as many public keys into the autorized_keys file. So the file contains multiple lines, one line per public key. This make multiple machines regeistered on the the workstation. 3. After step 2, one should able to conduct the previous ssh login, without typing any password. - If it's not the case, it could be that your `ssh` command is not using the key. - Fix that by execute the followings:\ `eval $(ssh-agent)`\ `ssh-add C:\Users\mrchou\.ssh\id_ed25519` (use `ssh-add` onto your private key file) --- ### Tutorials on Microsoft RDP Access #### XFCE Resources Instead of using standard, pretty, and arguably more intuitive GNOME desktop environment, we use [XFCE](https://www.xfce.org/) since it's faster. You can find your installed applications on the top left: ![](https://i.imgur.com/sa6iVje.png) You may want to know that dragging the application to desktop can fast create the shortcut. For other tips/questions on using the xfce, one can refer to the [official wiki page](https://wiki.xfce.org/) or do some Google. #### Connection Assuming we are already under Princeton VPN service. > **For Windows** > > Windows has built-in **Remote Desktop Connection**, open it and connect to sdss-yaolai.stanford.edu or IP address: 128.112.21.168 (need VPN if off campus) > > ![](https://i.imgur.com/MxL1Wn5.png) > > A login page will show up. > Type your account and password, done! > ![](https://i.imgur.com/3k3foQu.png) --- > **For Mac** > > Download [Microsoft Remote Desktop for Mac](https://apps.apple.com/tw/app/microsoft-remote-desktop/id1295203466?mt=12), then follow the steps in Windows > section. ###### addtional info: [Admin notes on HackMD](https://hackmd.io/qW7dli1lTwi4HUW4PzEiUA) ###### Few more credentials: vnc password to modify RC setting: yaolabRD (won't be useful most likely, since the admin account can modify RC settings without credentials); AnyDesk ID: 621836313; AnyDesk password: can request from Yao. AnyDesk only works when there is an active GUI for the server, and you can only view the screen from that active account (it's for "share-screen" but not "remote desktop connection"). ###### The procedure for setting up RC (remote connection) for Linux here for our future reference: https://linuxconfig.org/ubuntu-20-04-remote-desktop-access-from-windows-10 After granting RC access to users, we need to open a firewall port 3389 for an incoming traffic. --- <!-- For users looking to add new members to the group, please enter the following lines of code. --> <!-- cd /home --> <!-- sudo adduser netid --> <!-- ronnefilchner (can be used for temporary password) --> <!-- Enter in their full name, can use their actual name here as it's just background detail --> <!-- If you've entered in something wrong, you could try: sudo rm -rf netid --> <!-- Be careful with sudo, as well as -rf, as these are very powerful commands. -->