In a shell session programmes read from and output to text streams only. These input and output streams do not have to be connected to local resources; an input stream may just as well be connected to an input source on the network and write to an output stream on a different machine. This feature can be used to start a shell session on a network host, provided that it accepts such connections.
Nowadays, for security reasons plain connections to remote machines are usually no longer used for shell sessions. Instead, an encrypted connection is negotiated before the shell session is started. The most commonly used way to achieve this is the Secure Shell protocol, or short: SSH. When a remote host (e.g. the login node of a cluster) listens for SSH connections (commonly on network port 22) and you have credentials to authenticate on the remote host, you can connect to the remote and start a shell session there. This means you can start a shell session on a remote computer and use the filesystem and resources on that computer.
To establish a connection to the remote host
authenticate as user
username execute the following command in a
regular shell session:
Dependent on the authentication method you may be asked for the
username on the remote machine before you are admitted.
You should have a user account on the remote machine to be able to use
this. Ask the remote machine's system administrator if you do not
have an account.
The very first time you connect to a remote machine, you will be asked if you wish to add the remote host to a list of known hosts, looking something like this:
The authenticity of host 'remote.host.net(184.108.40.206)' can't be established. RSA key fingerprint is 53:b4:ad:c8:51:17:99:4b:c9:08:ac:c1:b6:05:71:9b. Are you sure you want to continue connecting (yes/no)?
You are asked to confirm your intention to connect because SSH cannot guarantee that the remote host is really the host you intend to connect to --- it simply has never encounter this host before, so it cannot validate the fingerprint against a record from a previous connection. The only way to be sure that the machine is indeed the one you want to connect to is to compare the fingerprint manually, but this is not feasible for people without physical access to the machine.
When connecting to a cluster node on a local network you can be
reasonably sure that the connection is safe. Type
yes and press
enter to continue. Your SSH client will record the fingerprint for
this host and prevent you from connecting to a host with the same name
but a different fingerprint to prevent a man-in-the-middle attack.
Upon establishing a connection a shell session will be started.
Confirm that you are on a remote system by running
This is a useful feature of SSH because it enables you to see windows and bitmap information on the remote host. That means you can use programs with a user-interface and can see the visual output of your work such as R or matlab plots.
To use this feature, you need to use -X or -Y option with SHH. See below:
ssh -X firstname.lastname@example.org
ssh -Y email@example.com
You can check if X11 forwarding works by typing
echo $DISPLAY, this
should return something like
localhost:18.0; it should not return an
To test if this is working, run
xeyes on the remote host. A window
should appear on your machine. While the programme runs on the remote
host, the window contents are forwarded (hence the name) to your local
machine. This also works with more complicated applications, but
performance may be inadequate when doing this over a poor connection.