Project

General

Profile

Idea #5740

Minos Windows to Linux survey

Added by Arthur Kreymer over 5 years ago. Updated over 5 years ago.

Status:
Accepted
Priority:
Normal
Start date:
03/21/2014
Due date:
% Done:

0%

Estimated time:
Spent time:
Duration:

Description

Per request of Frank Nagy,
who is working on related documents for the Fermilab Computing Sector,
I asked Minos Windows users how they are connecting
from Windows to Fermi Linux systems.

The query and responses are collected here

History

#1 Updated by Arthur Kreymer over 5 years ago

  • Status changed from New to Accepted

Date: Wed, 19 Mar 2014 23:31:32 +0000
From: Arthur Kreymer <>
To:
Subject: Survey - How do Minos Windows users SSH/X to Fermilab ?

The Fermilab Computing Sector is updating Authentication documentation.

Support for connecting to Linux systems from Windows is being reviewed,
focusing on University people who do not use Fermilab's licensed tools.

I volunteered to take an informal survey of what methods are being used
by actual Physicists. I will put the results online.

How do you Windows users kerberize, ssh, and display X windows ?

Please send me mail, ( or drop by my office ).
Please do not reply to minos-users directly.

Thanks !

#2 Updated by Arthur Kreymer over 5 years ago

Date: Wed, 19 Mar 2014 18:41:31 -0500
From: Phil Adamson <>
To: Arthur Kreymer <>
Subject: Re: Survey - How do Minos Windows users SSH/X to Fermilab ?

From my windows machines, I use putty with GSSAPI support (my version
identifies as 0.63) for kerberized ssh and to tunnel X11. For X11, I have a
machine with eXceed and one with Xming. I use NetIdMgr to manage kerberos
tickets.

Phil

#3 Updated by Arthur Kreymer over 5 years ago

Date: Wed, 19 Mar 2014 16:46:00 -0700
From: Ryan Patterson <>

Hi Art,

I've tried periodically to get Kerberos on Windows working the way it
should, but I've never succeeded.  I would use it if it worked for me.

In a pinch, I use my cryptocard (maybe a couple times a year, e.g. when I
need direct ftp access).  My day-to-day method is to VNC into a Linux box at
Caltech and then kinit from there.

Ryan

#4 Updated by Arthur Kreymer over 5 years ago

Date: Wed, 19 Mar 2014 19:31:28 -0500
From: Howard Rubin <>

kerberize: MIT Kerberos kfw-3-2-2. I had problems when trying to install
Kerberos 4 because it wouldn't communicate properly with Fermilab --
probably Fermilab's fault since their standard packages are usually very old
-- so I backed up to 3.2.2.

ssh: putty-0.62 and winscp-5.18. With a little bit of fooling around these
products integrate with each other and kerberos.

display X windows: xming-6.9.0.31 with xming-fonts-7.5.0.47

All of these products are free although it may be the case that a donation
is requested for the complete xming-fonts package.

Note that there are also now Windows packages which supply linux utilities
like grep, cut, etc. I also use autominiclip which almost emulates
highlight/copy - middle-buttone/paste.

Howie

#5 Updated by Arthur Kreymer over 5 years ago

Date: Wed, 19 Mar 2014 19:52:21 -0500
From: Gregory Pawloski <>

putty

#6 Updated by Arthur Kreymer over 5 years ago

Date: Wed, 19 Mar 2014 20:00:18 -0500
From: Maury Goodman <>

I do kinit and then ssh.

I display xwindows with putty and exceed.

#7 Updated by Arthur Kreymer over 5 years ago

Date: Wed, 19 Mar 2014 18:11:17 -0700
From: Leon Mualem <>

I'm not a very active MINOS windows user, but here's what I do.

The easiest for me is to run a VirtualBox linux machine hosted
by my windows machine.

The second easiest is to log into a linux machine at Caltech,
kinit, and log in to fermilab.

The next easiest is to run a vnc session on a linux box at Caltech.

The only acceptable way I find to run X is in a VNC session on
a computer at Fermilab. I have puzzled why it is so painful to
run anything with X over the network. I used to be able to run
mosaic from minnesota with graphics and all, and now most things
are uselessly slow. I can run an xterm, and pop the window to
one of the linux box versions above, but anything with graphics
is uselessly slow.

I think the short answer is I don't connect from windows to FNAL
anymore. I think I used to, but once I got the virtual box going
it became irrelevant.

#8 Updated by Arthur Kreymer over 5 years ago

Date: Wed, 19 Mar 2014 20:23:27 -0500
From: Catherine C James <>

I'm not university. Used to use the Lab's licensed tools (reflection) but it
was a pain. Now I use VirtualBox with an SLF6 "machine" on my windows
systems (home and laptop). I ssh in the usual way to other linux nodes.
Works great.

#9 Updated by Arthur Kreymer over 5 years ago

Date: Wed, 19 Mar 2014 20:54:26 -0500
From: Mike Kordosky <>

My guess,

Almost nobody who uses windows as their primary OS ssh's to FNAL.

#10 Updated by Arthur Kreymer over 5 years ago

Date: Thu, 20 Mar 2014 03:10:01 +0000
From: "Thomas, Jennifer" <>

I dont use windows. :-)

#11 Updated by Arthur Kreymer over 5 years ago

Date: Thu, 20 Mar 2014 18:52:47 +0000
From: "Ritchie, Jack L" <>

I am glad to hear this documentation will be updated, since what's there now
was
completely useless to me.

I use a PC, and what I do to get into Fermilab linux is ludicrous. I ssh
into a linux machine
at Texas, from which I can do the kinit and ssh to Fermilab. I do this
even if I am at Fermilab,
so I ssh to Texas first, then ssh back to Fermilab.

I'm sure there is a better solution, but I have not had a big enough need
for it to push through
to find a solution. From what I could tell, there is no free software for
Windows that works, and
as I said, the FNAL documentation was no help whatever. (I'm willing to pay
for the software if
necessary, but it would be good to know exactly what to buy.) The people
I've talked to don't have
any actual experience kerberizing Windows, and they say unhelpful things
like I should buy a Mac.

In any case, I would like a better way to connect, since it would be one
less barrier for me to get
involved in looking at data.

Thanks for your efforts on this.

#12 Updated by Arthur Kreymer over 5 years ago

Date: Thu, 20 Mar 2014 13:53:46 -0500
From: William F Badgett Jr <>

I don't belong to a University, but I access FNAL linux boxes from
Windows machines frequently: Years ago I tried VPN, but found
it cumbersome, and switched to cygwin using the krb5.config and
ssh.exe from FNAL.

Sometimes cygwin can be tricky to install, but once it's working
it's normally fine. Occasionally I get mysterious "permission denied"
from certain machines, which I have never understood.

Direct use of X is normally extremely slow, so I use either VNC
or NXclient to connect, with an ssh tunnel, single or double hops
as needed. Both seem to give excellent performance

#13 Updated by Arthur Kreymer over 5 years ago

Date: Fri, 21 Mar 2014 09:41:06 -0400
From: Brett Viren <>

I happen to bump into this issue today. I'm trying to organize LBNE's
written response to DOE for our upcoming review by collecting our
documentation in a Redmine/git repository. I expect many of the
contributors to be Windows users and unaccustomed to accessing Fermilab
computers via Kerberized SSH. If they want to push commits directly
they will need some guidance on this aspect.

I wrote up some help on this here:

https://cdcvs.fnal.gov/redmine/projects/lbne-sc-review-2014/wiki/Help_for_
Windows_Users

I would like to make a link to the best instructions we have on how
Windows users can get Kerberos/SSH working. Bonus points if the
instructions focus on accessing Redmine/git.

Do you have a good link I might use?

#14 Updated by Arthur Kreymer over 5 years ago

Date: Fri, 21 Mar 2014 15:57:03 +0200
From: Panagiotis Stamoulis <>

when I use Windows to connect, I always create an "xterm environment"
using Cygwin. This has kerberos, ssh and [with tunneling] also displays
remote X windows.
I also use ssh secure shell program [after creating the xterm environment
in cygwin], which is not distributed [or supported] anymore.

#15 Updated by Arthur Kreymer over 5 years ago

Thanks for your responses !

The details are collected at
https://cdcvs.fnal.gov/redmine/issues/5740

See a summary table at
https://cdcvs.fnal.gov/redmine/projects/admin/wiki/SSHWIN

#16 Updated by Arthur Kreymer over 5 years ago

Date: Mon, 24 Mar 2014 15:34:00 -0500
From: Xinjie Qiu <>

On my primary windows computer, I installed WMware, and run Ubuntu Linux
on this virtual machine to ssh to Fermilab.

#17 Updated by Arthur Kreymer over 5 years ago

Date: Tue, 25 Mar 2014 08:53:10 -0500
From: Gregory Pawloski <>

Just to add some info:
When I use putty with kerberos, it appears to have trouble forwarding the
ticket and access to afs.
I use a cryptocard to avoid any forwarding issues or if I am using a
computer that has not been configured.

#18 Updated by Arthur Kreymer over 5 years ago

  • Subject changed from Minos Windos to Linux survey to Minos Windows to Linux survey


Also available in: Atom PDF