Revision 12 as of 2009-03-06 10:46:46

Clear message

Remote File Access

This document explains methods to access the data on your Tardis account from home or some other remote computer.

From a users point of view there are two main approaches to remote filesystem access:

The File Transfer Method

The classic example for this method is the FTP program. Unfortunately it uses plain text passwords which go over the net unencrypted, therefore I don't recommend it for access of personal files (Anonymous ftp is no problem). The ssh protocol does not suffer from this problem. It provides an encrypted channel between two computers, which can be used for interactive work as well as for file transfer.

SSH for file transfer on Unix

For simple file copying you can use the scp command. It is part of the (open)ssh package which you can find on most Unix systems these days:

the first example copies a single file from top-level directory of your Tardis account into the current directory (Note the dot). The second one copies a whole directory. For more information on scp check man scp

There are several other utilities which use ssh to provide the communication channel but implement their own file transfer methods. The most popular is probably rsync. It usees ssh to connect to the remote host. The nice thing about rsync is that it will only transfer data which is not already present on the local computer. This means you can repeatedly copy a whole directory and rsync will only transfer the changes. It does this even within files, so if you have a 200 MB file and change 10 bytes rsync will find them and only transfer a few bytes. To further improve performance rsync can also use the --compress option to compress the data for transfer.

Rsync transfers data only in one direction. This means that you have to be careful when synchronizing directories between two machines. The UNISON tool on the other hand is capable of synchronizing in two directions at once. I use this to keep my Tardis account and my laptop synchronized. Unison can be setup so that it will display a list of files that have been modified and in which direction they are going to be transfered. When the files have been modified at both ends it will even offer to use an external merging program to unify the files. For large files with small changes, Unison will also only transfer the changes within the file. Read all about it on The Unison Website. Unison is already installed on Tardis and on the ISG.EE Debian Image.

SSH for file transfer auf Windows

There are Windows ports of scp, rsync and unison available, so you could use the same approach as on Unix. A more Windows like approach is to use the windows scp client from http://winscp.sourceforge.net/eng/. It offers an explorer like file access facility for transferring files to and from your tardis account in exactly the same way as you are used to, with explorer on the local filesystem.

The Transparent Remote File-System Access Method

An alternative to the explicit transfer of files from one machine to another is to attach the remote filesystem to the local machine such that all programs can access it as if it was just another local partition. There are several solutions to this problem, the classical examples are NFS and AFS. At the ETH we are using both of them extensively. Unfortunately NFS has security issues which prevent it from being used in an open environment, and AFS requires special (complex) software on the client side and fundamental changes in the setup of servers. We therefore currently recommend Samba for remote filesystem attachment. Samba is a free implementation of the Microsoft File Sharing Protocol (SMB). We are running it on all our Unix servers. This enables Windows computers to access files on the Unix machines as if they were on a normal Windows server. Linux is also able to access Samba and mount it just like any other file system. SMB does not encrypt the data it transfers (unlike SSH) but it uses a special method for password authentication which protects the privacy of the password.

The Samba Password

Samba (SMB) uses a fundamentally different way to handle passwords than Unix. This has the advantage that passwords do not cross the net unencrypted, but it has the big disadvantage that we have to maintain a separate password database for Samba. We have setup our system so that the Samba password gets changed at the same time as the unix password. If your samba password does not work, please contact support@ee.ethz.ch .

First, note, that all the information below assumes that you have Windows NT, 2000 or XP installed. With this out of the way you just open the start menu, select Run ... and type:

 net use * \\homes.ee.ethz.ch\login * /user:login 

Replace login with your Tardis login name and press return. Now a pop-up will ask for your login name (again) and your (samba)password. Once you have entered them, an explorer will open which shows the content of your Tardis home directory. You can now use the same syntax to access the Tardis home directly from within applications. You can also create a shortcut on the desktop which points to this address to make access even simpler. Note that if you use the same user-name and (samba)password on Windows as you use on Tardis, then windows will not ask you again for your password when mounting the Tardis home.

Using Samba from Linux

From Linux you can use the normal mount command for mounting Samba shares:

$ sudo su
# mkdir /tardis-home
# mount -t smbfs -o user=lanserc,name=homes.ee.ethz.ch \\\\homes.ee.ethz.ch\\lanserc  /tardis-home

When you execute the command you will be asked for your (samba)password and then your home will be available under /tardis-home. Because mounting generally requires root access, the whole process is a bit tedious because you have to become root first. There is shortcut though. You can add an appropriate line to the /etc/fstab file which will allow users to mount your Tardis home with mount /tardis-home:

[...]
//homes.ee.ethz.ch/  smbfs username=lanserc,user,noauto
[...]

In the man page smbmount you can find more information about this.

Using CIFS to connect to Samba shares

You can also mount your Samba home area with CIFS:

$ sudo su
# mount -t cifs -o user=lanserc,name=homes.ee.ethz.ch \\\\homes.ee.ethz.ch\\lanserc  /tardis-home

Recent Linux Kernels contain the userspace filesystem FUSE. This allows you to use all sorts of new an inovative ways for mounting remote fileystems ... for example you can mount a file system via an ssh connection without needing root privileges:

$ mkdir ~/tardis-home
$ sshfs lanserc@login.ee.ethz.ch: ~/tardis-home

But please note, that you can't do sshfs on homes.ee.ethz.ch - use login.ee.ethz.ch instead!

You can also unmount it again by typing:

$ fusermount -u ~/tardis-home

Please note that sshfs is not officially supported by the ISG.EE