To connect to server, local or remote, you can use the ssh client program. When you start a connection to the server using this program, the two machine involved, encrypt all the network traffic generated, so nobody can spy on your connection and see what you are doing. This kind of connection is the only available if you want to use terminal session to connect to our server, no matter if the connection is made locally or from a remote workstation.

All you have to do in order to connect to a local or remote server is to open a terminal window and use the command

ssh <name of the server>

where <name of the server> can be the letteral name of the server or his IP Address. If this is the first time you try to connect to the server, the system present the remote key and ask you to confirm the connection. Just answer yes to the question and the remote system will ask for your username and password.
The username parameter is normally inherithed from the login you are using in the local system, so you have to insert only your password to access the remote system. <note warning> If you are using the session of another use, to access the remote server, use the -l <username> parameter in order to indicate the username you want use on the remote machine. </note> After opening the connection you can work on the server as you where logged to the consolle.

With the base connection, as the one explained above, you can't access to the graphical interface of the remote system. In order to start programs that have a graphical interface you must use a specific parameter that instruct the system to forward even the graphics connections.

ssh -l <username> -Y <remote server>

With the -Y parameter we can start a program on the remote server and his graphical window (if exist) will be displayed on our linux workstation (this works also in windows, if you install CygWin). The program is completely running in the remote server, only the graphical interface is displayed on the local machine.

<note tip> If you use this trick to see the graphical interface of a machine connected on the other side of the planet, check the bandwidth you can use. X11 connection require a lot of bandwidth. </note>

In a perfect world, Firewalls dosn't exist, but here on heart, Firewalls are absolutely necessary. Firewalls have just one mission: “block everything suspicious or dangerous that is transmitted on the network”. To do this the Firewalls limits the possibilities of connection from remote networks, no mater if the user connecting is good or bad. Of course this means disavantages for the allowed user that can't access directly the servers of the protected network, but must pass from a gateway.

The simple solution is to connect to the gateway and then, from the gateway, open a ssh connection to the remote server. This can be annoying and difficult if you have to connect to differents remote server at the same time.
A second option is to connect to the gateway, and at the same time open different tunnels that permit to connect to the remote server directly.

ssh -l <username> <gateway> -L 2222:<internal linux server>:22

After the correct login in the gateway, ssh generate a tunnel from the port 2222 of the workstation we are using, to the port 22 of the <internal linux server>. Therefore, we can open another window on the local workstation and from there we can connect to the <internal linux server> directly, pointing the ssh the opened local port:

ssh -l <username> 127.0.0.1 -p 2222

This solution can be useful for connectin even to remote graphical interfaces, as the Remote Desktop used by Windows XP computers:

ssh -l <username> <gateway> -L 3390:<internal windows server>:3389