ssh -C -X MATHSNAME@enna, not to
maths.usyd.edu.au; see also the
network setup needed for internal laptops.
Choose between Web-OTP, TOTP or skeys.
You can use Web-OTP anytime, without any prior setup;
while TOTP or skeys need to be set up while in the School.
Note that our software prompts for the code first, and the password
after that.
With your browser, go to
www.maths.usyd.edu.au/s/otp
(you will need to log in with Okta MFA).
See a five-character code: valid for 5 minutes, and for single use.
At next ssh login, you will be prompted for this code.
NOTE: you need to get the Web-OTP code before starting the ssh (or putty) command.
Our Web-OTP implementation is true one-time: a second login is
possible only with a new code from the web page.
Getting a Web-OTP code takes precedence over TOTP or skeys (during its
5-minute validity or until used).
Okta,
the Uni ICT "standard" for MFA, does not directly support ssh; our
Web-OTP relies on Okta, in ways that does not decrease security.
Our Web-OTP service has rate limits, see below.
Install your favourite TOTP authenticator app (on your phone, on
your computer, or as add-on in your browser).
On enna (in a terminal window, made large enough) use command
google-authenticatorand scan the QR code (or enter the secret key) into the authenticator app.
Maybe use command totp-test to check codes.
Ensure the time on your device is correct, use "network time": set for
Android
or
iPhone.
Our TOTP implementation is true one-time, non-replayable, with a
no-reuse control: a second login is possible only after the code
changes during the next time slice.
Running google-authenticator again, invalidates any previous setting
and would need the app to be updated.
Setting up TOTP takes precedence over skeys; there is no need to have
had skeys to use TOTP.
You can set up TOTP remotely during a Web-OTP or skey login session.
To remove TOTP e.g. to go (back?) to skeys, on enna use command
rm ~/.google_authenticator
Skeys are once-only passwords generated by iterated one-way encryption.
Ask Paul, in person, to give you a paper sheet of skeys.
Each time you will need to type all the words from the line as
prompted (not the line number); each sheet has hundreds of lines.
When approaching the end of the sheet, see Paul again to obtain a
replacement.
You can choose between 2-word, 3-word or 6-word skey sheets
(previously all were 6 words for better security, see below).
Lines on your skey sheet decrement each time: cross out the last line just used, making it easy to find the next one when needed. Or, to avoid carrying the skey sheet, take a photo with your phone and use that image, also allowing you to enlarge to make it easier to read.
mkdir -p ~/bin
cp ~/Downloads/ssh-with-2fa.txt ~/bin/ssh-with-2fa
chmod 755 ~/bin/ssh-with-2fa
ln -sf ssh-with-2fa ~/bin/ssh
ln -sf ssh-with-2fa ~/bin/scp
ln -sf ssh-with-2fa ~/bin/sftp
ln -sf ssh-with-2fa ~/bin/xsess
echo 'export PATH=~/bin:$PATH' >> ~/.bash_profile
echo 'export PATH=~/bin:$PATH' >> ~/.zshrc
echo 'alias scp="noglob scp"' >> ~/.zshrc
Mac users should also do, replacing MATHSNAME by the Maths
login name (in the first line):
x=MATHSNAME
mkdir ~/Documents/M-home
echo "alias mdrives='sshfs -o follow_symlinks -o uid=$(id -u) -o gid=$(id -g) -p 12022 $x@127.0.0.1:. ~/Documents/M-home'" >> ~/.bash_profile
echo "alias udrives='umount ~/Documents/M-home'" >> ~/.bash_profile
echo "alias mdrives='sshfs -o follow_symlinks -o uid=$(id -u) -o gid=$(id -g) -p 12022 $x@127.0.0.1:. ~/Documents/M-home'" >> ~/.zshrc
echo "alias udrives='umount ~/Documents/M-home'" >> ~/.zshrc
We do .bash_profile for Linux and older Macs, .zshrc for
Mac from 10.15 Catalina.
Close this terminal window, those profile settings take effect in subsequent ones.
ssh MATHSNAME@ennawhere MATHSNAME is your login name on the Maths servers, and log in to enna with 2FA and password.
ssh-keygen (press ENTER twice: to accept filename, and to use empty passphrase)
ln -s id_rsa.pub ~/.ssh/authorized_keys
(or just command xfrom enna that will do same).
scp MATHSNAME@enna:~/.ssh/id_rsa ~/.ssh/
chmod 600 ~/.ssh/id_rsa
ssh MATHSNAME@ennaso you can mix "native" and enna windows e.g. for copy-paste; or if you wanted a "Linux desktop" (though will be slower) then use
xsess MATHSNAME@enna(each time your laptop re-connects to the network).
Leave that enna login session running: use it, say for
nedit or tuteroll or
xfrom savona.
You may minimize the window of your enna login session, but keep
it running, do not allow your computer to disconnect from the
network e.g. to go to sleep/hibernate, as most laptops do with the
lid closed.
With your enna login session running, in other terminal windows
on your laptop you can easily use further ssh or scp (or sftp)
commands, e.g. any of:
ssh MATHSNAME@enna
scp file1 MATHSNAME@enna:
scp MATHSNAME@enna:file2 .
just "happen", without any pesky 2FA or password prompts.
For file access, with your enna login session running (and then without any pesky 2FA or password prompts):
sftp://MATHSNAME@localhost:12022
mdrivesthen use the files in M-home (under your Documents) as normal.
udrivesto disconnect.
To easily find the "teaching directories" etc, in the window logged in to enna, (once only) use commands, replacing MATHSNAME by the Maths login name (in the last line):
ln -s /users/misc/teaching drive-T-teaching
ln -s /users/misc/tutsols drive-S-tutsols
ln -s /users/misc/shared drive-Y-shared
ln -s /usr/sms drive-L-local
ln -s /nb/MATHSNAME drive-N-nobackup
For printing setup, follow the instructions in the
printing page.
Some (Mac?) machines do not know about localhost, then use 127.0.0.1
instead of the name localhost.
See also the section on xpra.
set x=MATHSNAME
mkdir bin
copy Downloads\ssh-with-2fa.txt bin\ssh-with-2fa
echo perl "%USERPROFILE%\bin\ssh-with-2fa" %x%@enna > bin\ssh2.bat
echo $x=$0; $x=~s,[a-z-]*$,ssh-with-2fa,; $y=`type "$x"`; eval $y > bin\xsess-helper
echo perl "%USERPROFILE%\bin\xsess-helper" %x%@enna > bin\xsess.bat
setx path "%USERPROFILE%\bin"
Maybe ctrl-C, ctrl-V will work for cut-and-paste into the command
prompt window; or just re-type if not.
In the window logged in to enna, type commands:
ssh-keygen (press ENTER twice: to accept filename, and to use empty passphrase)
ln -s id_rsa.pub ~/.ssh/authorized_keys
(or just command xfrom enna that will do same).
scp -P 12022 MATHSNAME@127.0.0.1:~/.ssh/id_rsa .ssh
Drive Name: drive-M-home Drive Letter: M:
Remote host: 127.0.0.1
Remote port: 12022
Authentication: Public Key
Username: MATHSNAME
Private Key: (Browse to) C:\Users\username\.ssh\id_rsa (then Open, Open, OK)
Remote Folder: User's home folder
(then click OK).
nedit or tuteroll or
xfrom savona
(any such new Linux "windows" will appear within the VcXsrv window).
For file transfer, with your enna login session running, use
SFTP Drive:
click its icon on the desktop, click Start.
See your files in the M drive, use them as "normal".
To easily find the "teaching directories" etc, in the window logged in to enna, (once only) use commands, replacing MATHSNAME by the Maths login name (in the last line):
ln -s /users/misc/teaching drive-T-teaching
ln -s /users/misc/tutsols drive-S-tutsols
ln -s /users/misc/shared drive-Y-shared
ln -s /usr/sms drive-L-local
ln -s /nb/MATHSNAME drive-N-nobackup
When done for the day, close everything in the "right" order:
For printing setup, follow the instructions in the printing page.
Some (Win11?) machines do not know about localhost, then use 127.0.0.1
instead of the name localhost.
See also the section on xpra.
ssh -C -X MATHSNAME@maths.usyd.edu.auwith MATHSNAME being your login name on the Maths servers.
The ssh client is probably present already.
Beware of the MacOSX "feature" of ForwardX11Timeout set to 20 minutes,
and the wrong setting of XauthLocation in MacOSX since 10.12.
You should run ssh something like
(in a terminal window on your laptop,
Applications > Accessories > Terminal):
ssh -C -X -oForwardX11Timeout=596h -oXauthLocation=/opt/X11/bin/xauth MATHSNAME@maths.usyd.edu.auwith MATHSNAME being your login name on the Maths servers.
Up-to-date Windows10 (or later) has "native" ssh, and you can use it typing
commands as detailed for Linux above, in a command prompt window
(Start > Programs > Accessories > CommandPrompt)
or (Start > Run > cmd).
Windows10 native ssh may need to be enabled:
Settings > Apps > Optional Features > OpenSSH Client > Install
see
here
or
here
for instructions. It also has some
oddities:
you need to (once) use commands
mkdir \dev & echo x > \dev\tty
and for VcXsrv you need to (each time) use command
set DISPLAY=localhost:0
and use ssh option -Y instead of -X.
Or anyway (and as it seems easier) you may install and use putty.
The "standard" ssh client for Windows is putty, use latest
(current) version from
www.chiark.greenend.org.uk/~sgtatham/putty/latest.html
To use putty, with WindowsExplorer (e.g. MyComputer) find
putty.exe, double-click.
You will have full X-windows access, so could xfrom to
other machines, or use other X-windows software like nedit
or tuteroll, or licenced software like matlab,
mathematica or maple, or even
firefox or thunderbird (with full access to
scnews and other internal pages or mail files, though these may be too
slow over the network); or for a slow but authentic login experience,
use xnest or nxagent and in there run
/usr/sms/share/ldm/Xsession.
Tempting to try some GUI clients ... but mostly they do not
understand the 2FA prompt (expecting to send just a plain password) so
they fail; they work fine once you save 2FA prompts ... see below under
made easy.
Some GUI clients for SFTP:
ssh -C -L 12022:localhost:22 -X MATHSNAME@maths.usyd.edu.au
ssh -C -L 12022:localhost:22 -X -oForwardX11Timeout=596h -oXauthLocation=/opt/X11/bin/xauth MATHSNAME@maths.usyd.edu.au
Save typing your password
... use public keys.
Generate some keys and copy things around so you end up having the
private key on the laptop and the public key as authorized on
enna.
At the initial login with 2FA you still get a password prompt,
as configured for security.
Easy for Linux or Mac, not so easy to do on Windows.
You may also use this to ssh/scp between enna and the research servers.
Do not inadvertently
publish your private key,
e.g. when uploading to web or Git servers.
ssh-keygen (press ENTER twice: to accept filename, and to use empty passphrase)
ln -s id_rsa.pub ~/.ssh/authorized_keys
then in another terminal window on your laptop, copy the
"private key" file from enna to your laptop:
scp MATHSNAME@enna:~/.ssh/id_rsa ~/.ssh/
chmod 600 ~/.ssh/id_rsa
scp -P 12022 MATHSNAME@localhost:file-on-enna place-on-local-machine
scp -P 12022 file-on-local-machine MATHSNAME@localhost:place-on-enna
but there are better ways.
sftp://MATHSNAME@localhost:12022
mkdir ~/Documents/M-home
sshfs -o follow_symlinks -p 12022 MATHSNAME@localhost:. ~/Documents/M-home
and use the files in M-home (under your Documents) as normal.
(The mkdir command is needed once only.) When done (and
before disconnecting from enna) use command
umount ~/Documents/M-hometo disconnect.
ssh MATHSNAME@ennaor use
scp file1 MATHSNAME@enna:
scp MATHSNAME@enna:file2 .
and the "right" things would happen: connect to the right host and port
(maybe with 2FA, or 2FA-less via the port forwarding while your enna
login session is running), with the "correct" options (all those
mentioned above and below), whether your laptop is "outside" or
connected to the School's internal network; it will also do the right
thing for any other uses, connecting to any other places, not just for
"School related".
To use the script:
mkdir ~/binand place the script file there (in your browser right-click the link above, choose SaveAs; or click and view, then press Ctrl-S to save), then set permissions and create a few symlinks:
cp ~/Downloads/ssh-with-2fa.txt ~/bin/ssh-with-2fa
chmod 755 ~/bin/ssh-with-2fa
ln -sf ssh-with-2fa ~/bin/ssh
ln -sf ssh-with-2fa ~/bin/scp
ln -sf ssh-with-2fa ~/bin/sftp
so it all looks like:
$ ls -l ~/bin/*
lrwxrwxrwx ... .../bin/scp -> ssh-with-2fa
lrwxrwxrwx ... .../bin/sftp -> ssh-with-2fa
lrwxrwxrwx ... .../bin/ssh -> ssh-with-2fa
-rwxr-xr-x ... .../bin/ssh-with-2fa
Make use of this by using
export PATH=~/bin:$PATHand adding that line to your
~/.bash_profile or
~/.zshrc file or similar (for future invocations).
mkdir bin
copy Downloads\ssh-with-2fa.txt bin\ssh-with-2fa
echo perl "%USERPROFILE%\bin\ssh-with-2fa" %* > bin\ssh2.bat
setx path "%USERPROFILE%\bin"
and then close this command prompt window, as setx is for any
future ones.
Using setx we append to PATH, not prepend as we manage for Linux or Mac, so we need to use the new name ssh2, thus use
ssh2 MATHSNAME@ennain the example above.
For scp or sftp from the command line, do also:
copy bin\ssh-with-2fa bin\scp-with-2fa
echo perl "%USERPROFILE%\bin\scp-with-2fa" %* > bin\scp2.bat
copy bin\ssh-with-2fa bin\sftp-with-2fa
echo perl "%USERPROFILE%\bin\sftp-with-2fa" %* > bin\sftp2.bat
and use
scp2 file1 MATHSNAME@enna:
scp2 MATHSNAME@enna:file2 .
or similar.
Please let Paul know if you
find anything that is any less than magical and perfect.
If you have any problems with ssh-with-2fa then run it as
ssh --debug MATHSNAME@enna to see more verbose messages.
There may be some use for "local" Maths email services. You may want to (and ssh-with-2fa will) use the port forwarding options
-L 12143:enna:143 -L 12025:rome:25to make our internal IMAP server (enna) and SMTP server (rome) accessible, while the enna login session is running. Set your mail client (e.g. mutt, alpine, thunderbird) to use:
| proto | server | port | |||
|---|---|---|---|---|---|
| IMAP | localhost | 12143 | |||
| SMTP | localhost | 12025 |
mkdir -p ~/Mail/.imap for IMAP login to succeed.
You may also want to (and ssh-with-2fa will) set the same port forwardings for "internal" laptop clients connecting ssh to enna, so the mail client configuration does not need to change between internal and external uses.
No POP to rome anymore: was unused anyway.
-L 12631:siv:631to make our internal CUPS server (siv) accessible, while the enna login session is running. To use, set up CUPS printing as described in the printing page.
You may also want to (and ssh-with-2fa will) set the same port forwarding for "internal" laptop clients connecting ssh to enna, so the printing client configuration does not need to change between internal and external uses.
Seems tempting to use -L 515:siv:515 for LPD printing. But we cannot use low ports on Linux: maybe not on the laptop for listening, and certainly not on enna for connecting to the LPD server. Setting up local LPD printing would not be trivial; copying the file to be printed with scp and then printing directly from enna may be simpler. Use CUPS printing instead, as above.
-L 14022:savona:22and then (while the enna login session is running) separately connect to localhost, port 14022 (with ssh, scp, FileZilla, WinSCP etc).
The ssh-with-2fa script will not (by itself) use the above forwarding, but you would need to get things started with a command like
ssh -L 14022:savona:22 MATHSNAME@enna(or on Windows similar command but with ssh2).
Generally users have passwords set on enna only, not on other servers like savona. If you use public keys as suggested above, that is shared by savona so will work there also; otherwise, if needed, a password could be set on savona.
The BioInformatics people have a page about using RStudio Server though with restricted access.
Using the ssh ProxyJump option, via ~/.ssh/config (on your laptop) containing:
Host savona
HostName savona
User MATHSNAME
ProxyJump enna
Host enna
HostName maths.usyd.edu.au
User MATHSNAME
(or some complicated command line) might work. The current Windows putty
has a similar
Proxy panel
feature.Port forwarding seems more generally useful (e.g. for other servers or for file transfer).
-D 13080so on your laptop (in a terminal, not the ssh-ed one running on enna) you can use e.g. proxychains to access any "internal" services.
To use proxychains (Linux, Mac): on the laptop, edit ~/.proxychains/proxychains.conf (or /etc/proxychains.conf) to contain the lines
quiet_mode
[ProxyList]
socks5 127.0.0.1 13080
(do not use proxy_dns, and with just one line in ProxyList).On your laptop (in a terminal, not the ssh-ed one running on enna) use commands like
proxychains command args...Examples:
proxychains xvncviewer myoffice.pc.maths.usyd.edu.au
proxychains xfreerdp /u:unikey /v:myoffice.pc.maths.usyd.edu.au
proxychains ssh me@myoffice.pc.maths.usyd.edu.au
when outside (or directly without proxychains when inside).-L 5902:myoffice.pc:5900 -L 3390:myoffice.pc:3389 -L 14022:myoffice.pc:22and connect to localhost (on port 5902, 3390 or 14022 respectively, probably by using name localhost:5902 etc).
proxychains mutt
proxychains alpine
proxychains thunderbird
when outside (or directly without proxychains when inside).proxychains firefoxwith network via Maths to access scnews and /loc/ pages. File access e.g. download location would be on your laptop.
Very tempting to use -L 139:enna:139 then use connect-to-server
smb://localhost to access the
Samba
server on enna (for file access), but that might not work:
on Linux/Mac it requires root access e.g. sudo on the laptop;
on Windows, port 139 may be "in use" already.
I could not get it to work on Windows, not even with the tricks in
support.blue.net.au/support/tunneling-smb-over-ssh-secure-file-sharing/
Known issues:
ping maths.usyd.edu.au
traceroute maths.usyd.edu.au
show "round-trip time" delays between 15 to 40 milliseconds, spent
mostly within "home network provider" equipment. Seeing how X11
network message counts are:
| Command | write | recv | |||
|---|---|---|---|---|---|
| tuteroll | 1560 | 3180 | |||
| nedit | 270 | 280 | |||
| xterm | 290 | 470 |
| bugs.debian.org/366096 |
| bugs.debian.org/384105 | xterm | |
| bugs.debian.org/408759 | gnome-terminal | |
| bugs.debian.org/764276 | dxpc | |
| bugs.debian.org/766299 | nxproxy | |
| /usr/sms/bin/OLD/x11proxy | script that had been used at Maths |
| lists.mindrot.org/pipermail/openssh-unix-dev/2023-February/040593.html |
See also the section on xpra.
There are timeouts set in several network "appliances":
TCPKeepAlive yes
ClientAliveInterval 10
ClientAliveCountMax 60
in the Maths
/etc/ssh/sskd_config
file: we are never much idle, and survive network dropouts of 10 minutes.
If affected still, you may want to add the
-oServerAliveInterval=10 option to ssh (for Linux or Mac,
putty has keepalive settings but not for command line); or leave
while :; do date; sleep 60; done(
rpt 60 date) running.
For incoming connections, ssh or putty talks to the firewall, and only the firewall knows which internal machine the connection is sent to: currently enna.
For outgoing connections we have transparent proxy on the firewall,
see
www.maths.usyd.edu.au/s/scnitm/psz-TransparentProxy-noProxyS
You may still want to use the ssh-with-2fa script, to choose
sensible options.
When using Cygwin (its ssh and its X server), or maybe from MacOSX, you need the (unsafe) -Y option instead of -X: I guess needed whenever xdpyinfo does not show the SECURITY extension.
Dire warnings (words of Jim Richardson):
Note that skeys are only for use of the person to whom the sheet was
allocated, and no forwardings or tunnels other than the above should
be used without prior arrangement with the School Computing Manager.
Note for Maths (129.78.68.*, e.g. Magma) users:
You do not need 2FA from such "trusted" hosts.
Our 2FA software is available in directory
/usr/sms/etc/2fa (on enna).
NOTE: file:/ links (as above) do not work in Firefox.
Copy link location then paste to Firefox URL bar, see
kb.mozillazine.org/Links_to_local_pages_don't_work .
This "SSH HowTo" page is referenced from (or referred to in):
www.maths.usyd.edu.au/local.html (click "Incoming ssh")
www.maths.usyd.edu.au/loc/comp/alpha/net-security.html#incoming
www.maths.usyd.edu.au/u/psz/ssh-howto.html (here).
Connection closed by remote host
server unexpectedly closed network connection
Connection refused
or our Web-OTP service may show "Too Many Requests".When that happens, try again in a little while. Long story below.
That is our protection against password guessing attacks, in action: we have rate limiting on ssh connections. When that happens, try again in a little while; or maybe wait until the next wall-clock hour, then try; maybe use "ssh -v ..." (or "putty -v ...") to see the "error" message; try soon after the restriction is lifted, before the "bad guys" use up all permitted tries.
For some background, see:
https://isc.sans.edu/diary/Guess+what+SSH+again/6214
https://isc.sans.edu/diary/Dealing+With+Unwanted+SSH+Bruteforcing/7855/
and example log lines from 2011:
Aug 25 22:17:33 bari sskd: Failed for invalid user aaa
Aug 25 22:17:48 bari sskd: Failed for invalid user aaron
Aug 25 22:17:51 bari sskd: Failed for invalid user abacus
Aug 25 22:17:56 bari sskd: Failed for invalid user abby
Our ssh service is handled by:
Our Web-OTP service also has limits: 2 per minute for each connecting machine, and a limit of 2 per second or 20 per minute for all connections.
We are pretty safe against any breakins with 2FA; in fact I have never noticed them trying 2FA at all, they just try single passwords. Many try root only as the login name (and root does not have 2FA).
We limit connections to protect against attackers wasting resources, hoping to make the attacker "go away" and try another victim. Our protections have stopped many ssh password guessing runs/attacks, significantly lowering the CPU load on our machines.
Any limits (in xinetd, sshind or sskd) will affect legitimate users also: hopefully our rates and back-off times are not too annoying.
Unrecognized OpenGL version
Could not initialize GLX
X server does not support XInput 2
GLX 1.3 or later is required
Instructions:
sudo apt install xpra
In a terminal window on your laptop (Applications > Accessories > Terminal), type commands:
ln -sf ssh-with-2fa ~/bin/xpraterm
ln -sf ssh-with-2fa ~/bin/xprasess
echo $x=$0; $x=~s,[a-z-]*$,ssh-with-2fa,; $y=`type "$x"`; eval $y > bin\xpraterm-helper
echo $x=$0; $x=~s,[a-z-]*$,ssh-with-2fa,; $y=`type "$x"`; eval $y > bin\xprasess-helper
echo perl "%USERPROFILE%\bin\xpraterm-helper" MATHSNAME@enna > bin\xpraterm.bat
echo perl "%USERPROFILE%\bin\xprasess-helper" MATHSNAME@enna > bin\xprasess.bat
Put shortcuts on your Desktop, pointing to xpraterm and
xprasess: right-click anywhere in the desktop background,
choose New Shortcut, browse to C:\Users\username\bin\xpraterm (or
...\xprasess) and OK.
Use xpraterm if you want a terminal, so you can mix "native" and enna windows e.g. for copy-paste; use xprasess if you want a "desktop" session (though it may be slower than xpraterm).
xpraterm MATHSNAME@enna
xprasess MATHSNAME@enna
where MATHSNAME is your login name on the
Maths servers.
xpra stop
Comments about xpra (and other ways to use), for completeness:
On your laptop, in a new terminal (or command prompt) window, use command:
Some (Mac?) machines do not know about localhost, then use 127.0.0.1
instead of the name localhost.
xpra start ssh/MATHSNAME@localhost:12022 --no-speaker --exit-with-children=yes --start-child=xtermwhere MATHSNAME is your login name on the Maths servers.
xpra start ssh/MATHSNAME@enna --no-speaker --exit-with-children=yes --start-child=xterm
This (in a little while, password-less if you had set up public keys as suggested) will show a new xterm window running on enna; use this new xterm to work in/from.
When "done", in some enna window use command
xpra stopor simply close the various windows, and your xpra session will close also.
If you wanted to keep your xpra session "alive", then when "done", do not close the various windows but press ctrl-C where you started xpra. This would leave the "session" running on enna. Later you could re-connect to the xpra session: if outside, log in with skeys and then (on your laptop, in a new terminal window) use
xpra attach ssh/MATHSNAME@localhost:12022 --no-speakerSome (Mac?) machines do not know about localhost, then use 127.0.0.1 instead of the name localhost.
or if inside, (in a terminal window on your laptop) use
xpra attach ssh/MATHSNAME@enna --no-speakerand see all your previous windows, as you had left them.
You may have several sessions. To choose, add the number e.g.
xpra attach ssh/MATHSNAME@localhost:12022/7 --no-speaker
xpra attach ssh/MATHSNAME@enna/7 --no-speaker
The same syntax could be used with xpra start if you wanted
to choose some as-yet-unused one.
xpra listto show all session numbers, and for each use something like
xpra stop 7Please do this on occasions, not to leave things running forever.
Paul Szabo psz@maths.usyd.edu.au 10 Jan 25