Remote Access to Research Computing Resources§
UCL's Research Computing services are accessible from inside the UCL firewall. If you wish to connect from outside, you need to either connect through a VPN or use SSH to log in to a machine accessible from outside and use that to "jump" through into the UCL network.
The Socrates system is currently used as a "jump box" for Research Computing services, as well as serving several other university needs. Due to the increased load this is under in recent months, it will soon1 be replaced with a dedicated group of machines.
Connecting to the jump boxes§
You can connect to the jump boxes by connecting with your SSH client to:
Once connected you can then log on to the UCL RC service you are using as normal.
You can configure your ssh client to automatically connect via these jump boxes so that you make the connection in one step.
Single-step logins using tunnelling§
Linux / Unix / Mac OS X§
On the command line§
# Log in to Kathleen, jumping via jump box ssh -o ProxyJump=socrates.ucl.ac.uk kathleen.rc.ucl.ac.uk
# Copy 'my_file' from the machine you are logged in to into your Scratch on Kathleen scp -o ProxyJump=socrates.ucl.ac.uk my_file kathleen.rc.ucl.ac.uk:~/Scratch/
This tunnels through the jump box service in order to get you to your destination - you'll be asked for your password twice, once for each machine. You can use this to log in or to copy files.
You may also need to do this if you are trying to reach one cluster from another and there is a firewall in the way.
Using a config file§
You can create a config which does this without you needing to type it every time.
~/.ssh directory on your local machine, add the below to your
config file (or create a file called
config if you don't already have one).
Generically, it should be of this form where
<name> can be anything you want to call this entry. You can use these as short-hand names when you run
Host <name> User <remote_user_id> HostName <remote_hostname> proxyCommand ssh -W <remote_hostname>:22 <remote_user_id>@socrates.ucl.ac.uk
proxyCommand option causes the commands you type in your client to be forwarded on over a secure channel to the specified remote host.
Here are some examples - you can have as many of these as you need in your config file.
Host myriad User ccxxxxx HostName myriad.rc.ucl.ac.uk proxyCommand ssh -W myriad.rc.ucl.ac.uk:22 firstname.lastname@example.org Host login05 User ccxxxxx HostName login05.external.legion.ucl.ac.uk proxyCommand ssh -W login05.external.legion.ucl.ac.uk:22 email@example.com Host aristotle User ccxxxxx HostName aristotle.rc.ucl.ac.uk proxyCommand ssh -W aristotle.rc.ucl.ac.uk:22 firstname.lastname@example.org
You can now just type
ssh myriad or
scp file1 aristotle:~ and you will go through the jump box. You'll be asked for login details twice since you're logging in to two machines, the jump box and your endpoint.
If you use SSH keys you absolutely MUST NOT STORE UNENCRYPTED PRIVATE KEYS ON THIS OR ANY OTHER MULTI-USER COMPUTER. We will be running regular scans of the filesystem to identify and then block unencrypted key pairs across our services.
/home filesystems on Socrates are the same as those for the Aristotle service, and can also be made available on the Desktop@UCL service as the
T: by running a script from the Start Menu.
This means that any keys you use for Aristotle will also be usable for Socrates, and vice-versa.
Expected late October/early-mid November 2020. ↩