Working remotely

How to directly ssh into your work computer from home

(Update 28 Feb 2015: figured out how to do this without a separate tunnelling connection.)

This describes how to set up direct passwordless ssh between your home and work computers, by tunnelling through gate.eng.cam.ac.uk. This is handy for syncing your code between them using git/hg, copying files directly via rsync, or even mounting your work machine's filesystem as a directory on your home computer using sshfs.

Setup takes 5 minutes.

Instructions:

    1. For convenience, set up passwordless (i.e. key-based) ssh between your laptop and gate.eng.cam.ac.uk. Instructions to do so are readily googleable, e.g: http://linuxproblem.org/art_9.html
    2. Add the lines below to your ~/.ssh/config file on your laptop. If you don't have one, make one. Replace WORKMACHINE with your work desktop's hostname. Replace USERNAME with your Cambridge username.
    3. Now you should be able to say "ssh WORKMACHINE" from your home computer to connect to your desktop.
    4. Set up passwordless ssh between your laptop and WORKMACHINE, as you did in step 1.

Lines to add to ~/.ssh/config on your home computer:

# Don't forget to replace WORKMACHINE and USERNAME!

# Defaults for all hosts

Host *
    ForwardX11 yes
    ForwardX11Trusted yes  # to avoid warning about untrusted X11 setup on OSX 10.10.
    ServerAliveInterval 30

# Host-specific settings

Host gate

    HostName gate.eng.cam.ac.uk
    User USERNAME
Host WORKMACHINE
    ProxyCommand ssh -q gate nc WORKMACHINE.eng.cam.ac.uk 22
    User USERNAME

On some flavors of Unix, you might get the following error:

$ ssh WORKMACHINE Bad owner or permissions on ~/.ssh/config

In my case, I ran into this when ssh'ing out of the Cambridge HPC cluster to gate.eng. it turned out that ssh didn't like that the .ssh/config file had -rw-rw-r-- permissions, rather than just -rw-------. This fixed it:

chmod 600 ~/.ssh/config

You can now use this "WORKMACHINE" alias for all programs that use ssh, e.g:

  • Copy a directory from WORKMACHINE to ~/:
    • rsync -avPh WORKMACHINE:~/some_directory ./
  • Add a git repo on your WORKMACHINE as a remote repository to your local project:
    • git remote REMOTENAME set-url ssh://WORKMACHINE/path/to/my-repo
  • Map WORKMACHINE:~/ to an empty local directory using sshfs:
    • sshfs WORKMACHINE:~/ some_local_dir/

How to transfer a running process to "screen", so you can monitor it from home.

It's nice to be able to start a long job in the office, then monitor its terminal output from home. Here's how. (The instructions below are adapted from here).

Install screen, reptyr, and optionally, pgrep.

Hit ctrl-z to interrupt the process, then:

$ bg   # sends it to the background
$ disown <pid>  # detaches it from this terminal
$ screen  # launch screen to get a floating terminal
$ reptyr <pid>  # reattach the process to this floating terminal

If you don't want to deal with process ids, you can try the following instead, though I've had trouble getting the first line to work with python:

$ bg
$ disown <program name>
$ screen
$ reptyr $(pgrep <program name>)

If, on the reptyr call, you get the following error message:

$ reptyr <pid>
Unable to attach to pid <pid>: Operation not permitted
The kernel denied permission while attaching. If your uid matches
the target's, check the value of /proc/sys/kernel/yama/ptrace_scope.
For more information, see /etc/sysctl.d/10-ptrace.conf

Then do this:

$ sudo sysctl -w kernel.yama.ptrace_scope=0
$ reptyr <pid>

The process is now running in screen. Detach screen (default command: ctrl-a d), then once you're home, login to your work machine and run screen -r to reattach it to your current terminal (screen -r -d if you forgot to detach it at the office).

If you're back in the office and want to put the process back in a native terminal (for easier scrolling, say), you should be able to use detach and reptyr as above to detatch the process from screen and reattach it to your native terminal.