Skip to main content

How to connect to a GCS Public Lab computer from outside of the Concordia network

By combining Remote Desktop and either Concordia's Virtual Private Network (VPN) or an SSH tunnel directly to the GCS Network, students can access computers in the Gina Cody School of Engineering and Computer Science (GCS)'s Public Labs from an off-campus device.  

Faculty, staff and graduate students please follow the GCS Remote Desktop instructions to connect to your on campus computer.

Step 1: Get the GCS Lab computer's name

These steps allow GCS students with a valid ENCS account to remotely log in to a computer in a GCS Public Computer Lab. Students can use this service to use the software for learning, research and completing assignments.

 

Step 2: Connect to Concordia's VPN

  • Download the VPN FortiClient software. Once the software has been installed, enter your Concordia netname and password to establish a connection.
  • Please note: the Forticlient app may already be on your desktop. If you see the Forticlient icon on your work desktop, please continue to Step 3.
  • If you are attempting to install the FortiClient software on a Concordia-owned computer that requires admin access, contact the Service Desk.
  • Need help? Email the Service Desk or see the support page.
  • If you don't know your computer name, contact the Service Desk.

Instructions

Select the option that corresponds to your operating system for instructions on how to download and configure the installation software. For a sample configuration, see "Connection to the Concordia Network".

Step 3: Connecting to a GCS Lab computer

  • From your home computer, open Remote Desktop Connection by navigating to the following location: Start > All Programs > Accessories > Remote Desktop Connection
  • In the Computer field, enter the full computer name of the GCS lab computer (See Step 1).
  • Select Connect
Credentials
  • You will be prompted to enter your credentials. Enter your ENCS account name in the following format: ENCS\[your ENCS account name ].
  • For example if your ENCS account's user name is a_count enter: ENCS\a_count

  • In the password field, enter your ENCS account password. 
  • Select OK

  • From your home computer, open the App Store.
  • Download and install Microsoft Remote Desktop.
  • Open Microsoft Remote Desktop by navigating to Launchpad > Microsoft Remote Desktop.
  • Click Add PC.
  • In the PC name field, enter the full computer name of the GCS lab computer (from Step 1).
  • Click Add.

Double click your newly made connection.

You will be prompted to enter your credentials.

Enter your ENCS account name in the following format: ENCS\[your ENCS account name ].

For example if your ENCS account's user name is a_count enter: ENCS\a_count

In the password field, enter your ENCS account password.

When generating SSH keys to authenticate to our systems, we recommend that your key pair(s) use one of the newer elliptical curve algorithms (ecdsa or the newer ed25519).

OpenSSH will be disabling the "ssh-rsa" public key signature algorithm by default in a near future release (as stated in the Release Notes for OpenSSH 8.4)

The following steps are for PuTTYgen, a key generator tool for creating pairs of public and private SSH keys. PuTTygen is one of the components of the open-source networking client PuTTy

You will see the PuTTy key generator dialog box on your screen

  • In the Parameters field at the bottom of the diaglog box select either one of the two elliptical algorithm key types
    • Ed25519 (recommended)
    • ECDSA  (Select the largest curve (521) when generating this key type)
  • Click on the Generate button to generate the keys
  • Add a comment and a unique key passphrase as needed
  • Click on the Save Public Key and Save Private Key buttons to save your public and private keys.
  • In the Public key for pasting into OpenSSH authorized_keys file field at the top of the window be sure that the field starts with the text ssh-ed25519 (or ecdsa-sha2-nistp521).
  • It will be necessary to move a copy of your public key to the server. The PuTTY User Manual regarding "Getting ready for public key authentication" provides detailed instructions on how to do so.

In Linux, Unix and Mac OS, the ssh-keygen tool can be used to generate ssh keys at the command line. To generate ssh keys using one of the elliptical curve signature algorithms, set the key type to either ed25519 (preferred) or ecdsa.

Commonly used ssh-keygen options for ed25519 type keys are:

ssh-keygen [-q] -t ed25519 [-C $comment] [-N $passphrase] [-f $keyfile]

Where the square brackets denote these optional items:
-q: quiets the program's usual output
-C: inserts a comment into the public key file
-N: new passphrase
-f: stores the new key in the given keyfile and the public key in $keyfile.pub

Examples:

A basic example:
ssh-keygen -t ed25519

An example which adds a comment, passphrase and saves the key to a specific location:
ssh-keygen -q -t ed25519 -C 'my new ssh key' \
       -N 'a good passphrase' -f ~/.ssh/newkey

An example with ecdsa:
ssh-keygen -t ecdsa -b 521

where the -b flag determines the key length in bits and 521 is currently the largest option.

Note: Ed25519 keys have a fixed length and  the -b flag will be ignored.

For more information about ssh-keygen, review the tool's man pages, e.g., enter man ssh-keygen at a linux prompt.

Copy the public key to the server

Once an SSH key has been created, the ssh-copy-id command can be used to install the key as an authorized key on the remote server, e.g., append the key to your user account's authorized_keys file in ~/.ssh/authorized_keys.

Example:

ssh-copy-id -i ~/.ssh/newkey user@host.encs.concordia.ca

For more information about ssh-copy-id, review the tool's man pages, e.g., enter man ssh-copy-id at a linux prompt.

Issue

The following error message is encountered when attempting to ssh or scp (which uses the ssh protocol) to a GCS server, e.g., login.encs.concordia.ca:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:mu5KXRR2xTlJXlLTJxKIGm2wprcF6ZUNS5YeSGvDMyg.
Please contact your system administrator.
Add correct host key in <user home>/.ssh/known_hosts to get rid of this message.
Offending RSA key in <user home>/.ssh/known_hosts:<line number in file>
ECDSA host key for <servername>.encs.concordia.ca has changed and you have requested strict checking.

Why you received this warning

During the summer of 2020, ssh ciphers on GCS servers were updated to a more secure protocol. Also for security reasons, GCS servers are configured to no longer accept DSA and RSA keys as those protocols are no longer considered secure.

Solution:

Update PuTTy to the latest version

  1. Visit https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html
  2. Download the latest version of PuTTy (0.74 or later)
  3. Install
  4. Test by creating an ssh session with the <servername>.encs.concordia.ca
Important:

The minimum version of Putty that works with the newer elliptical curve ciphers is version 0.74.

  1. Edit ~/.ssh/known_hosts  (the file mentioned in the warning message) and remove the RSA key for <servername>.encs.concordia.ca

  2. Test:

    ssh <username>@<servername>.encs.concordia.ca

  1. Edit the file /Users/YOUR_MAC_USER/.ssh/known_hosts (with help of terminal using vi, vim or nano)
  2. Delete  the line number mentioned in the error message as given below.
    • Offending RSA key in <user home>/.ssh/known_hosts:<line number in file from warning message>
    • Save and close the file
  3. Test to verify that the above steps resolved the error, e.g., in a terminal window, execute
    ssh <username>@<servername>.encs.concordia.ca

Notes:

The term YOUR_MAC_USER refers to the name of your local mac account, e.g., the user name used to login to your mac computer.

Need help? We are here to support you

For assistance you may reach the Service Desk via email at help@concordia.ca

Back to top

© Concordia University