Linux SSH and remote desktop servers
- Login and user rights
- Using SSH servers
- Using remote desktop servers
- Using the remote desktop
- Disk space
- Email and calendar
- Software and updates
TUNI Linux is a Linux workstation and server environment for students and staff maintained by the University’s ICT Services.
In the Linux environment there are two servers of a different types available for general use:
- linux-desktop.tuni.fi - Linux remote desktop server used with VNC application.
- linux-ssh.tuni.fi - Linux ssh server.
These servers are targeted to students for doing course exercises etc. Other use by students and employees is permitted as long as the use does not impact use for teaching purposes.
The SSH server also allows you to remotely access personal TUNI network home directory (P: drive on Windows TUNI machines) for example with winscp application. Detailed instructions how to use your network home directory with winscp can be found on page FAQ - Storage services. Group directories are not accessible via student servers.
This page contains general instructions for using these servers. Teachers will give you more detailed instructions on using the programme in courses.
Contact IT Helpdesk if you have a problem. In the message, mention the name of the individual server (linux-desktop<number>.tuni.fi or linux-ssh<number>.tuni.fi), as detailed description of the problem as possible, and information about when the problem has occurred. If the problems concern course excercises or assignments or software used in a course, contact the teacher.
Use the TUNI username and password to login and access TUNI Linux computers. You cannot use an email address as a username.
To obtain the separate user right required to use the remote desktop or SSH server:
- Go to https://id.tuni.fi/idm/?uiLang=en
- Go to Manage your service entitlements
- Choose your contract
- Choose the entitlement you want:
- SSH server: Linux Servers (LINUX-SERVERS) SSH Servers
- Remote desktop server: Linux Servers (LINUX-SERVERS) Desktop Servers
- Fill in the justification and further information field and press Submit
The user authorisation is granted automatically within approximately two hours, after which you may login to the service.
TUNI Linux SSH servers are operated with an SSH program. In Linux and MAC computers, the SSH programme that operates in the command line (ssh command) is usually pre-installed. On Windows machines, we recommend a programme called PuTTY, which is:
- pre-installed on TUNI Windows computers in the computer classrooms
- available for employees’ TUNI Windows computers from the Software Center.
- for other computers, it is availalbe for free at https://www.putty.org
Accessing an SSH server
There are several servers behind the linux-ssh.tuni.fi name. If a connection is made to linux-ssh.tuni.fi, the connection will be redirected to one of the back end servers. SSH connectivity is also allowed directly to the back end servers.
The fingerprints of the SSH keys for linux-ssh.tuni.fi servers are (The key and the fingerprint depend on the SSH client programme; make sure that at least one in the list below applies):
- ECDSA (SHA256): kmTC9bN2p0pDhQb3qntyIwOAm3V1NmW0ruJL7/4080A
- ECDSA (MD5): 7f:d6:68:51:b7:b7:66:5b:f2:ab:a3:65:63:90:1e:67
- ED25519 (SHA256): miTU8ml8sJHUqWl2I6T/POSdFHckxECI5qGjqKAFFKk
- ED25519 (MD5): ce:53:67:3f:54:b2:7d:ff:34:aa:83:16:f2:dd:48:bf
- RSA (SHA256): iHhoJyAp5AkYn8USo1KyVeT1wpFzpNM676dZavszimw
- RSA (MD5): 5b:03:28:54:07:9c:04:b4:7e:2d:ee:a3:40:3b:bc:05
Use your TUNI user account and password (an email address cannot be used as a user id) or an SSH key to login. If you use an SSH key, the network drive cannot be used and neither can you print.
The TUNI Linux remote desktop server is operated with a VNC programme. We recommend using the programme called TigerVNC. The TigerVNC programme is
- Pre-installed and configured on the TUNI Windows machines in computer classrooms.
- Available for employee’s TUNI Windows computers as pre-configured from the Software Center.
- Pre-installed on TUNI Linux computers.
- Available for other computers free of charge from https://tigervnc.org
Accessing a remote desktop server
Start the Tiger VNC viewer (vcnviewer command in the command line)
- VNC server: name of the server linux-desktop.tuni.fi VNC Viewer: Connection Details
- Choose Options… and on the Connection Options window, go to the Security tab. Select TLS with X509 certificates and add path to the certificate file to Path to X509 CA certificate text bos. The certificate file can be downloaded at https://www.tuni.fi/CA/linux-desktop.txt . Please note: Screenshot below is just an example, you must type path to the file you downloaded to Path to X509 CA certificate text box.
- The Connect button opens the connection (the login screen may take a moment to load depending on how busy the servers are) Login by entering your Username: TUNI user name (not an email address), press Next and enter your TUNI password.
You may start the TigerVNC vncviewer:in also via the command line: vncviewer:in -X509CA /etc/linux-desktop.crt linux-desktop.tuni.fi
The certificate file in the example (/etc/linux-desktop.crt) is ready on TUNI Linux computers in the path /etc/linux-desktop.crt and TUNI Windows computers in C:\Apps\TigerVNC\linux-desktop.crt You may download the certificate file to your own computer from https://www.tuni.com/CA/linux-desktop.txt.
Acessing a remote desktop server via an SSH tunnel
If you do not have a VNC program that allows you to use encrypted communication (TLS), you can use VNC to access the remote desktop via SSH. In this way, an unencrypted VNC connection passes through an encrypted SSH tunnel.
The fingerprints of the SSH keys for linux-ssh.tuni.fi servers are (The key and the fingerprint depend on the SSH client programme, make sure that at least one in the list below applies):
- ECDSA (SHA256): k4sA9AaQlu8mpcbtu+RWPNg+aLZyh/5HNXg1RwhBwnw
- ECDSA (MD5): 83:a9:84:e5:aa:39:24:55:b8:78:d7:d9:e6:ac:71:6c
- ED25519 (SHA256): 03WUHqs2DCgRv2kTtecEMYIGIBhbPDUsZF/wKaAXHYs
- ED25519 (MD5): 1c:ce:a7:c1:d3:2b:78:5a:b5:64:6d:9a:bc:18:10:19
- RSA (SHA256): LprMFCS+bIdkwsHz2zAjnQghGicgQpKA/OCdc64CPKA
- RSA (MD5): fc:57:11:71:9d:1e:70:7e:c0:80:ad:fe:8d:7e:b7:6b
When logging in after entering your username, select the desired desktop from the menu that appears when you click the cogwheel button. GNOME 3 and GNOME 3 Classic are desktop options supported by ITC services, but you can use other ones if you wish. However, we do not test or support the functionality of other desktop options. We recommend using GNOME 3 as your desktop. GNOME 3 Classic looks similar to the older GNOME 2, but the identicalness is quite superficial.
For instructions on using the GNOME 3 desktop, see Chapter 1 of the Redhat Desktop Migration and Administration Guide. Introducing the GNOME 3 Desktop and the Gnome wiki on the page GNOME 3 Cheat Sheet. Different from the default settings, the Tweak Tool and Shell Extensions are installed on TUNI Linux machines -> No topleft hot corner is enabled, so moving the mouse to the top left of the screen does not lead to the Activities screen.
First login to the remote desktop server
The first time you log in to the GNOME 3 or GNOME 3 Classic desktop, select the language used by the desktop and the keyboard (Input Source). At this point, skip the Online Accounts setting.
Passwords and the GNOME Keyring on the remote desktop server
By default, the GNOME desktop uses a system called Keyring, where GNOME programmes store login information when the user so wishes. The Keyring is used by at least GNOME Online Accounts, Evolution and NetworkManager. The saved passwords are protected by the user’s login password, and when logging in, the Keyring is “unlocked” and the programmes have access to their saved login information. Saved passwords can be handled by a programme called Passwords and keys.
When you change your password, the keyring no longer opens automatically when you sign in. The programme will alert about this and ask you to set a new password.
Home directory on TUNI Linux shared computers
Shared TUNI Linux computers (those in the computer classrooms), desktops and SSH servers have the same home directory. Due to the limited space, the home directory is primarily intended for configuration files; work files should be placed on the network drive under the /tuni/home/ directory (see below).
The user’s personal network drive (TUNI on Windows computers: P: drive) appears in the /tuni/home/<ID> directory. When using the network drives, you must log in to the SSH server with your username and password; the network drives are not available when you log in with the SSH key.
Local disk space on the computer
The remaining disk space left over from operating system and software installations is available in the /worktmp/ directory. If necessary, make a directory under your /worktmp/ directory with your own username and use that. The /worktmp/ directory may be a symbolic link depending on the computer, but do all references through the /worktmp/ link. The /worktmp/ directory has not been or will be backed up, so you should not store anything important in the /worktmp/ directory. On shared computers, maintenance can delete files stored in the /worktmp/ directory as needed when the disk becomes full. The administrator removes all files and directories that are not under your own username from the /worktmp/ directory.
TUNI Linux computers come with a pre-installed SecurePrint queue. Printing to the SSH server requires login with a username and password; using the SSH key does not allow printing. Read more about printing and copying,
E-mail sent to firstname.lastname [at] tuni.fi can be read with a web browser from https://outlook.office.com/ , where you login with your TUNI email address.
Email clients (for example Mozilla Thunderbird) is not available on servers.
Please find more info about your email in the IT-services handbook.
Microsoft Teams can be used with a web browser from https://teams.microsoft.com/ . Please note that you can't attend meetings (etc) using remote desktop servers. To attend Teams meetings, please use teams on your local computer.
Email and calendar
With remote desktop servers, Office 365 email can be accessed from a web browser at https://outlook.office.com/ or a variety of applications. Log in with the TUNI email address and password. https://outlook.office.com
Using the Online Accounts feature on GNOME desktop integrates Office365 email and calendar in your desktop and the Evolution programme.
To set up your Office365 email account with a Gnome Online Account:
Start Applications -> System Tools -> Settings and select Online Accounts. In the Online Accounts window, press the + button and select Microsoft Exchange. Enter the following information:
- Email: Your TUNI email address
- Password: The password for the TUNI ID
- Username: Your TUNI email address
- Server: outlook.office365.com
The Online Account function saves your password automatically on the GNOME Keyring (see above).
You can also read your email with other email clients such Mozilla Thunderbird (see instructions in the IT-services handbook).
Further information is available from the IT-services handbook.
The TUNI Linux computers have the most commonly used basic software installed, and the desktop servers and classroom computers also have software used in teaching. If the software you need is not found on the server, you can ask the IT Helpdesk to update it.
The software updates are loaded on the computers automatically and do not require actions from the user. The TUNI Linux remote desktop servers are always restarted in the planned monthly maintenance breaks. Planned monthly maintenance breaks are listed in Intra. SSH servers are only started when needed in the planned monthly maintenance breaks. If possible, the motd message on SSH servers is used to inform users about reboot on SSH servers.