How to connect to a GCS Public Lab computer from outside of the Concordia network

Faculty, staff and graduate students please follow the GCS Remote Desktop instructions to connect to your on campus computer.

Step 1: Get the GCS Lab computer's name

These steps allow GCS students with a valid ENCS account to remotely log in to a computer in a GCS Public Computer Lab. Students can use this service to use the software for learning, research and completing assignments.

Determine which lab has the software you need by visiting the Windows Software in Public GCS Labs page (https://www.concordia.ca/it/services/comp-labs-encs/windows-software-public-labs.html)
To see which computers are available to access in each lab, log in to the Available GCS Lab Hosts service with your ENCS user account credentials (https://fis.encs.concordia.ca/helpdesk-cgi/available-hosts.cgi).
The list of available hosts displayed is current at the time you logged in. The availability of hosts may change any time as users log in and out of our lab computers. When you refresh this page you will get the list of available hosts at the time of the page refresh.
Record the Full Computer Name of the computer you wish to connect to. For example if you wished to connect to the desktop with hostname totem in H33 the Full Computer Name would be: totem.encs.concordia.ca
Need help? Email the Service Centre or see the support page.

Step 2: Connect to Concordia's VPN

Download the VPN FortiClient software. Once the software has been installed, enter your Concordia netname and password to establish a connection.
Please note: the Forticlient app may already be on your desktop. If you see the Forticlient icon on your work desktop, please continue to Step 3.
If you are attempting to install the FortiClient software on a Concordia-owned computer that requires admin access, contact the Service Desk.
Need help? Email the Service Desk or see the support page.
If you don't know your computer name, contact the Service Desk.

Instructions

Select the option that corresponds to your operating system for instructions on how to download and configure the installation software. For a sample configuration, see "Connection to the Concordia Network".

Step 3: Connecting to a GCS Lab computer

From your home computer, open Remote Desktop Connection by navigating to the following location: Start > All Programs > Accessories > Remote Desktop Connection
In the Computer field, enter the full computer name of the GCS lab computer (See Step 1).
Select Connect

You will be prompted to enter your credentials. Enter your ENCS account name in the following format: ENCS\[your ENCS account name ].

For example if your ENCS account's user name is a_count enter: ENCS\a_count

In the password field, enter your ENCS account password.
Select OK

From your home computer, open the App Store.
Download and install Microsoft Remote Desktop.
Open Microsoft Remote Desktop by navigating to Launchpad > Microsoft Remote Desktop.
Click Add PC.

In the PC name field, enter the full computer name of the GCS lab computer (from Step 1).
Click Add.

Double click your newly made connection.

You will be prompted to enter your credentials.

Enter your ENCS account name in the following format: ENCS\[your ENCS account name ].

For example if your ENCS account's user name is a_count enter: ENCS\a_count

In the password field, enter your ENCS account password.

When generating SSH keys to authenticate to our systems, we recommend that your key pair(s) use one of the newer elliptical curve algorithms (ecdsa or the newer ed25519).

OpenSSH will be disabling the "ssh-rsa" public key signature algorithm by default in a near future release (as stated in the Release Notes for OpenSSH 8.4)

The following steps are for PuTTYgen, a key generator tool for creating pairs of public and private SSH keys. PuTTygen is one of the components of the open-source networking client PuTTy

Make sure you have the latest version of PuTTy (available at https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html) installed to your system
Launch PuTTygen
- Windows -> Start Menu -> All Programs -> PuTTY -> PuTTYgen

You will see the PuTTy key generator dialog box on your screen

In the Parameters field at the bottom of the diaglog box select either one of the two elliptical algorithm key types
- Ed25519 (recommended)
- ECDSA (Select the largest curve (521) when generating this key type)

Click on the Generate button to generate the keys

Add a comment and a unique key passphrase as needed
Click on the Save Public Key and Save Private Key buttons to save your public and private keys.

In the Public key for pasting into OpenSSH authorized_keys file field at the top of the window be sure that the field starts with the text ssh-ed25519 (or ecdsa-sha2-nistp521).
It will be necessary to move a copy of your public key to the server. The PuTTY User Manual regarding "Getting ready for public key authentication" provides detailed instructions on how to do so.

In Linux, Unix and Mac OS, the ssh-keygen tool can be used to generate ssh keys at the command line. To generate ssh keys using one of the elliptical curve signature algorithms, set the key type to either ed25519 (preferred) or ecdsa.

Commonly used ssh-keygen options for ed25519 type keys are:

ssh-keygen [-q] -t ed25519 [-C $comment] [-N $passphrase] [-f $keyfile]

Where the square brackets denote these optional items:
-q: quiets the program's usual output
-C: inserts a comment into the public key file
-N: new passphrase
-f: stores the new key in the given keyfile and the public key in $keyfile.pub

Examples:

A basic example:
ssh-keygen -t ed25519

An example which adds a comment, passphrase and saves the key to a specific location:
ssh-keygen -q -t ed25519 -C 'my new ssh key' \
-N 'a good passphrase' -f ~/.ssh/newkey

An example with ecdsa:
ssh-keygen -t ecdsa -b 521

where the -b flag determines the key length in bits and 521 is currently the largest option.

Note: Ed25519 keys have a fixed length and the -b flag will be ignored.

For more information about ssh-keygen, review the tool's man pages, e.g., enter man ssh-keygen at a linux prompt.

Copy the public key to the server

Once an SSH key has been created, the ssh-copy-id command can be used to install the key as an authorized key on the remote server, e.g., append the key to your user account's authorized_keys file in ~/.ssh/authorized_keys.

Example:

ssh-copy-id -i ~/.ssh/newkey user@host.encs.concordia.ca

For more information about ssh-copy-id, review the tool's man pages, e.g., enter man ssh-copy-id at a linux prompt.

Issue

The following error message is encountered when attempting to ssh or scp (which uses the ssh protocol) to a GCS server, e.g., login.encs.concordia.ca:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that a host key has just been changed. The fingerprint for the ECDSA key sent by the remote host is SHA256:mu5KXRR2xTlJXlLTJxKIGm2wprcF6ZUNS5YeSGvDMyg. Please contact your system administrator. Add correct host key in <user home>/.ssh/known_hosts to get rid of this message. Offending RSA key in <user home>/.ssh/known_hosts:<line number in file> ECDSA host key for <servername>.encs.concordia.ca has changed and you have requested strict checking.

Why you received this warning

During the summer of 2020, ssh ciphers on GCS servers were updated to a more secure protocol. Also for security reasons, GCS servers are configured to no longer accept DSA and RSA keys as those protocols are no longer considered secure.

Solution:

Update PuTTy to the latest version

Visit https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html
Download the latest version of PuTTy (0.74 or later)
Install
Test by creating an ssh session with the <servername>.encs.concordia.ca

Important:

The minimum version of Putty that works with the newer elliptical curve ciphers is version 0.74.

Edit ~/.ssh/known_hosts (the file mentioned in the warning message) and remove the RSA key for <servername>.encs.concordia.ca
Test:

ssh <username>@<servername>.encs.concordia.ca

Edit the file /Users/YOUR_MAC_USER/.ssh/known_hosts (with help of terminal using vi, vim or nano)
Delete the line number mentioned in the error message as given below.
- Offending RSA key in <user home>/.ssh/known_hosts:<line number in file from warning message>
- Save and close the file
Test to verify that the above steps resolved the error, e.g., in a terminal window, execute
ssh <username>@<servername>.encs.concordia.ca

Notes:

The term YOUR_MAC_USER refers to the name of your local mac account, e.g., the user name used to login to your mac computer.

Step 1: Get the GCS Lab computer's name

Step 2: Connect to Concordia's VPN

Instructions

Connection to the Concordia Network

Step 3: Connecting to a GCS Lab computer

Windows

Mac

SSH FAQs

How do I create an elliptical curve algorithms ssh key?

Steps to follow in Microsoft Windows

Steps to follow in Linux, Unix or Mac OS

How to resolve "REMOTE HOST IDENTIFICATION HAS CHANGED!" Warnings?

Issue

Why you received this warning

Solution:

Steps to follow in Microsoft Windows

Update PuTTy to the latest version

Important:

Steps to follow in Linux or Unix

Steps to follow in Mac OS

Need help? We are here to support you

Gina Cody School on social media