Center for Functional MRI In the Department of Radiology

InfoSys How To: Remote Access

How do I get Remote Access to the CFMRI servers?

Dynamic IP

  1. Open a Browser to http://vpn.ucsd.edu
  2. Login using your AD account and make sure you select "split" or "allthruucsd" as the Group.
  3. Follow the instructions on the VPN site

Static IP:

  1. Email fmri-support@ucsd.edu with your IP address to be added to the access control list.

Back to Top

How to X11 for Mac?

Mac OS X has X11 preinstalled

  1. Open the X11 program.
  2. Open a terminal
  3. In a terminal type ‘ssh –X [your user name]@fmriserver.ucsd.edu’

Back to Top

How to X11 for Linux?

X11 support is built-in to the operating system.

  1. Open a terminal
  2. In a terminal type ‘ssh –Y [your user name]@fmriserver.ucsd.edu’
  3. If the  above line doesn't work use -X instead of -Y

Back to Top

How to X11 for Windows?

Use xming from http://sourceforge.net/projects/xming for free and putty

  1. Run Xming (note when installing Xming: if you get a prompt to allow xming in your firewall, select deny)
  2. Open putty by double-clicking it. It will bring up the interface.
  3. First, setup the connection info in Host Name field and select SSH (SSH is using port 22).
  4. In Connection Category, find the Connection tree. In SSH, expand it and you will see the Tunnels window. Click "Enable X11 forwarding". It is setting the default to X display at "localhost:0".
  5. Return to Session and save this session with a name you like. You should use the Host Name to make it easy to remember where you are connecting to.
You also may use Xshell by NetSarang which is free for Educational use and for home use, instead of putty.

Back to Top

How do I Secure my Workstation?

MAC:
  1. If you enabled ssh remote login on your workstation, please do the following:
    1. tcp wrapper is installed by default
      To enable:
      create the following files
      /etc/hosts.allow
      sshd: 137.110.192. (for the VPN)
      sshd: 132.239.132. (for our local subnet)
      /etc/hosts.deny
      ALL: ALL

    2. Disable protocol version 1 from the /etc/sshd_config
      edit the line
      Protocol 2, 1
      to:
      Protocol 2
  2. Your user account is recommended not to be an admin account, have a separate admin account.
  3. We used to open post 6000-6010 for X forward, please remove that if it exists in the MAC OS X build in firewall.
    Use the
    ssh -Y <loginname>@servername.ucsd.edu

    When using the xhost command, make sure to just open the traffic for a certain IP, ex:
    xhost + <IP address>

    A link from network security that has more information for MACs:

    http://computing.geology.ucdavis.edu/security/CyberSafety-MacQuickClick.php
Back to Top