Outside world

If your computer is somewhere else on this planet (at Stony Brook, in China or even in the NSLS' wireless network), you need to tunnel each port twice. Once you have to get through BNL's SSH gateway and secondly you have get into the x1a subnet, where our microscope control computers are hidden. You always need to forward both the protocol and the data port (see Tab. 11.1) of the microscope that you want to run.

For the first tunnel you will need an account with BNL's ITD department, that gives you access to BNL's intranet. To set up the necessary tunnels on the command line you type

ssh username@ssh1.bnl.gov -L 9735:localhost:9735 -L
9736:localhost:9736

in case you want to run outbard STXM.
If you use the Windows based client from ssh.com, you have to go to Edit - Settings - Profile Settings - Connection - Tunneling and Add two Outgoing tunnels. For the protocol tunnel you enter for example

Display Name:	whatever
Type:	TCP
Listen Port:	9735
Destination Host:	localhost
Destination Port:	9735

Once inside the BNL intranet, you still need to tunnel into the x1a subnet, by setting up a second SSH connection. You have to type on the command line

ssh micros@x1a.nsls.bnl.gov -L 9735:stxmo-server.x1a:9735 -L
9736:stxmo-server.x1a:9736

Of course you will need to know the password of micros@x1a.nsls.bnl.gov.

If you run STXM from the outside world frequently, you might want to automate the port forwarding from the SSH gateway so that you don't have to type the cryptic command all the time. That can be done easily in the SSH config file (~/.ssh/config) on the SSH gateway. In my case, that file reads

    # ~/.ssh/config
    Host root
        HostName x1a.nsls.bnl.gov
        User root

    Host micros
        HostName x1a.nsls.bnl.gov
        User micros
        LocalForward 9737 stxmi-server:9737
        LocalForward 9738 stxmi-server:9738

Now I can just type ssh root to log onto x1a.nsls.bnl.gov as user root (with no ports forwarded), or I type ssh micros to log on as user micros with protocol and data ports forwarded to use the inboard STXM. Adjust that file to your liking. If you know how to use the VI editor, you can do it directly on the SSH gateway, otherwise create the file beforehand and copy it over.

When you start sm_gui now, you have to tell it to connect through the localhost, by either specifying the keyword on the IDL command line, or by checking the pertaining box in the startup dialog.