Getting Remote Access to the PARADIM/IQM Instruments

These instructions must be followed for each computer/device you wish to use to connect to the PARADIM/IQM Instruments. The approach is to establish an authenticated, encrypted connection (VPN) between your computer/device and the network via SSH, and then use that connection to "tunnel" network traffic between your computer and the PARADIM/IQM Instruments.



Authentication of your device is done using a public/private keypair. The public key is added to the list of known/allowed keypairs for your username. The private key never leaves the device it was generated on (preferably a hardware token). You then protect the private key with a passphrase of your choosing.


Method to Access

These assume the "Steps to do ONCE per device" (below) have already been carried out.

Windows


Mac OS X


UNIX/Linux/BSD

Follow the same instructions as for Mac OS X, using any command prompt.


iOS/Android Phone/Tablet

Run the appropriate application.



Steps to do ONCE per device

These steps should only be done once per device!

Windows

  1. Download and Install puTTY: putty-0.70-installer.msi
  2. Start puTTYgen. Set:
    • Type: SSH-2 RSA
    • Bits: 4096
    • Passphrase: pick a strong password and enter in both passphrase boxes.
  3. Click generate, follow screen directions.
  4. Copy the entire block of text (highlight and then do ctrl-c) from the box titled "Public key for pasting into OpenSSH authorized_keys file".
  5. Paste into the body of an email and send it to TMM. The block starts with ssh-rsa, and ends with rsa-key-DATE.
  6. Click the "Save Private Key" button toward the bottom left. It is recommended that you put it in the Computer->C:->users->(your username) directory. The filename can be anything (e.g. "ssh-kahlan").
  7. Close puTTYgen.
  8. Wait for confirmation that the public key has been added to the authorized keys list

  9. Run puTTY. Set the hostname as "kahlan.pha.jhu.edu", and change the port to 22.
  10. Select "connection". Set:
    • Seconds Between Keepalives: 30
    • Under SSH, check the box "dont start a shell or command at all".
  11. Under "Auth" click the browse button next to the "Private key file for authentication" and select the file you created with puTTYgen.
  12. Select "Tunnels". Under "Add new forwarded port", add a new "local" entry for every system on list of internal systems at the end of this document, one at a time, remembering to click "add" after each pair.
  13. Finally, go back to ("session"). In the space below "Saved Sessions" put a name for this connection (say "kahlan"), and then click the save button.
  14. Connect by double clicking the "kahlan" entry or highlighting it and clicking open.The value should be:
    ssh-rsa 4096 5e:32:92:2a:81:18:41:5d:35:35:d2:80:54:c8:63:0f, or
    SHA256:KuZCb5fpds69QqKbZGhkcr+jTq9xq8DlNZ5z3F4ATdw

    IF IT IS NOT THIS VALUE, CLICK CANCEL AND INFORM TMM IMMEDIATELY
  15. Install your favorite VNC viewer/client (e.g. http://www.tightvnc.com/download.php, only the viewer required).

File Transfers
  1. Install WinSCP from http://winscp.net/eng/download.php.
  2. Run WinSCP.
  3. Enter "kahlan.pha.jhu.edu" for the hostname, and change the port to 22.
  4. Click the ellipses (...) next to private key file and select the file created in puTTYgen above.
  5. Click save. You can call it anything (I recommend "kahlan").
  6. Double click kahlan to connect. The value should be:
    ssh-rsa 4096 5e:32:92:2a:81:18:41:5d:35:35:d2:80:54:c8:63:0f, or
    SHA256:KuZCb5fpds69QqKbZGhkcr+jTq9xq8DlNZ5z3F4ATdw

    IF IT IS NOT THIS VALUE, CLICK CANCEL AND INFORM TMM IMMEDIATELY

Mac OS X

  1. Open a command line Terminal by running the Terminal or X11 application. It is under Applications->Utilities
  2. Once the command line is open, generate a public/private keypair for authentication with kahlan by running the command:
    ssh-keygen -t rsa -b 4096
    Follow the prompts. The defaults are fine, but make sure to choose a passphrase that is not blank. Once complete, print the public key using the command:
    cat ~/.ssh/id_rsa.pub
    and copy the entire block of text, paste into the body of an email, and email it to TMM. The block starts with ssh-rsa, and is quite long. Make sure to get the whole thing.
  3. Wait for confirmation that the public key has been added to the authorized keys list

  4. Attempt a connection to kahlan using the command:
    ssh -N -p 22 USERNAME@kahlan.pha.jhu.edu
    where USERNAME is replaced with your username on kahlan. The value should be:
    ssh-rsa 4096 5e:32:92:2a:81:18:41:5d:35:35:d2:80:54:c8:63:0f, or
    SHA256:KuZCb5fpds69QqKbZGhkcr+jTq9xq8DlNZ5z3F4ATdw

    IF IT IS NOT THIS VALUE, CLICK CANCEL AND INFORM TMM IMMEDIATELY
  5. Install your favorite VNC viewer/client (e.g. http://www.tightvnc.com/download.php, only the viewer required).

UNIX/Linux/BSD

Follow the same instructions as for Mac OS X, using any command prompt.


iOS/Android Phone/Tablet

Install an SSH client and VNC viewer than supports public/private keypair authentication and VNC tunneling over SSH. Configure as given above (you need to provide the public key to TMM for adding to the authorized keys list). RemoterPro (full version) on iOS works great for this purpose.



Table of Accessible Systems

Source PortIP AddressDestination PortIdentity
4203192.168.42.35900IQM PPMS
4204192.168.42.45900IQM LAUE
4205192.168.42.55900IQM HALOGEN
4206192.168.42.65900IQM XENON
4232192.168.42.325900PARADIM SPS Press
4233192.168.42.335900PARADIM Mass Spec 1
4234192.168.42.345900PARADIM Mass Spec 2
4235192.168.42.355900PARADIM TGA/DSC
4236192.168.42.365900PARADIM Induction Furnace
4237192.168.42.375900PARADIM HP-FZ
4238192.168.42.385900PARADIM Tilt LD-FZ