Skip to Main Content

Department of Computer Science

Technical Services and Support

Working At Home

It’s fairly easy to set up an environment at home that integrates well with Rutgers CS facilities.

This page will document two different ways you can work:

  • Login to one of our computers and work there
  • Work on your own computer but access files from one of our systems

These are intended for individuals. If you’re setting up a cloud server, or a system with multiple users on it, please contact We can help you set up to use our usernames and passwords, and to access our file systems.

Using a Window on a CS System

There are two basic approaches. If you want a GUI interface (technically, an X11 window environment)

  • X2Go. This is a tool that lets you open a window on one of our systems. It uses a specially optimized version of the X11 protocol, giving reasonable performance on most home connections. In addition to giving you a window on our system, it lets you access files on your home computer and print to your home printers from the job on our system.X2Go is documented in the X2Go instruction page.

If you prefer a command line environment, you can use ssh.

  • Linux and Mac come with ssh, so from a command line window do “ssh HOSTNAME” If your username is different at home and at Rutgers, do “ssh user@HOSTNAME” with your Rutgers username
  • For Windows, mamy people use putty It has both a GUI and a command line version. From the command line use “putty user@HOSTNAME.” The GUI should open to a screen that asks you for the hostname. It will prompt you for the username, though you can type user@host in the hostname field.
  • HOSTNAME. The hostname should be the name of the computer you want to use. It will normally end in
    • faculty only:
    • researchers:, or some other from the list of research systems
    • grad students: probably, but if you specifically need your grad home directory, any of the grad student desktop systems
    • undergrads:

Accesing Files from CS Systems

If you want to work on your home machine but access files stored on our servers, there are two reasonable approaches

  • sshfs, which mounts your Rutgers home directory so you can access as if it was a disk drive on your home system
  • an sftp client; this lets you transfer files back and forth using a graphical interface or command line

For more information, see Accessing Files Remotely

Setting up Kerberos on Mac or Linux

The reason you might want to use Kerberos at home is to let you ssh to our systems without typing a password. While the Mac comes with Kerberos you will want to install the Kerberos implementation from Macports. You’ll also need their version of ssh. (The problem with Apple’s version of Kerberos is that it doesn’t understand the https: proxy, which is needed for use at home. You need to use the Macports versions of both the Kerberos utilities and ssh.)

  • Make sure your time is synchronized. Generally this is done with a program called chrony, though older installations will use ntpd. The system administation tool for most systems will let you set this up. If you time is off more than a minute or so, Kerberos won’t work.
  • Make sure Kerberos is installed
    • Mac:
      • Install Apple’s Xcode through the App store
      • sudo xcodebuild -license
      • xcode-select –install
      • Download and install macports. See
      • sudo port install kerberos5
      • make sure /opt/local/bin is before /usr/sbin in your path. The macports installation should edit your startup files to do this, but you’ll need to start a new terminal window for that to take effect
    • Centos: yum install krb5-workstation krb5-pkinit
    • Fedora: dnf install krb5-workstation krb5-pkinit
    • SLES 12: zypper install krb5-client [not tested; may need krb5-plugin-preauth-otp krb5-plugin-preauth-pkinit]
    • Ubuntu: apt-get install krb5-user krb5-k5tls krb5-pkinit
  • Set up /etc/krb5.conf [Mac: /opt/local/etc/krb5.conf] See below for what goes in the file
  • Set up /etc/ca.crt
    • curl -O
    • sudo mv ca.crt /etc/ca.crt
    • curl -O

    • sudo mv krb5.kdc.pem /etc/krb5.kdc.pem

    • Note that krb5.kdc.pem is only needed if you are using two-factor authentication. It changes every fall, around Oct 10.

  • edit /etc/ssh/ssh_config. Make sure the following limes are present. If there are already non-comment lines defining GSSAPIAuthentication and   GSSAPIDelegateCredentials, and they say no, change the no to yes. If the lines don’t exist, add them. (On the Mac, if you’re using the Macports version of ssh, this will be /opt/local/etc/ssh/ssh_config.)

GSSAPIAuthentication yes
GSSAPIDelegateCredentials yes

Once this is set up you can use kerberos commands:
  • kinit netid
    • Sets up your Kerberos credentials. If your username at home is the same as your Rutgers netid, you can omit the netid
  • klist
    • Shows you your credentials. They will last for 24 hours. After that you need to do kinit again. Or you can do “kinit -R” before they expire to renew them for another day.
  • ssh hostname
    • should work without asking you for a password as long as the host is in the computer science department.

Here’s what goes in /etc/krb5.conf.  On the Mac this goes in /opt/local/etc/krb5.conf


  default_realm = CS.RUTGERS.EDU

  noaddresses = true

  forwardable = true

  renew_lifetime = 365d

  default_ccache_name = /tmp/krb5cc_%{uid}



    kdc =

    pkinit_anchors = FILE:/etc/krb5.kdc.pem

    http_anchors = FILE:/etc/ca.crt


The pkinit_anchors entry is only needed if you are using two-factor authentication.

Kerberos on Windows 10

On Windows 10 I recommend installing the Ubuntu application and setting it up Kerberos within it as for Linux. There is Kerberos for Windows, but it doesn’t support the proxy, so you can’t use it at home. (If your PC is on a computer science department network with a permanent hostname and IP address, you might considering using MIT’s Kerberos for Windows.) To set up Ubuntu

  • Find powershell (e.g. type powershell into the Contana box), right click on it, and select “run as administrator”.
  • In the powershell windows, type Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Windows-Subsystem-Linux
  • Reboot
  • Go to the Windows store and install Ubuntu. (Other distributions will probably work, but I’ve tried Ubuntu.)
  • Now follow the instructions above for Ubuntu.
  • You can open multiple Ubuntu windows. If you do kinit to get a ticket in one windows, it will apply to different windows as well.

Note to Mac Users

The instructions above are specifically for home use, where your IP address probably isn’t real, because you’re behind an address translator run by your ISP or your home router. In this case you have to use the https: proxy to access Kerberos. That means you have to use the Macports version of both the Kerberos utilities and ssh.


However if you’re at Rutgers, and your Mac has a permanent address within computer science, you don’t need the https: proxy. First, you’ll need to send email to to get your system registered. When you do that, tell us if you want to do NFS mounts of home directories and /common/users. Once staff have set you up, your /etc/krb5.conf and /opt/local/etc/krb5.conf (we recommend setting up both) will be set up with the following definition for CS.RUTGERS.EDU: Other than this, it should follow the example above. Note that the actual hostnames, etc, may change every few years.

    kdc =
    kdc =
    kdc =

    pkinit_anchors = FILE:/etc/krb5.kdc.pem
    http_anchors = FILE:/etc/ca.crt

Once you have a kerberos ticket using kinit, you can ssh to other systems. If you asked staff to authorize you to mount directories, do the following command to tell Apple about our Kerberos domain:
sudo dscl . -create Config/NFSv4Domain RealName
This only needs to be done once. You can then mount the file systems you’re authorized for, e.g. 
sudo mount /mnt
It appears to be possible to fully kerberize the system, doing login through Kerberos, and automaticlaly mounting file systems. However we haven’t tried that yet. Note that access to mounted files requires your kerberos ticket to be valid. Our tickets normally expire after a day. If that becomes an issue we can port “renewd” to the Mac.