Skip to content Skip to navigation

Working At Home

It's fairly easy to set up an environment at home that integrates well with Rutgers CS facilities.

There are two basic approaches (which can certainly be combined):

  • X2Go. This is a tool that lets you open a window on one of our systems. It uses a specially optimized version of the X11 protocol, giving reasonable performance on most home connections. In addition to giving you a window on our system, it lets you access files on your home computer and print to your home printers from the job on our system.
  • Kerberos and sshfs. This lets you work in a windows on your home computer with the same kind of access to files as on our systems, and the ability to ssh to most systems without having to type a password.

X2Go is documented in the X2Go instruction page.

This page will document the second approach: Note that you can use sshfs without Kerberos. Kerberos is primarily useful if you're going to be connecting to lots of different systems and don't want to have to type a password repeatedly.

Note that these are mostly for working at home. There are better approaches for systems within the department.

SSHFS

SSHFS alllows you to mount a directory from one of our servers on your home system, and access it as if it were a local disk. It's surpringly efficient. In many cases it's better than NFS. Its main disadvantage compared with NFS is that it's really only designed for one person to use it at a time. So it's fine for home machines, but wouldn't be appropriate for use at Rutgers.

Instructions are give in Accessing Files Remotely.

Setting up Kerberos on Linux or Mac.

The main point of using Kerberos at home is to let you ssh to our systems without typing a password. Linux will normally have Kerberos set up. If not, you may need to install a package, e.g on Centos it would be krb5-workstation. While the Mac comes with Kerberos you will want to install the Kerberos implementation from Macports. You'll also need their version of ssh.

Once you've installed Kerberos, you need to set up /etc/krb5.conf. With recent versions of Kerberos you don't need much.  On the Mac this goes in /opt/local/etc/krb5.conf

[libdefaults]

  default_realm = CS.RUTGERS.EDU

  noaddresses = true

  forwardable = true

  default_ccache_name = /tmp/krb5cc_%{uid}

 

[realms]

  CS.RUTGERS.EDU = {

    kdc = https://services.cs.rutgers.edu/KdcProxy

    pkinit_anchors = FILE:/etc/kdc.crt

    #http_anchors = FILE:/etc/ipa/ca.crt

  }

 

 

This assumes that your system can access https://services.cs.rutgers.edu without a certificate problem. If you have issues, you can remove the # from the file and copy /etc/ipa/ca.crt from any of our workstations.

Once this is set up you can use the "kinit" command to create Kerberos credentials. Then ssh should work without a password. If you're using a onetine password you'll need to ue the skinit script rather than kinit. You can get it using this command: curl -O https://services.cs.rutgers.edu/skinit. If you need to use skinit, you also need /etc/kdc.crt set up. You can get it from curl -O https://services.cs.rutgers.edu/kdc.crt.

NOTE: This has been verified on Centos 7. In addition to the usual krb5-workstaton package, you need krb5-pkinit. On Ubuntu 16, it works, but in addition to the usual krb5-user package you need krb5-k5tls and krb5-pkinit. Without that the proxy doesn't work. On the Mac, the Macports Kerberos package has all the necessary pieces.

On Windows 10 I recommend installing the Ubuntu application and setting it up as for Linux. There is Kerberos for Windows, but it doesn't suppoort the proxy, so you can't use it at home. To set it up

  • Find powershell (e.g. type powershell into the Contana box), right click on it, and select "run as administrator".
  • In the powershell windows, type Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Windows-Subsystem-Linux
  • Reboot
  • Go to the Windows store and install Ubuntu. (Other distributions will probably work, but I've tried Ubuntu.)
  • Now follow the instructions above for Ubuntu.
  • You can open multiple Ubuntu windows. If you do kinit to get a ticket in one windows, it will apply to different windows as well.

On the Mac I recommend installing kerberos utilities and ssh from macports. This gives you normal LInux software. The Mac's Kerberos implementation is non-standard, and does not support the proxy or one time passwords. Macports has good installation instructions. You'll want at least the packages kerberos5 and openssh. Note that everything is installed in /opt/local, to avoid colliding with Apple's versions. So you'll need to put /opt/local/bin at the beginning of your path. You can use "which ssh" to verify that you're getting the version from /opt/local/bin. You'll need to configure /opt/local/etc/krb5.conf instead of /etc/krb5.conf. /etc/krb5.conf is irrevelant in this configuration.