Project

General

Profile

Slowmoncon VNC connection procedure for linux

Note: previously, if you were off-site, you had to use the Fermilab VPN to connect to any computer in LArTF. Now (since March 4, 2015) you can connect to ubdaq-prod-ws01 and -ws02 directly from off-site or on-site. (And you can no longer connect directly to any other computer in LArTF, even from on-site, with limited exceptions.)

1. Get your Kerberos ticket as usual, and log in to ubdaq-prod-ws01 with the option "-L 5902:localhost:5902". Below is an example. (Use your own username, not gahs.)

gahs@gahs-MacBook: $ kinit gahs@FNAL.GOV
Password for gahs@FNAL.GOV: 

gahs@gahs-MacBook: $ ssh -K -L 5902:localhost:5902 ubdaq-prod-ws01.fnal.gov
Last login: Tue Jun 17 14:08:00 2014 from uboonegpvm01.fnal.gov
                              NOTICE TO USERS

[long notice]

gahs@ubdaq-prod-ws01: $ 

2. Now leave that running (footnote 1), and start up a VNC client on your machine (not on ubdaq-prod-ws01). Use the VNC client to connect to display ":2" on your machine. Details of how to do that vary depending on your favorite VNC client. TightVNC or RealVNC command line clients will simply look like this:

vncviewer :2

There is also a VNC client named "vinagre" that gives you a graphical interface. (Screenshot: vinagre_connection_dialog.png .)

3. Once you connect, you will be asked for an additional password. This password is XXXXsmc, where XXXX is a common MicroBooNE collaboration password (footnote 2).

4. After supplying the additional vnc password, you will see a desktop run by the ubooneshift user. (Screenshot: opi_panel_view_editor.png .)

5. See SLC - Overview for an explanation of the control panel display. You are now free to monitor and control the hardware.

In case of problems

If no vnc server is running on the ubooneshift user, see SMC startup.

Footnotes:

(1) Clever people reading the ssh man pages will find ways to put the ssh process in the background.

(2) Note all communication with the VNC server is encrypted via SSH, the VNC server only accepts connections from the host it is running on (which is why the "-L 5902:localhost:5902" was needed), and the additional VNC password info is stored in a file that is only readable by the ubooneshift user. Only people who can log in to ubdaq-prod-ws01 can connect to this VNC server, and even those people can't get past the VNC password prompt unless they are told or guess the collaboration password or they have enough privileges to read mode 600 files owned by ubdaq-prod-ws01.