Using SSH to Dedicate Full Processing Power to your UCI Chess Engine

Submitted by Tom Thorp on Saturday, September 24, 2016 - 12:44
Modified on Wednesday, September 12, 2018 - 03:57
Garry Kasparov vs Deep Blue
This knowledgebase is for those who have two PC's, one running Windows, and the other running a minimal O/S (such as Linux) with plenty of CPU. If you have knowledge on networking both types of operating systems, then this is for you.
Computers have progressed a long way ever since Deep Blue's famous (3½ - 2 ½) victory against the then world champion Garry Kasparov. With the advent of faster computer processors, not only are computer chess engines processing more moves (ie. nodes) per second, they are becoming ever more stronger. Computer chess engines are now more thought of as an invaluable teaching/training tool for the novice chess player, right up to the grand master. 
If you are currently using a Chess program (such as Fritz 15) on Windows, and are using the Windows version of the UCI engine for your analysis, then most likely you aren't getting the optimal CPU processing time. You'll want to offload the processing time to another (preferably faster) computer so that Windows is free to do other work. This is where SSH is needed. 
Because we are using Windows as our client, we will need to use Putty and associated programs to communicate with our server. You will also need a program called 'InBetween.exe' . This program acts as a coduit between your Windows chess program and the chess engine on the remote server. Think of it like a proxy, except that it is communicating via SSH instead. 

Links to associated programs can be found at the end of this knowledgebase. 

Configuring a Linux Account With SSH Access

To make sure the UCI chess engine is running securely on the remote server, it is best practice to set up a dedicated account with limited privileges. To do so, with admin privileges on the remote server, set the user up as follows : 
adduser <engineacct>
passwd <engineacct> (enter strong password, and confirm)
Now log into your new <engineacct> with the password you assigned to the account. Next we have to generate a public/private SSH key pairing on the <engineacct>.
ssh-keygen -t rsa 

# accept the file destination to save the key and passphrase. 
There will be two files saved - id_rsa (the private key), and (the public key). We will need to append the contents of to the end of authorized_keys (if the file exists). To do so, run the following command : 
cat >> authorized_keys
Finally, secure the '.ssh' directory and files (in the <engineacct> account), by running the following command :
chmod 700 ~/.ssh && chmod 600 ~/.ssh/*
Log out of the <engineacct> account. 

Testing SSH Access

Before testing SSH access on Windows, we need to check that SSH access is indeed working. To test this, from a terminal on the Linux server, type the following :
ssh <engineacct>@<server ip address>
If you get a prompt for a password, type in the <engineacct> password. If login is successful, then SSH is working. Otherwise, you'll need to investigate why the SSH Daemon is not working. Type 'exit' to log out of the SSH instance. 

Establishing Private/Public Key Pair Authentication

For remote authentication between client and server to work, the key ingredient needed is to establish a Private/Public Key pairing between the devices. To do so, we need to copy over the private key (id_rsa) from the server to the client, so that the client can establish a trusted connection between the two. 
Execute the following command :
scp <engineacct>@<server ip address>:~/.ssh/id_rsa .
(Note the full stop. Enter the password for <engineacct>.)
A copy of the private key 'id_rsa' would of been transferred to the current directory you are in. Now execute the following command :
ssh -i id_rsa <engineacct>@<server ip address>
If all is working, you should be able to log into the <engineacct> account with no password using the 'id_rsa' certificate.

Copy 'id_rsa' onto Windows and Convert into PPK (Putty) format

Providing authentication via SSH with Private/Public Key has been tested, we can transfer the id_rsa onto Windows. To do so, use Putty's Secure Copy program PSCP.EXE to transfer the file. 
pscp.exe <engineacct>@<server ip address>:<full path to id_rsa file> .
(Note: pscp.exe does not recognise the tilde '~' command.)
Because Windows does not natively use SSH commands in it's Operating System, we have to convert the 'id_rsa' private key file to Putty's preferred format PPK. To convert the file over, we use the program PuttyGen.exe . 


Click on the 'load' button, and locate the 'id_rsa' file you transferred earlier. The private key will be displayed in the box above. Finally, click on the button 'Save private key' and change the filename to a name you'll recognise. You will need this file to authenticate later. Close PuttyGen. 

Verify Putty Authentication With Server

To verify that the private key converted by PuttyGen authenticates with the server, issue the following command from a command box in Windows :
plink.exe -C -i <puttygen ppk> <engineacct>@<server ip address>
A command to remotely execute a remote UCI engine will work if the above command successfully authenticates without any password. 

Setting up InBetween.exe

InBetween.exe acts like a conduit / proxy between your Windows Chess program and your remote UCI chess engine. It is best to set InBetween.exe in its' own directory and make configuration to the 'InBetween.ini' file. To make the remote engine active, it is a simple case of adding 'inbetween.exe' as an engine in your list of available chess engines. 
To make the necessary changes to 'InBetween.ini', edit the file using Notepad and modify the line beginning with "CommandLine :=" . For example:
CommandLine := c:\Users\tom\Downloads\Plink.exe -C -i puttygen.ppk chess@ "~/engines/komodo"
runs the remote UCI engine "~/engines/komodo" authenticating using account 'chess' on server '' with private key 'puttygen.ppk' . 
Save the 'inbetween.ini' file and test that remote execution works by executing 'inbetween.exe' . If a terminal window pops up with the UCI engine running, 'InBetween.exe' is properly configured and will work with your Windows Chess program. 

Final Thoughts

There are many more configuration options available to you, providing you have an open source version of a UCI engine. Custom opening books as well as endgame tablebases are two examples of this. Customize and rebuild your own open-source version by all means, but always include who the original authors of the UCI engine are. 

About the author

Tom Thorp
Tom Thorp is an IT Consultant living in Miami on Queensland's Gold Coast. With over 30+ years working in the IT industry, Tom's experience is a broad canvas. The IT services Tom provides to his clients, includes :
Website development and hosting
Database Administration
Server Administration (Windows, Linux, Apple)
PABX Hosting and Administration
Helpdesk Support (end-user & technical).
SSHUCIChess EnginesPuttyWindowsLinux