Remote Access
IMPORTANT INFO: By Tuesday 20. June access to rem-acc will require Microsoft MFA (multi factor authentication)
https://www.psi.ch/en/computing/change-to-mfa
If your account isn`t already enabled for Microsoft MFA, please
contact the IT Servicedesk during the business hours
using helpmfa@psi.ch
The purpose of this service is to offer to PSI and external users convenient access to compute resources, in particular to the beamline consoles and the Ra offline data analysis cluster. The access is provided in form of full graphical user session via the NoMachine software. Users need a PSI_account to use the resources and can access only those, to which they are explicitly entitled
Prerequisites
The following prerequisites must be fulfilled
- You need a PSI_account (an e-account or DUO account is not sufficient). If you do not have such an account, please request it via your PSI contact person.
- You need to have the NX software installed on your PC/Laptop/Tablet. The NoMachine client software can be downloaded and installed for Windows, Mac, Linux, Android and iOS systems free of charge (PSI-Windows users: please use installation from software kiosk, do not install client from NoMachine). At the time of writing the NoMachine version 6 software is needed.
Creating a connection from a remote host
Short description
- Run NX client and create new NoMachine connection
- Enter host rem-acc.psi.ch
- Enter your PSI_account name and password
- Choose one of the offered physical desktops or create a new virtual desktop
- For the proposed settings choose defaults except for:
- physical desktops: un-click the tick mark: "Change the server resolution to match the client when I connect"
- virtual desktops: choose "Resize remote screen" in the display options settings
Detailed description
Set up a NoMachine connection to rem-acc.psi.ch






Choose your newly created profile and click the Connect button. At the first connection you will be asked to verify the fingerprint of the ssh certificate of rem-acc.psi.ch. If you get the same string "SHA256 B4 38...5E E1" click "yes" to confirm.




ctrl-alt-0
and in the display options)

Choosing the right connection
NoMachine offers two types of remote connections, physical and virtual desktops.
Physical desktops
Here you connect to a actual machine having a graphic card and connected monitors. You "see" the same displays as the person who sits in front of the physical computer. The session reacts to both mouse and keyboard connected locally and remotely. This behaviour can be configured, e.g. if a "view only" option is required.
Virtual Desktops (Linux only)
The virtual desktop functionality allows individual multiple Linux desktops to run independently on the same host. Each user has her/his own personal 'virtual' Linux desktop.
In the NoMachine client, you can choose which desktops to see. Initially you may see a lot of connections, both active and suspended, from all users who have access to the same hosts than you have. To avoid this clutter you can click on the "All desktops" Button and choose "My desktops" instead. Or you type a search expression in the input field "Find a user or a desktop"
Both type of desktops allow for desktop sharing by different users, which is useful for collaboration use cases. For virtual sessions, this requires that the original user acknowledges such a request for desktop sharing. For physical desktops, this will depend on the configuration settings of the host.
Multi Monitor Support
ctrl-alt-0
, choose display, then "Change Monitor" , select the screen(s) and finally confirm by hitting the "done" button 3 times


Disconnect (suspend) and Reconnect sessions
ctrl-alt-0
, choose "Connection" and hit the "disconnect" button. If you later start NoMachine, potentially from a different location, this session will appear in the list of "My desktops", from where you can re-connect.

Closing virtual desktops connections
Simply log out from the graphical session as you would do normally. It's recommended to close idle sessions.
Improving image quality
ctrl-alt-0
-> display -> change settings and set quality (the upper bar) to 100 %. In addition you can tick the options "Disable multi-pass display encoding". See also NoMachine's Detailed description

Connection testing (still in preparation)
If you wish to test the procedures for remote access from your lab prior to your first remote access please contact your local contact who will arrange for access to a test machine. This will allow you to familiarize yourself with the NoMachine software as well as check the overall performance. The performance will depend mainly on the geographical distance from PSI and to a lesser extent on the available total network bandwidth of your internet connection.
Contact persons
- Access to beamline consoles and Ra cluster: the respective local contact of your beamline can help you.
Information for Beamline Scientists
Information for Beamline Scientists/Managers can be found in the internal PSI web page https://intranet.psi.ch/de/computing/photon-science-data-services
Further manuals per beamline
Troubleshooting
I do not get a connection. Whats wrong ?
Please check all of the following:
- Do you have a valid PSI_account and did you use this for making the connection ? If not, get one (see above).
- Is your local firewall allowing connections to port 4000 (NX protocol) ? If your local or your institutes firewalls blocks such outgoing connections you can try to set up an ssh tunnel via hop.psi.ch (see below).
- Did you check with your PSI local contact that you are actually entitled to connect now ? Tthe access can depend on the date/time, e.g. for access to scheduled beamline resources.
- Do you have a recent version of the NoMachine client installed (>= version 6.X)
There are many connection icons - which should I choose ?
On some clients the information about the name of the target machine is not always displayed. Instead you will only see who is logged in, but you do not see which machine the person is connected to. Solution: upgrade to a newer Client Version 6.x . You can select to see only your own running connections by clicking the "All desktops" button and select "My Desktops". But this will display only running or suspended virtual sessions, that you own.
I do not see the icons, which allow me to connect to the physical desktops
Sometimes you will only see the virtual session icons. In this case hit the "Back" button in the lower right corner of the NoMachine client. This should bring you to a list of machines, including the physical desktops.
I do not see the name of the computer to which I want connect
The computer name is unfortunately only shown if you choose the option list view with the view button (instead of icon or compact view). The view button is in the upper left corner of the NoMachine connection dialog.
I get a "permissioned denied" error message
If you get the error message: "Cannot create session directory:/afs/psi.ch/user/m/meier/.nx Error is:permission denied" when connecting you have to create the .nx directory once manually by typing "mkdir .nx" in the home directory of your AFS account.
My firewall rule doesn't allow access to 4000 port (outbound)
Some networks do not allow outgoing connections on port 4000. In such cases you might want to to reach out to the network administrator/responsible to allow connections to rem-acc.psi.ch on port 4000.
If this is not possible and/or feasible you can also reach rem-acc on port 22. Therefore you can adapt your NX connection settings to use port 22 instead of 4000. However make sure that you still select NX as the protocol!