Remote Access

It is often necessary to remotely access either your desktop computer or your files. We enable this by using standard protocols like SSH so that access is available from any platform.

Storage Access

Since the our storage is only accessible from inside the faculty network, you cannot directly access your files from home. However, once you log in using SSH on one of the login servers you can easily work with the files in your home directory or in a group share.

To transfer files from or to your faculty home directory, please use an SFTP or SCP client:

  • Linux: The sftp and scp commands should be available. If not, please install the OpenSSH client package via your distribution's package manager.
  • Windows: The WinSCP or MobaXterm applications work well for this task.
  • macOS: The sftp and scp are available from the Terminal application. For graphical applications there are Cyberduck or Fugu.

SSH Access

We provide two Linux SSH login servers (use your math:account to log in):

login.mat.univie.ac.at and logon.mat.univie.ac.at

These servers can be used to remotely access your home directory or further connect to your desktop computer.

To connect to the login servers you need an SSH client:

  • Linux: The SSH client should readily be available via the ssh command. If not, then install the OpenSSH client package via your distribution's package manager.
  • Windows: We recommend using the Putty or MobaXterm SSH clients.
  • macOS: Like with Linux the ssh command is readily available from the Terminal application.

SSH Host Key

Since all SSH host keys of the Faculty are signed, it is possible to add the following line (it is one very long line) to your known hosts file (on Linux and macOS at ~/.ssh/known_hosts) so that all Faculty hosts are automatically verified:

@cert-authority *.mat.univie.ac.at ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDtJUBTq2C4xjBapLKMhtG5MMaSfzGdoLP6h1jhAXF2i8Dn2SK9zTFcr2qeKW1TBNSe1cBuvd1+t4/fLfgR+KgPWc8AsUDon/3CWTa/UlDIILW4d74kYy6qPuH0i5n+2pj7bDy7QI/M/2BSD13HT7D6N4Ep5/LsADdPKw/il2WJyp8N96PnsVm23x2j1w/qUOx/EWHzmivui/E4+WSdXozZMUDTJKNzqDt1ogiygJeP5/LIJTTtLBZL6DO1aowCa6AKt0HFcnCB0/dcJdxH9y2RYL8/QeMIWawpyUQl8Un2abmOUv5WkqZcUrpxdb72nqPzF0bEjm6KuC4RoJi5pzUJ auth@mat.univie.ac.at

This is the preferred way to verify host keys.

Please note that this only works if you use the fully qualified name (FQDN) of the target host. However, there is a work-around that allows you to use just the hostname. For this you have to put the following lines into your SSH client configuration file (on Linux and macOS at ~/.ssh/config):

Host *
CanonicalizeHostname yes
CanonicalDomains mat.univie.ac.at
CanonicalizeMaxDots 0

 

If you don't use the way described above and you have never connected to the login servers, you will be asked to verify the SSH host key. Please make sure that the shown key matches the following:

  • login.mat.univie.ac.at
    • ED25519 key fingerprint: SHA256:WTq/mGl7PiQ8K1I7tD01GhT4mUGFqlhwHSiBppi/Z/w
    • RSA key fingerprint: SHA256:ydqQawBo5i+JJCb5WM1wZ/mjdvgm1OwPUKlXRA05V10
    • RSA key fingerprint MD5: 8e:a5:09:91:3f:83:55:5e:45:d5:48:af:79:46:d1:dc
  • logon.mat.univie.ac.at
    • ED25519 key fingerprint: SHA256:KMaPZYkNViO+mE/Qa5XOlGEpV9m78qYhq/8BjWxq9Io
    • RSA key fingerprint: SHA256:Su8qHO+vTiMY1Tb0q793KNEvjrVli6j/OSODx3i9wqI
    • RSA key fingerprint MD5: a4:68:72:56:25:9c:ed:97:9c:0c:1a:6a:a7:37:54:99

Access to Faculty Computers

To access your faculty computer (it needs to have an SSH server installed; all our managed Linux desktop computers do) first connect to one of the login servers. Then use SSH again to further connect to your faculty computer.

Tunneling, X-Forwarding and "VPN"

SSH allows to setup tunnels to access applications that are only available within the Faculty network. A typical command to setup a tunnel to the port 80 on the computer testpc via the local port 9999 looks like this:

ssh -L 9999:testpc:80 USERNAME@login.mat.univie.ac.at

In addition to tunnels SSH allows forwarding of X windows, i.e. graphical programs on Linux. This means that it is possible to remotely start e.g. Thunderbird on your faculty computer and get the graphical interface on your home computer (provided it has an X server running). Just provide the -Y option to the command line OpenSSH client or select the appropriate option in your GUI client.

The math:IT services itself do not provide a full-blown VPN because the computer center of the University does (see the ZID Virtual Private Network page). However, there is the sshuttle application which provides a VPN like service over SSH and is compatible with our infrastructure.