The use of Unified Access is now a mandatory requirement for connecting to Remote Desktop.

ICT requires that you use Unified Access to connect to the Remote Desktop service or to access university applications, which can be done from anywhere in the world, directly from your device. This replaces the need to remotely access a computer.

If you must remotely access your university computer, please follow the instructions below.

If your have an Imperial-owned Windows device, you can remotely connect to it from another location using Remote Desktop. Please note your PC name you will be remoting into before you follow the below instructions.

Instructions for using Remote Desktop

Set up RDG on your device

Remote access your Windows computer using a Windows device

Before you begin, you will need to wake your PC so that you are able to remote into it. 

  1. Ensure that you are on the Imperial Wired or Wireless network, or have connected to Unified Access 
  2. Click on the Start button in your desktop toolbar, type Remote Desktop in the search field and press the Return key on your keyboard. 
  3. Enter the full name (e.g. IC-12345678.dept.ic.ac.uk) of your Imperial machine and click Connect. Find out how to locate your PC name. 
  4. Enter your Imperial username (ic\yourusername) and password when prompted and click OK. 

Your session is now connected.

Remote access your College Windows computer using a Mac

Before you begin, you will need to wake your PC so that you are able to remote into it. 

We recommend Mac OS users download and use Microsoft Remote Desktop 10 from the App store

To set up an RD connection using your Mac, follow these steps:

  1. Start the app and select Add Desktop to add a new profile entry.
  2. Enter a name for the remote desktop profile.
  3. Enter the full name (e.g. IC-12345678.dept.ic.ac.uk) of your machine. Find out how to locate your PC name.
  4. Change the ‘User Account’ drop down to Add User Account
  5. Enter ic\yourUniversityusername in the User name field.
  6. Enter your Imperial password in the Password field.
  7. Enter a friendly name if desired (optional)
  8. Click Save and Save again.
  9. The main screen will display your new profile. Double click this to start a remote desktop session.

Your session is now connected.

For legacy systems (pre OSX 10.11):  Microsoft Remote Desktop 8 (No longer available for new downloads)

  1. Start the app and select New Remote Desktop to add a new profile entry.
  2. Enter a name for the remote desktop profile.
  3. Enter the full name (e.g. IC-12345678.dept.ic.ac.uk) of your machine. Find out how to locate your PC name.
  4. Enter ic\yourUniversityusername in the User name field.
  5. Enter your Imperial password in the Password field.
  6. Close the screens. The main screen will display your new profile. Double click this to start a remote desktop session.

Your session is now connected.

Remote access your College Windows computer using an iPhone or iPad (iOS)

Note: We offer limited support for this app.

Before you begin, you will need to wake your PC so that you are able to remote into it. 

To set up an RD connection using your iOS device, follow these steps:

  1. Download and install the free Microsoft Remote Desktop app from the App Store.
  2. Start the app and ensure PC is highlighted. Select + from the top menu to add a new PC entry. This will open a new window.
  3. Enter the hostname (e.g. IC-12345678.dept.ic.ac.uk) of College PC you wish to connect to in the name field and click the < arrow to saveFind out how to locate your PC name.
  4. Select the User Account field and enter ic\yourUniversityusername and select Save.
  5. Enter a Friendly name to identify the connection (E.G Imperial PC), tap the back arrow < then tap Save
  6. Select the gateway you've just configured on the main screen screen to initiate the connection. Enter your Imperial password when prompted. 

Your session is now connected.

Remote access your College Windows computer using an Android device

Note: We offer limited support for this app.

Before you begin, you will need to wake your PC so that you are able to remote into it. 

To set up an RD connection using your Android device, follow these steps:

  1. Download and install the free Microsoft Remote Desktop app from the Play Store.
  2. Start the app and select the + icon in the bottom left hand side of the screen to create a new connection. The configuration page will appear.
  3. Select Connection name and enter a relevant name like Imperial Work PC.
  4. Enter the FQDN (e.g. cc-example.cc.ic.ac.uk) of the College PC to which you wish to connect in the PC name field. Find out how to locate your PC name.
  5. Enter ic\yourUniversityusername in the User name field.
  6. Enter your Imperial password in the Password field.
  7. Press the tick in the top right hand corner of the screen to confirm these settings. Your remote desktop connection has been saved.
  8. Select the new connection listed in the All section of Remote Desktops to initiate a connection.

Your session is now connected.

Remote access your College Windows computer using an Linux device

Before you begin, you will need to wake your PC so that you are able to remote into it. 

The University Ubuntu 1804 build comes with Remmina, which is a graphical interface for remote desktop connections. Recent versions of this software can handle connections via Remote Desktop. Remmina is not installed by default in Oracle or Centos Linux but It is possible to install it. Find out how to install Remmina.

Remote Desktop is the recommended means of off-campus remote connection. It proxies the connection to your on-campus machine in a consistent and secure manner.

  1. Open Remmina.
  2. Click the “+” button to add a new configuration, and give it a meaningful name.
  3. Protocol: RDP - Remote Desktop Protocol
  4. Open Remmina and on the Basic tab fill in the following details: 

Server: The machine you want to connect to eventually.
User Name: Your IC username
Password: Your IC password
Domain: IC

  1. Adjust colour depth to suit your machine. 15bit uses fewer resources than 32bit.
  2. Click Save and you will have a new configuration with the name you initially specified. 
  3. Click on this new entry to connect to your server.
  4. Accept the certificate warnings. These should only appear the very first time you connect.
  5. Your Windows remote session should now be active.

Remotely access a Mac

Currently you cannot remote desktop into a University managed Mac. ICT recommends using cloud applications wherever possible, for example, use Office 365, OneDrive for Business and Adobe CC.

You are able to access files stored on a University Mac, administrator accounts of the Mac can access their files by connecting via Unified Access and then following the instructions below. 

Technical details

How to use SFTP to access files on a Mac

Cyberduck 

Make sure you are connected via Unified Access. 

  1. Open Cyberduck 
  2. Click Open Connection 
  3. Select SFTP (SSH File Transfer Protocol) in the dropdown menu 
  4. Enter the IP address or full name of the machine you wish to connect to in the field Server. 
  5. Enter the port number. (port 22 for SFTP) 
  6. Make sure Anonymous Login is not selected. 
  7. Enter your Imperial username 
  8. Enter your Imperial password 
  9. Click on Connect to connect to the server. 
  10. Click Allow when you get a warning about an unknown host key. 

Terminal (command line) 

Make sure you are connected via Unified Access.

Example based on user jsmith connecting to cc-jsmith-mac 

  1. Open Terminal (click on spotlight and type ‘terminal’ or go to Applications > Utilities > Terminal) 
  2. Type: sftp username@machinename  i.e. sftp jsmith@cc-jsmith-mac.doc.ic.ac.uk
  3. Press Enter 
  4. Enter the password associated with your Imperial User Name. 

Remotely access a Linux machine

The SSH Gateway service allows external users to be able to connect to their internal SSH systems (typically Linux servers) from remote locations via SSH. This allows SSH connections to get general access to systems/servers, but not to our key secure services such as ICIS or Banner.

XRDP can be used on Linux systems to provide a graphical login to remote machines – this makes use of the Microsoft Remote Desktop Protocol (RDP) and connections can be made using numerous different RDP client programs, including the standard Microsoft Remote Desktop Client.

Limitations:

  • Unlike in Windows, XRDP does not allow you to connect to an existing console/local graphical session – the graphical session you create when logging in using XRDP is used just for remote connections.
  • Under OEL7 you can connect using XRDP even when already logged on to a graphical session locally. However, when using XRDP in Ubuntu this is not possible – if still logged on locally you would have to connect first using SSH and end the existing graphical session (by rebooting the computer, for example) and then you could connect remotely.

Technical details

How to use SSH to access files on a Linux machine using a Windows PC

Users of this service will need to have an Imperial user account. 

  1. Download Putty or another SSH v2 client 
  2. To access this service place a request via the ICT Service Desk
  3. You will need to first follow the instructions to "wake my PC". 
  4. Enter sshgw.ic.ac.uk as Host Name 
  5. Click Open
  6. Enter your Imperial username  
  7. Enter your Imperial Password 
  8. You will get a warning about trusting this machine the first time, enter yes
  9. Type ssh 'your computer hostname' (without quote marks)
  10. Enter the username you use on the Linux machine 
  11. Enter the password you use on the Linux machine 

Note:

  • SSH Forwarding is not enabled
  • Generic access only to internal low-risk systems.
  • Auditing of user access is enabled.
  • Very restricted local writes on this service (which are monitored). 
How to use SSH to access files on a Linux machine using a Mac or Linux

Users of this service will need to have an Imperial user account and will need to have an SSH client to connect to this service (this is inbuilt in Linux ).

  1. To access this service place a request via the ICT Service Desk
  1. You will need to first follow the instructions to "wake my PC". 
  1. Open terminal 
  1. Users will need to connect to the following location: sshgw.ic.ac.uk 
  1. Users will connect with the following: ssh <username>@sshgw.ic.ac.uk For example: ssh joebloggs@sshgw.ic.ac.uk 
  1. The host key fingerprint for this is   

Mac  SHA256:36erZyy3SBSr0L3adNwJlLNtC6xKtQecEKhMfx3yyTU. 

Linux: 9c:15:97:fd:71:80:1a:ae:fd:6b:1d:1e:f2:b7:89:a6 

  1. Type ssh ‘your computer hostname’ (without quotes) 
  1. Enter the username you use on the Linux machine 
  1. Enter the password you use on the Linux machine 

 Note:

  • SSH Forwarding is not enabled 
  • Generic access only to internal low-risk systems. 
  • Auditing of user access is enabled. 
  • Very restricted local writes on this service (which are monitored).
XRDP set up for OEL7

1. Install xrdp package (this installs from the EPEL repository, which is configured as standard on Imperial-configured systems)

sudo yum install xrdp

2. Start xrdp services and enable for automatic startup with the system (this also starts the xrdp-sesman service)

sudo systemctl start xrdp

sudo systemctl enable xrdp

3. Add firewall rule to allow incoming RDP connections

sudo firewall-cmd --permanent --add-port=3389/tcp

sudo firewall-cmd --reload

4. Edit configuration to allow only defined users to connect to xrdp

4.1. Edit file /etc/xrdp/sesman.ini

4.2. Find line defining TerminalServerUsers and edit this value – it could be set to, for example, sshd so that users already set up for SSH access are also then set up to use xrdp. Alternatively, you could add a new group and maintain the membership of that group separately – this is outside the scope of these instructions

4.3. Find the line defining AlwaysGroupCheck and set this to true

4.4. Restart the xrdp-sesman service with

sudo systemctl restart xrdp-sesman

4.5. Add any required users to the sshd group (and therefore grant them both SSH and Remote Desktop access) with

sudo usermod <username> -a -G sshd

(note that the -a option is crucial as this ‘appends’ to any existing list of group memberships – without this option the existing memberships would be removed)

5. Connect from your client computer and login at the xrdp login screen – session type will be “Xvnc”. Do not include any IC\ prefix on your username