Genome Sciences IT Services
Home | Getting Help | Accounts | Backups | Compute Clusters | GS Mail Lists | FAQ | Network Access | Printing | Request Tracker
Arrays and servers

SSH Tunneling on Windows

Using a graphical SSH client allows you to view remote file systems in a way similar to using a file browser. The computers in the Department of Genome Sciences are protected by the Foege firewall and not publicly accessible, so SSH is a neccesary tool in order to connect to internal computers and access files.

The first step in connecting to an internal computer is to connect to nexus.gs.washington.edu. From nexus you may then connect to any host within the Genome Sciences network. There are several ways to make this process easier.

Please note that there is a version of SSH Tectia Client that is distributed as part of the UWICK software collection. This version does not work with some of our systems. Please request SSH Tectia Client from GS-ITS. Due to licensing restrictions, we cannot make this available for download on this website.

Once the software is installed, it will be available from your start menu (Start -> Programs -> SSH Tectia Client) and there should also be icons for the application on your desktop. One is a shortcut to the file transfer program and one is a shortcut to the terminal program.

Setting up an SSH tunnel with Tectia SSH

An SSH "tunnel" is a double connection in which the first connection passes information to the second connection. Many people find the concept a little abstract, but even if it seems challenging to understand, creating (and using) an SSH tunnel truly is a simple exercise that is easy to repeat after you have done it once or twice.

To connect to private host on the Genome Sciences network, you'll need to first set up a connection to nexus.gs.washington.edu. Click on the "Profiles" button and select "Edit Profiles...".

illustration

SSH Tectia Client includes a separate utility called the Connection Broker to store any credentials you supply while using SSH Tectia Client. Once you've authenticated to a host initially, you don't need to do it again until you restart the Connection Broker. Note that you can close SSH Tectia Client and still leave the Connection Broker running.
Next, click on the "Add Profile" button, enter "nexus" as the profile name, and then click OK.

illustration

Fill in "nexus.gs.washington.edu" as the Hostname, replace "your_gsid" with your actual Genome Sciences ID, and then click OK.

illustration

Now repeat the process above and add a connection profile for the internal host you wish to connect to. When you configure the connection, click on the "Tunnel using profile" menu and select "nexus". The screen should look like the following.

illustration

You should now be able to connect to your workstation by going back to the main menu and selecting the workstation profile you just created. You'll be asked to accept the public key for nexus, which you should do. Select "Proceed with the connection and save the key for future use." After supplying your password, you'll be asked to accept the key for your workstation, or whatever internal host you are trying to connect to. Again, accept the key and give your password. You should now be connected to your workstation. Any future connections to nexus or your workstation won't require a password. Simply go back to the "Profiles" button and select your workstation to log in automatically.

If you connect to numerous hosts it may benefit you to use public-key authentication so that you don't have to type in your password for each new host you connect to. Public-key authentication will only require you to supply a passphrase for the first host you connect to. Subsequent hosts that have your key information will allow you to log in automatically. To make this work, you need to generate a public/private key pair and then upload the information to your Genome Sciences home directory. Any computer that mounts your home directory will allow you to authenticate via public-key authentication.

Start by generating a public/private key pair. Go back to the main SSH Tectia Client window and click on "Profiles" and then "Edit Profiles...". Select "Keys and Certificates" from the left side of the window and click on "New key...".

illustration

Follow the wizard, which will guide you through creating your keys. It may take several minutes for your computer to generate them. Save your key as "id_dsa" and set a strong passphrase (this is important). Click "Next" and then "Finish".

illustration

After you've created your keys, you'll need to upload them to your Genome Sciences home directory. Select the key you've just created and click on "Upload...". Fill in the boxes as they appear below and then click "Upload".

illustration

After uploading your keys you should be able to automatically authenticate to any computer that mounts your home directory. If you work from more than one client computer, you'll need to either generate another set of keys or add your existing key to the Connection Broker on the other computer.