Back to top

Remote Access

Remote access is available in a number of ways

SSH gateway

The Secure Shell (SSH) gateway provides remote access chiefly to departmental Linux desktops and servers

Who is this service for?

Those needing to remotely connect to the department using the SSH protocol, e.g. with ssh, scp, sftp and rsync commands. For those with fast connectivity it is also possible to use X11 forwarding with SSH to support access to graphical X-applications.

Once connected to the gateway please do not use it as a compute server, just as a connectivity gateway, and make internal connections to compute servers and desktops as necessary.

If you need to download a lot of data, please be aware that most desktops and servers within the department can initiate direct outgoing connections to remote hosts on the Internet, avoiding any need for the traffic to actually flow through the gateway server itself.

Please remember this is a shared resource often being used by many of your colleagues, resources are finite including bandwidth.

Why is this service necessary?

The SSH gateway provides a reasonably secure remote access path to desktops and servers within the department where direct inbound access is always denied.

Using the SSH Gateway from Linux

Internet connected remote Linux and UNIX based systems can usually connect with the command:

ssh -l username gate.stats.ox.ac.uk

Where username is your Stats login name.

If you require X-forwarding the -X option is required and depending on connection speed data compression may also help and is available via the -C option.

If you then wish to SSH to an internal host e.g. a desktop or compute server then you will have to perform this as a two-stage SSH:

ssh gate.stats.ox.ac.uk

ssh internalhost

Using the SSH gateway from Windows

The simplest way to connect to a Linux system from a Windows PC is to use software known as PuTTY (please see below).

PuTTY

What is PuTTY?

PuTTY is a simple applications which can be used to connect securely from a Windows PC to a Linux (or Unix) system. The latest version can be downloaded from the PuTTY website.

How to use PuTTY

Before you start you need to know the hostname or IP address of the system you will be connecting to. In most cases it will be gate.stats.ox.ac.uk when accessing Statistics.

  • Double click on the PuTTY icon.
  • The PuTTY Configuration window will appear.

  • Enter the hostname in the “HostName (or IPaddress)” box. Make sure that SSH is selected.
  • You may see a PuTTY security alert like this:

  • If you are using gate.stats.ox.ac.uk this alert appears if you haven’t downloaded our SSH keys.
  • A login window appears. Enter your Statistics username and password.
  • Use logout or exit to finish your session.

Running X-applications from a PuTTY session

It can be convenient to use PuTTY and Exceed to run X applications. This is usually quicker than using Exceed to connect to an Exceed server and is more flexible because any public access Linux PC can be used. For home laptop users we recommend xming rather than Exceed.

Software required

  • PuTTY v 0.53b or later. To check the version open PuTTY and click on the About button.
  • Exceed v 7.1 or later (alternatively you can use xming)

Configuration

Start Exceed with All Programs -> Hummingbird Connectivity 10 -> Exceed. This will start Exceed in passive mode.
Open a PuTTY window. Enter the hostname gate.stats.ox.ac.uk in the HostName (or IPaddress) box but do not click on Open yet.
Click on X11 on the Category box on the lefthand side. A window like this appears:

  • Check the Enable X11 forwarding box and click on Open.
  • A login window appears. Enter your Statistics username and password. A simple test that X applications can be displayed is to use the xclock & command. A clock should appear on your desktop.
  • Use logout or exit to finish your session. If you have open X applications then you should exit from these in order to complete the logout process.
  • The Exceed session can now be closed.

Unsafe PuTTY software

Sadly in 2015 there were reports of malicious fake versions of PuTTY circulating. The simplest way to check whether you have a safe version or not, is to open PuTTY and click on the ‘About’ button.

Good safe version of PuTTY

Bad unsafe version of PuTTY

In the unsafe version, the text under PuTTY reads ‘Unidentified build…’.

In the very unlikely event that you have been using a malicious version, please contact ithelp.

PuTTY can be safely downloaded from here: http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html.

Virtual Private Network (VPN)

Virtual Private Network (VPN) allows remote computers to connect to the department and access internal resources as if they were located here in the building.

Who is the service for?

The Virtual Private Network (VPN) service is for members of the Department using computers located outside Statistics, either in Colleges or other University Departments, or from a connection anywhere in the world.

Important information

When you use the Statistics VPN connection you are routing all your traffic through the server vpn.stats.ox.ac.uk

As a result any traffic which is not for Statistics may be much slower than if you connected without the VPN. For this reason it is recommended that you only use the Statistics VPN for communications that require you being on the Statistics network such as accessing web pages that are restricted to either the University (ox.ac.uk) or Departmental (stats.ox.ac.uk) networks. This is likely to change in the future.


Windows – Configuring VPN

You will need to have Administrator privileges on your PC to set up the connection. If you wish to set up a connection from a PC in your College, then College IT staff may need to help you with this.

To set up a VPN connection to our server from Windows 7, please follow the instructions below:

  • Open Network and Sharing Center (Start > Control Panel > Network and Internet > Network and Sharing Center)
  • Click on Set up a new connection or network
  • On the Set Up a Connection or Network windows, select Connect to a workplace and click on Next
  • Select No, create a new connection if asked to use an existing connection, and click Next
  • Click on Use my Internet connection (VPN)
  • Type in vpn.stats.ox.ac.uk as the Internet address
  • Type in a name for the connection (say, Statistics VPN)
  • If you want to use this connection from other accounts on this machine, check the Allow other people to use this connection option
  • Check the Don’t connect now; just set it up so I can connect later option
  • Click on Next
  • Click on Create
  • Close the window
  • On the Network and Sharing Center window, click on Connect or disconnect
  • On the smaller window that appears, click on the new connection (Statistics VPN)
  • Click on the Connect button that appears underneath
  • On the new Connect Statistics VPN window, click on Properties
  • On the new Statistics VPN Properties window, click on the Security tab
  • Change the Type of VPN to Point to Point Tunneling Protocol (PPTP)
  • Click on OK
  • Enter your Statistics username and password and click on Connect. We recommend that you do not check the “Save this username …” box.
  • Once the name of the new network connection appears when you hover the mouse pointer over the network icon your taskbar, you are connected.

If you are using Windows 8 and are receiving “error 691” when you try to connect, please follow these instructions in addition to the ones above:

  • Open the VPN connection properties
  • Click on the Security tab
  • Select the Allow these protocols option
  • Make sure the Microsoft CHAP Version 2 (MS-CHAP v2) option is checked
  • Click OK

Windows – Disconnecting the VPN

Once you have finished using the VPN, click on the network icon on the taskbar, click on Statistics VPN, and click on the Disconnect button; this will disconnect you from the VPN. You will still be connected to your normal network.

Windows – Reconnecting to the VPN

Once the VPN connection has been configured it can be used again without any need for Administrator privileges.

Connect to your normal network
Click on the network icon on the taskbar
Click on Statistics VPN
Click on the Connect button underneath Statistics VPN
Type in your username and password and click on Connect


Mac OSX – Configuring VPN

  • System Preferences -> Network
  • Click Add (+) at the bottom of the network connection services list
  • Select the Interface, VPN.
  • Leave the default type of VPN connection `L2TP over IPSec’. and give the VPN service a name e.g. STATS VPN.
  • Enter the server address and the account name for the VPN connection. Enter details as follows:
    • Server address: vpn.stats.ox.ac.uk
    • Account name: statsusername
  • Click Advanced… and check ‘Send all traffic over VPN connection’
  • Click Authentication Settings, User Authentication check `Password’ and enter your password
  • Under Machine Authentication enter the Shared Secret (available by emailing the help desk: ithelp@stats.ox.ac.uk)
  • Click OK, Apply, and then click Connect.


Linux – Configuring VPN

These instructions work for Ubuntu 11.4 and Fedora 14 onwards.

  • From the network menu on the top panel go to VPN Connections -> Configure VPN…
  • Click Add
  • On the Choose a VPN Connection Type and choose Point-to-Point Tunneling Protocol (PPTP). It will probably be the only option.
  • Click Create
  • In the new window fill in the following:
    • Connection name: Oxford Statistics (or some other obvious name)
    • Gateway: vpn.stats.ox.ac.uk
    • User name: YOUR STATS USERNAME
    • Password: LEAVE BLANK
    • NT Domain: LEAVE BLANK
  • Click Advanced
  • In the list Allow the following authentication methods: uncheck [and this is important] PAP, CHAP, EAP and check MSCHAP, MSCHAPv2
  • Under Security and Compression check Use Point-to-Point encryption (MPPE) and leave everything else as it is.
  • Click OK
  • Click Save
  • Click Close
  • Now either reboot or disconnect and reconnect your current network connection.
  • Once the network link has been re-established click on VPN Connections -> Oxford Statistics.
  • A pop-up asking you to enter your password should appear. Enter your usual Stats password.
  • To check that you are indeed connected make sure you can view the internal web pages on https://internal.stats.ox.ac.uk/
Mapping Your Home Directory

Windows Users

When using the Statistics VPN, your home directory is not automatically mapped to the P: drive as it happens when you log in to a Departmental desktop; this is due to your computer not being part of our Active Directory domain. Also, the folder path we use inside the domain will not work from outside.

Should you need to access your home directory when connected to the Statistics VPN, you can map the SaMBa-shared folder to a drive by using the full path to the shared folder:

  • Connect to the Statistics VPN
  • Right-click on Computer (either on your desktop or your Start menu) and select Map network drive…
  • On the Map Network Drive window, select the drive letter you want to use; for example P:
  • Type the path to the folder: \\fs0x.stats.ox.ac.uk\username, where fs0x is the name of your P: drive file server and username is your Statistics username; for example \\fs02.stats.ox.ac.uk\testuser
  • If you are not sure which of fs01, fs02, or fs03 you are using try each in turn.
  • If you are going to use this repeatedly, check Reconnect at logon
  • Check Connect using different credentials
  • Click Finish
  • On the new Windows Security window, type in your Statistics username (in the form STATS\username) and password
  • Click OK

Mac Users

  • In the Finder, click on the Go menu and select Connect to Server.
  • Enter the server address: as smb://fs0x.stats.ox.ac.uk/username
  • If you are not sure which of fs01, fs02, or fs03 you are using try each in turn.
  • Click the + button to save this as a Favourite Server
  • Click Connect and then enter your Statistics username and password when prompted
Remote Desktop Gateway

The Windows remote desktop gateway using Microsoft RDP provides access to Windows desktops within the department via wingate.stats.ox.ac.uk

Who is this service for?

Academics and other members of staff who have a departmental Windows desktop.

What is the service for?

The Remote Desktop Gateway allows you to connect to a departmental Windows desktop from outside the Department. You can use an up-to-date Remote Desktop Client to then login to the departmental desktop and operate it as if you were sitting at your desk, including access to your P:\ drive and other services only accessible from inside the Department.

Why is this service necessary?

The Remote Desktop Gateway provides a reasonably secure connection (using SSL) to Windows desktops within the department whereas direct, possibly insecure, remote access is denied.

Requirements

You must have access to an up-to-date Remote Desktop Client application to be able to connect through the Gateway. So far we have only found two clients which allow gateway connections:

  • The Remote Desktop Connection application installed by default on Windows XP and later, and
  • The iTap mobile RDP for Macs and Linux systems.

The first comes free with Windows, the latter has to be purchased separately (it is available in the App Store).

To connect through the Remote Desktop Gateway, we have to configure it to allow you to log through, and then to allow you to log in remotely to your desktop. This means we will need to know your departmental username (not your password; never send your password to anyone, even us) and the hostname of your desktop before you can access the service. Your Windows desktop will need to be rebooted before you can try the service.

It is advisable to have a fast broadband Internet connection where you are, as the Remote Desktop protocol requires more bandwidth than a text-based one (like SSH) to have a satisfactory experience.


Using the service with Remote Desktop Connection

  • Open Remote Desktop Connection (Start > All Programs > Accessories > Remote Desktop Connection in Windows XP and 7)
  • Type in the hostname of the TARGET machine, i.e. test.stats.ox.ac.uk
  • Click Options >>
  • Click on the Advanced tab
  • Click Settings…
  • Select Use these TS Gateway server settings:
  • Server name: wingate.stats.ox.ac.uk
  • Logon method: Allow me to select later
  • Click OK
  • Click Connect
  • Type in your departmental credentials to log in to the RD Gateway, i.e. STATS\username
  • Click OK
  • Log in to the TARGET system using your departmental credentials again
  • Once finished, remember to log out unless you want the session on the TARGET system to persist; if so just disconnect (Start > Disconnect)

Using the service with iTap mobile RDP

  • Start iTap mobile RDP
  • Click on Preferences
  • Click on the add button (bottom left) of the Gateway preferences
  • Type in a meaningful label for these preferences, i.e. Oxford Statistics
  • Hostname: wingate.stats.ox.ac.uk
  • Domain: STATS
  • Quit the Preferences window
  • Click New
  • Type in a meaningful label for this connection, e.g. Statistics Desktop
  • Type in the host name of the TARGET machine, e.g. test.stats.ox.ac.uk
  • Domain: STATS
  • Select the gateway preferences you created above, i.e. Oxford Statistics
  • Quit the new host window
  • Double-click on the host entry you have just created, i.e. Statistics Desktop
  • Type in your departmental username and password when prompted, i.e. STATS\username