Skip to main content
Apply Visit Give

Gina Cody School of Engineering and Computer Science

Connect to a Gina Cody School Computer from outside of the Concordia network

By combining Remote Desktop with Concordia’s Virtual Private Network (VPN) connection, GCS students, faculty, and staff can remotely access:

  • Office computers
  • Graduate research lab computers
  • Public lab computers (ENCS labs)

Remote Desktop Service Availability

Remote Desktop access was granted by Gina Cody School during the COVID-19 pandemic to support remote learning and work. As the university has returned to primarily on-campus operations, students are encouraged to make use of in-person computing resources.

Undergraduate students and course-based graduate students are expected to use on-campus laboratories for their academic work and should not rely on Remote Desktop access as a regular or long-term solution. Remote access remains available on a best-effort basis and may be subject to availability and operational constraints.

Please note that GCS teaching labs located in the Hall Building do not provide Remote Desktop access. In addition, only a limited number of GCS computer labs in the EV Building are available for remote access. As a result, remote computing resources may be limited, particularly during periods of high demand.

Faculty, staff and graduate students with assigned office or research lab computers may access them remotely by following the GCS Remote Desktop instructions instructions.

Step 1: Get the computer's name

Students with a valid ENCS account can remotely access available computers in Gina Cody School public labs to use academic software for coursework, research, and assignments.

  • Determine which lab has the software you need by visiting the Windows Software in Gina Cody School Public Labs page.
  • To see which computers are available to access in each lab, log in to the Available GCS Lab Hosts service with your ENCS user account credentials.
  • The list of available hosts is updated in real time at the time you logged in, so availability may change frequently as users log in and log out . Students should refresh the page to see the most current list.
  • Record the Full Computer Name of the computer you wish to connect to. For example if you wish to connect to the lab computer with hostname cimino in EV009.241 the Full Computer Name would be: cimino.encs.concordia.ca
  • Need help? Email the Service Centre or see the support page.

Step 2: Connect to Concordia's VPN

  • To Proceed, download, install and open the VPN FortiClient software. Once launched, sign in using your Concordia netname and password to establish a secure VPN connection.
  • Please note: the Forticlient app may already be on your computer. If you see the Forticlient icon on your work computer, please continue to Step 3.
  • If you are attempting to install the FortiClient software on a Concordia-owned computer that requires admin access, contact the Service Desk.

Instructions

Select the option that corresponds to your operating system for instructions on how to download and configure the installation software. For a sample configuration, see "Connection to the Concordia Network".

Step 3: Connecting to a GCS Lab computer

  • From your home computer(Win 11 or Win 10), open Remote Desktop Connection by selecting the Start menu, typing Remote Desktop Connection, and opening the app.
  • In the Computer field, enter the full GCS lab computer name (See Step 1).
  • Select Connect
Credentials
  • You will be prompted to enter your credentials. Enter your ENCS username in the format, ENCS\username (for example, if your username is a_count, enter ENCS\a_count).
  • In the password field, enter your ENCS password. 
  • Select OK

  • At your home MAC, open the App Store.
  • Download and install Microsoft Remote Desktop, then launch it from Launchpad or the Applications folder
  • Once opened, select Add PC.
  • In the PC name field, enter the full GCS lab computer name (from Step 1).
  • Click Add.

Double-click the newly created connection to start the remote session.

You will be prompted to enter your credentials.

Enter your ENCS account name in the format, ENCS\username(for example, if your username is a_count, enter ENCS\a_count).

In the password field, enter your ENCS password..

Select Continue

When generating SSH keys to authenticate to our systems, we recommend that your key pair(s) use one of the newer elliptical curve algorithms (ecdsa or the newer ed25519).

OpenSSH will be disabling the "ssh-rsa" public key signature algorithm by default in a near future release (as stated in the Release Notes for OpenSSH 8.4)

The following steps are for PuTTYgen, a key generator tool for creating pairs of public and private SSH keys. PuTTygen is one of the components of the open-source networking client PuTTy

You will see the PuTTy key generator dialog box on your screen

  • In the Parameters field at the bottom of the diaglog box select either one of the two elliptical algorithm key types
    • Ed25519 (recommended)
    • ECDSA  (Select the largest curve (521) when generating this key type)
  • Click on the Generate button to generate the keys
  • Add a comment and a unique key passphrase as needed
  • Click on the Save Public Key and Save Private Key buttons to save your public and private keys.
  • In the Public key for pasting into OpenSSH authorized_keys file field at the top of the window be sure that the field starts with the text ssh-ed25519 (or ecdsa-sha2-nistp521).
  • It will be necessary to move a copy of your public key to the server. The PuTTY User Manual regarding "Getting ready for public key authentication" provides detailed instructions on how to do so.

In Linux, Unix and Mac OS, the ssh-keygen tool can be used to generate ssh keys at the command line. To generate ssh keys using one of the elliptical curve signature algorithms, set the key type to either ed25519 (preferred) or ecdsa.

Commonly used ssh-keygen options for ed25519 type keys are:

ssh-keygen [-q] -t ed25519 [-C $comment] [-N $passphrase] [-f $keyfile]

Where the square brackets denote these optional items:
-q: quiets the program's usual output
-C: inserts a comment into the public key file
-N: new passphrase
-f: stores the new key in the given keyfile and the public key in $keyfile.pub

Examples:

A basic example:
ssh-keygen -t ed25519

An example which adds a comment, passphrase and saves the key to a specific location:
ssh-keygen -q -t ed25519 -C 'my new ssh key' \
       -N 'a good passphrase' -f ~/.ssh/newkey

An example with ecdsa:
ssh-keygen -t ecdsa -b 521

where the -b flag determines the key length in bits and 521 is currently the largest option.

Note: Ed25519 keys have a fixed length and  the -b flag will be ignored.

For more information about ssh-keygen, review the tool's man pages, e.g., enter man ssh-keygen at a linux prompt.

Copy the public key to the server

Once an SSH key has been created, the ssh-copy-id command can be used to install the key as an authorized key on the remote server, e.g., append the key to your user account's authorized_keys file in ~/.ssh/authorized_keys.

Example:

ssh-copy-id -i ~/.ssh/newkey user@host.encs.concordia.ca

For more information about ssh-copy-id, review the tool's man pages, e.g., enter man ssh-copy-id at a linux prompt.

Issue

The following error message is encountered when attempting to ssh or scp (which uses the ssh protocol) to a GCS server, e.g., login.encs.concordia.ca:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:mu5KXRR2xTlJXlLTJxKIGm2wprcF6ZUNS5YeSGvDMyg.
Please contact your system administrator.
Add correct host key in <user home>/.ssh/known_hosts to get rid of this message.
Offending RSA key in <user home>/.ssh/known_hosts:<line number in file>
ECDSA host key for <servername>.encs.concordia.ca has changed and you have requested strict checking.

Why you received this warning

During the summer of 2020, ssh ciphers on GCS servers were updated to a more secure protocol. Also for security reasons, GCS servers are configured to no longer accept DSA and RSA keys as those protocols are no longer considered secure.

Solution:

Update PuTTy to the latest version

  1. Visit https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html
  2. Download the latest version of PuTTy (0.74 or later)
  3. Install
  4. Test by creating an ssh session with the <servername>.encs.concordia.ca
Important:

The minimum version of Putty that works with the newer elliptical curve ciphers is version 0.74.

  1. Edit ~/.ssh/known_hosts  (the file mentioned in the warning message) and remove the RSA key for <servername>.encs.concordia.ca

  2. Test:

    ssh <username>@<servername>.encs.concordia.ca

  1. Edit the file /Users/YOUR_MAC_USER/.ssh/known_hosts (with help of terminal using vi, vim or nano)
  2. Delete  the line number mentioned in the error message as given below.
    • Offending RSA key in <user home>/.ssh/known_hosts:<line number in file from warning message>
    • Save and close the file
  3. Test to verify that the above steps resolved the error, e.g., in a terminal window, execute
    ssh <username>@<servername>.encs.concordia.ca

Notes:

The term YOUR_MAC_USER refers to the name of your local mac account, e.g., the user name used to login to your mac computer.

Go back to the Knowledge Base (FAQ)
 
Back to top

© Concordia University

Support and resources

Submit a support request
Report an issue or request IT support.

Learn about your ENCS account
Find information about account setup, passwords and available services.

Visit us in person
EV-7.182
H-964