Rstudio server: R language graphical interface.
JupyterHub: Jupyter notebooks.
LSD: Laboratory for Simulation Development.
All applications have shared access to the user data stored in the server.
An user account is required to use the server. Associated researchers may request an account.
Secure access is possible from any computer connected to the internet. Access is only possible via SSH protocol using a cryptographic private-public key pair (NO password-only access).
To access the server web resources (RStudio, JupyterHub), a SOCKS5 proxy must be configured in the user browser. Legacy graphical applications (LSD) require an X11 server installed and configured in the user computer. Below you find instructions to set up the required environment.
SSH is a security system that enables secure communication between a user computer and a server.
An SSH key pair must be created for each user that will access the server. This only needs to be done once. After creating the SSH keys, only the public key must be sent to the server administrator for the account creation.
Keys are created using the terminal/console (on Windows, this may be called PowerShell or Command Prompt). To open a new terminal window on Linux, press Ctrl+Alt+T. On macOS, press Cmd+Space, type terminal, and press Enter/Return. On Windows, press Win+X and then press the letter I.
With the terminal window selected, type (press Enter at the end of each line):
cd ~/.sshAccept the proposed key name (id_rsa) by pressing Enter. Then enter a passphrase for your key, Enter, repeat the passphrase, and Enter. Always use a passphrase. If necessary, the above process can be repeated to replace previously generated keys.
The default directory for storing keys on your computer is ~/.ssh (the ~ represents the user directory, for example, C:\Users\YOUR_NAME\.ssh on Windows).
Two files will be created in the ~/.ssh folder. One file with a .pub extension (public key) and the other without an extension (private key). Send the file with the public key to the server administrator. Never share your private key.
If the user needs to access from another computer, the key pair must be copied to the new computer. To do it, simply copy the ~/.ssh folder and its contents to your user directory (~) in the new computer.
If you use an alternative terminal, like PuTTY, it may offer an alternative simpler way to produce a key pair (PuTTYgen in PuTTY, see below).
Once your account is created, and the private key installed in the user computer (see instructions above), terminal access is normally done using the ssh command in the terminal on Linux, macOS, or Windows (on Windows, the terminal may be called PowerShell or Command Prompt).
To open a new terminal on Linux, press Ctrl+Alt+T. On macOS, press Cmd+Space, type terminal, and press Enter/Return. On Windows, press Win+X and then press the letter I. Accessing through the menu of installed programs is also possible.
In the terminal window, you can login by providing your private key, username, and server name using the command below, followed by Enter:
ssh -i ~/.ssh/id_rsa -X USER@research.ews.santannapisa.itReplace USER with the username provided by the server administrator. The key passphrase will be asked and must be entered each time you log in.
There are alternative terminals that can be installed to your computer. For Windows users, see below the instructions to use PuTTY. This is not required but may be more convenient than the standard terminal.
During the first login after your account was created, usually the user is requested to replace the current password. Please enter the password provided by the server administrator, choose a new one, and confirm. Please take note of this password. This is the password required to access the web applications (RStudio, Jupyter) and NOT your ssh key passphrase. However, the user may opt to use the passphrase as the new password, which is recommended.
Instead of typing your private key and passphrase at each login, they can be loaded into the computer's memory using the SSH agent. It facilitates login by storing our private keys and managing authentication on your behalf, so you don't need to enter passphrases recurrently when connecting to remote servers.
The agent can be loaded with the command:
ssh-add ~/.ssh/id_rsaEnter your key passphrase and press Enter.
The agent will remember your passphrase until the computer is restarted, so you won't need to run this command again to connect to the server. If an error occurs connecting to the agent, try checking if the SSH agent is already running (on Linux/macOS, use the command eval $(ssh-agent -s) and on Windows, Start-Service ssh-agent).
After loading the agent, access to the server is done using the shorter command:
ssh -X USER@research.ews.santannapisa.itIMPORTANT: do not use the SSH agent on shared computers or computers without access security.
If you use an alternative terminal, like PuTTY, please check the specific instructions of the application on how to set up the SSH agent (Pageant in PuTTY, see below).
To access the server for the web applications (RStudio, Jupyter), it is necessary to use a SOCKS5 proxy to login. It allows secure access to the server, stronger than vulnerable password-only setups. Please enable and configure the proxy BEFORE trying to access the web application.
The proxy is enabled using the following command in terminal:
ssh -i ~/.ssh/id_rsa -D 2045 -C -q -N USER@research.ews.santannapisa.itIf you have the SSH agent configured, you may omit the -i ~/.ssh/id_rsa part. After typing this command, nothing will be displayed in the terminal, but the connection to the server will be established for use by your browser.
To interrupt the connection, press Ctrl+C in the terminal or close its window. If you also need to use the terminal, you may remove the -q -N parameters. In this case, the proxy is closed when you exit the terminal.
If you use an alternative terminal, please check the specific instructions of the application on how to set up the proxy (for PuTTY, see below).
To use the proxy, you still need to configure your browser. In Firefox, open the Settings in main menu, go to the Network Settings section, click Settings... button, and choose Automatic proxy configuration URL option. In the field below, insert https://ews.santannapisa.it/proxy.pac, and click OK. The configuration is similar in other browsers, but may require the installation of an extension.
In Windows 11, it is possible to configure the proxy for all applications at once. Open the Settings app, choose the Network & internet section, and click on the Edit button in the Use setup script box. Turn on the Use setup script option ant type https://ews.santannapisa.it/proxy.pac in the Script address field, and press Save. Google Chrome and Microsoft Edge browsers will be automatically configured. Other applications may need to be set to use the system proxy.
To use a remote graphical user interface (GUI) to programs running in the server that are not web based, X11 protocol forwarding is required. X11 allows using the user computer screen, keyboard, and mouse as if they were directly connected to the server. X11 forwarding setup is done in two steps: activating an Xorg terminal application in the user computer, and enabling the transport of X11 data when establishing SSH terminal sessions.
A Xorg terminal must be installed and running in the user computer before using the X11 GUI. This is usually already done in Linux, as most distributions already include and autostart the required software. However, in macOS and Windows, it is still necessary to install and start an Xorg terminal application.
For macOS, XQuartz is the most used terminal. It can be downloaded and installed directly from XQuartz, or using MacPorts or Homebrew. Reboot the computer after installation. The XQuartz server is automatically started with the computer.
In Windows Xming is an easy-to-use server. Download and install it. After installation, use the XLaunch application to create a configuration file, accepting the defaults offered (press the Next button to advance) and including -listen tcp to the Additional parameters field in the third configuration page. Before pressing Finish, in the last page of the configuration wizard, click on the Save configuration button, choose a folder to save the config.xlaunch file, and finally press Finish. To load the server in the future, double clicking on the saved config.xlaunch file will automatically launch the server. Look at the Windows taskbar for the Xming server icon to know if it is already loaded. config.xlaunch can be copied to the shell:startup folder so it is automatically loaded when the computer starts.
After ensuring the Xorg terminal is operating, X11 forwarding must be also enabled during the SSH connection. To do that, the parameter -X must be passed in the ssh command line. In all the above examples, this option was already included. It can be safely removed if X11 forwarding is not being used.
If you use an alternative terminal, please check the specific instructions of the application on how to set up X11 forwarding (for PuTTY configuration, see below).
To transfer files from the user computer to the server (or vice versa), an SSH connection (see how to configure it here) must be established. Transfers are made through a file manager that supports the SFTP/SCP protocols. There are several managers for each type of computer. Once connected, files can be transferred to and from the server in the usual way, for instance, by dragging and dropping file and folder icons.
The file manager installed on most Linux computers, like Nautilus, already incorporates SFTP. But before using it, you need to load your private SSH key into the SSH agent (see above). With the key loaded into the agent, to connect to the server, simply click Connect to Server in the sidebar (or a similar command in the menu) and type sftp://USER@research.ews.santannapisa.it. In place of USER, enter your server username.
The default macOS file manager (Finder) does not support SFTP, and the user must install a program to transfer files. We recommend the Cyberduck application. Download it from the website and install it in the Applications folder (or whatever folder you prefer). Open Cyberduck, click New Connection, choose SFTP from the list of protocols, and enter research.ews.santannapisa.it (Server) and your username in the fields that appear. Finally, click SSH Private Key, choose your private SSH key file (~/.ssh/id_rsa if the key was created as indicated above), and press Connect. Finally, enter your key passphrase.
The default Windows file manager (File Explorer) does not support SFTP, and the user must install a program to transfer files. We recommend the WinSCP application. Download and install it from the website or the Microsoft Store. Open WinSCP, enter research.ews.santannapisa.it (Host) and your username in the fields that appear, click Advanced… > SSH > Authentication, and in the Private Key File field, choose your private SSH key file (id_rsa.ppk if the key was created by PuTTYgen). If desired, you can save the entire configuration (Save…) before pressing Login. Finally, enter your key password.
Alternatively, Cyberduck can be also used in Windows. Please refer to the macOS configuration steps above.
A convenient alternative to the Windows terminal applications is PuTTY. To use it, please visit the site, download the MSI installer, and install it. After installation, the various components of PuTTY are available in theStart menu, All apps list, inside the folder PuTTY (64-bit). After setup, the app PuTTY can be used to automatically open a fully configured terminal with just a few clicks.
To generate the SSH key pair for use with PuTTY, open the PuTTYgen app in the Start menu. Then, press the Generate button, and move your mouse around the window until the green bar fills. Next, enter the key's passphrase in the Key and Confirm fields. Now, click the Save public key button, choose the folder to save the public key (recommended C:\Users\YOUR_NAME\.ssh, creating it if it doesn't already exist), and name it id_rsa.pub. Finally, click Save private key and enter id_rsa without the extension (PuTTY will use the .ppk extension automatically). Send the file with the public key to the server administrator. Never share your private key. This has to be done only once.
The next step is to load the SSH agent, an application named Pageant. Once loaded, it will be minimized to the taskbar. To load your key into Pageant, double-click its icon in the Windows taskbar (a monitor with a hat). Press the Add Key button, navigate to the folder where you saved your private key (e.g., C:\Users\YOUR_NAME\.ssh), select the id_rsa.ppk file, enter your passphrase, click OK, and then Close. This has to be done every time your computer reboots.
Finally, open the PuTTY app. In the Host Name field, enter USER@research.ews.santannapisa.it, in Saved Sessions, type ews-research, click on Save and then on Open. In place of USER, type the username provided by the server administrator. If all goes well, the connection will be established and the terminal can be used normally. The next time PuTTY is used, just double click on the ews-research item in the Saved Sessions list.
To configure PuTTY to automatically creating a SOCKS5 proxy when the terminal is connected, after loading (single click) the ews-research session, in the Category tree (on the left) choose Connection > SSH > Tunnels, enter Source port 2045, select the Dynamic checkbutton, and press the Add button. Navigate back to Session in the tree, and click on Save to update your saved session. You only have to do this once.
To configure PuTTY to support X11 forwarding when the terminal is connected, after loading (single click) the ews-research session, in the Category tree (on the left) choose Connection > SSH > X11, mark the Enable box, and enter the X display location localhost:0.0. Navigate back to Session in the tree, and click on Save to update your saved session. You have to do this only once.
Copyright © 2025 Scuola Superiore Sant’Anna
Disclaimer: The information and views set out in this software are those of the author(s) and do not necessarily reflect the official opinion of the Scuola Superiore Sant’Anna. Sant’Anna does not guarantee the accuracy of the data included in this study. Neither Sant’Anna nor any person acting on Sant’Anna’s behalf may be held responsible for the use which may be made of the information contained therein.
Copyright Notice: The Models here are property of the respective authors. The Models are protected by copyright laws, trademark and design rights. Any unauthorized use of the Models will be considered a violation of the authors’ intellectual property rights. The Models may not be copied, distributed, published or used in any way, in whole or in part, without prior written agreement from the authors, except as otherwise allowed by the agreed Conditions of Use.
No Warranties: this site, the associated models and their results are provided “as is” without any express or implied warranty of any kind including warranties of non-infringement of intellectual property or fitness for any particular purpose. In no event shall the authors or its suppliers and partners be liable for any damages whatsoever (including, without limitation, damages for loss of profits or loss of information) arising out of the use of or inability to use the information provided on this site, even if the authors or its suppliers and partners have been advised of the possibility of such damages. Because some jurisdictions prohibit the exclusion or limitation of liability for incidental or consequential damages, some of the above limitations may not apply to you.