Internal and Remote Login
You can log in to other FLC hosts (and also to a few more hosts in the DESY network) with ssh, and you can copy data from host to host with scp or sftp. If you own a valid Kerberos 5 ticket, you won’t even need to type your password in many cases. Most other services (rlogin, rcp, telnet, ftp, …) are disabled.
In order to log in from outside the DESY network via ssh, you should use the DESY-wide login host bastion.desy.de. There are various clients available to connect, including a simple web-based one. More information on the bastion webpage.
Most of the other FLC hosts are inaccessible from the outside world because requests are blocked by the DESY firewall for security reasons. However, you can define a ProxyCommand like “ssh bastion.desy.de netcat -w 3 %h %p” in your SSH configuration file in order to reroute your connection via bastion.
A direct login to the NAF is also possible.
You have to use X11 forwarding if you don’t just want to use the terminal interface, but graphical windows. This is enabled on the FLC hosts by default, but on other computers you may have to use the “-X” option (note the capitalisation) of ssh.
If you need remote access to certain resources which cannot be reached from the outside, you should first try your best with port forwarding through an SSH tunnel (results may vary). Only if this is not at all feasible you should consider a VPN access. This will temporarily give you an IP address which belongs to the DESY network and therefore imposes stricter requirements on the security of the connecting computer.
In case you happen to sit in front of a “true” X terminal somewhere (possibly outside the DESY network), you can connect to flcl01.desy.de via XDMCP.
If you need access to a Windows system, you can log in to the Windows Terminal Server either from your Linux machine via xfreerdp or from any of the public terminals (next to the UCO).