Using Cygwin/X at Fermilab

So you're a Windows user and you need to log into Linux machines at Fermilab. Cygwin is one way to do this. Cygwin is a UNIX-like environment that runs on top of Windows. Not only is it a great way to connect to remote Fermilab Linux machines, but it provides a UNIX-like way of interacting with your Windows system (e.g. bash shell scripts, grep, Makefile, LaTeX, etc.). I think it's more useful than all that WRQ/Reflection/Putty/Xming stuff and the price is right!

These instructions will show how to install Cygwin with Kerberos and basic X windows support. You'll need to request a Kerberos Fermilab Domain Principal before you can get a kerberos ticket.

  1. Download the Cygwin setup-x86_64 program and run it as admin to install Cygwin on your PC. By default the setup program will put the bare minimum number of "packages" on your PC. In the setup program search through the list of available packages and mark the following stuff for installation: The basic Cygwin install plus the packages listed above should be about 500MB. By default Cygwin will install in C:\cygwin64. You can always re-run the Cygwin setup program to add more packages or update the packages you've already installed.
  2. Start a Cygwin64 terminal. (If you get an error message about a missing mintty file, try this fix).

    The next few steps should be done in a Cygwin64 terminal window.

  3. Get the latest Fermilab krb5.conf file and put it in /etc
    $ cd 
    $ wget http://metrics.fnal.gov/authentication/krb5conf/Linux/krb5.conf
    $ cp krb5.conf /etc
    
    (If Windows complains about permissions on that last step, then use Windows explorer to copy or move C:\cygwin64\home\yourname\krb5.conf to C:\cygdrive64\etc.)
  4. Now create a directory called .ssh in your home directory and put the ssh config file there. Change permissions on this config file.
    $ cd
    $ mkdir .ssh
    $ cd .ssh
    $ wget https://home.fnal.gov/~jamieson/temp/config
    $ chmod 600 config
    
  5. Edit your startup script .bashrc in your home directory
    $ cd
    $ nano .bashrc
    
    and somewhere in that file include the line:
    export DISPLAY=:0.0
    This is so X-Windows will know which screen to use. (If you get "can't open display" error messages double check your .bashrc file to make sure it has the above line.)

    While you're here, pimp out your command prompt by adding the line

    PS1="\n\[\e[44;36;1m\][\u@\h \W]\[\033[m\] "
    to your .bashrc file.

    Now save .bashrc, close all open Cygwin64 terminals.

    Now we're ready to try it out!

  6. First, Start the Cygwin X windows server. Go to start menu > Cygwin/X > XWin Server. If everything is running OK you should see a couple of X icons in your windows system tray. Typically you will do this once when you first start windows and you'll leave this XWin Server running. You can open as many Cygwin64 terminals as you like.
  7. Now open a Cygwin64 terminal and type:
    $ kinit your-kerberos-name@FNAL.GOV (after entering your password you'll have a kerberos ticket)
    
    $ klist (displays your kerberos ticket)
    
    $ xclock& (If X is working properly you should see an analog clock window appear; this is running LOCALLY)
    
    $ ssh yourusername@someothermachine.fnal.gov  (connect to a remote machine; if you have a ticket 
                                                   AND the remote machine is supports kerberos AND you 
                                                   have an account on that machine it should log you 
                                                   right in without any prompts for username or password)
    
    $ xclock& (another clock should appear; this clock is actually running on the remote machine
               but is displayed on your screen... this is what X windows does for you)
    

Just FYI... the Cygwin package nc (aka netcat) may get flagged by the Fermilab anti-virus scanner and may result in your windows PC getting blocked from the Fermilab network. The program nc is not normally installed with the base Cygwin packages, but it could be installed if you install ALL "net" packages.

If you think this 1994-retro HTML page was helpful, or if something is unclear, email me at jamieson@fnal.gov
last update 2019-10-23