Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
doku:vpn_ssh_access [2017/03/31 09:01] – [Using SSH keys and SSH agent to connect to VSC] ir | doku:vpn_ssh_access [2024/02/16 11:39] – Jump host in ssh configuration file mpfister | ||
---|---|---|---|
Line 8: | Line 8: | ||
Common ways of connecting are either the use of a VPN or a SSH gateway provided by the university. | Common ways of connecting are either the use of a VPN or a SSH gateway provided by the university. | ||
- | See also [[doku:vsc3quickstart|Login]], and [[doku: | + | See also [[pandoc:introduction-to-vsc: |
=== VPN services === | === VPN services === | ||
- | * University of Vienna: [[http:// | + | * University of Vienna: [[http:// |
- | * TU Vienna: [[http://www.zid.tuwien.ac.at/ | + | * TU Vienna: [[https://www.it.tuwien.ac.at/ |
* University of Innsbruck: [[http:// | * University of Innsbruck: [[http:// | ||
- | * University of Graz: [[http:// | + | * University of Graz: [[https:// |
- | * TU Graz: [[https://sso.tugraz.at/idp/Authn/GenericAuthn| Web Single Sign-On]] | + | * TU Graz: [[http://portal.tugraz.at/portal/page/portal/ |
=== SSH Gateway === | === SSH Gateway === | ||
- | Users can connect first to any linux machine within a university and then connect further to VSC. Some universities provide a dedicated SSH gateway (contact your local IT services if you don't know how to connect): | + | Users can connect first to any linux machine within a university and then connect further to VSC. Some universities provide a dedicated SSH gateway (contact your local IT services if you don't know how to connect). |
- | * TU Graz: [[https:// | + | |
- | ==== Using SSH keys and SSH agent to connect to VSC ==== | + | ====== Using SSH keys and SSH agent to connect to VSC ====== |
- | * Check permissions of your local .ssh directory:< | + | ==== Check permissions of your local .ssh directory:==== |
+ | < | ||
user@host: | user@host: | ||
drwx------ 4 user user 4096 Dec 6 09:20 / | drwx------ 4 user user 4096 Dec 6 09:20 / | ||
Line 31: | Line 31: | ||
</ | </ | ||
- | * Generate ssh-key, ssh passphrase should be as strong as your password!:< | + | ==== Generate ssh-key |
+ | ssh passphrase should be as strong as your password!:< | ||
user@host: | user@host: | ||
</ | </ | ||
Line 38: | Line 39: | ||
-rw-r--r-- 1 user user 394 Dec 6 09:15 / | -rw-r--r-- 1 user user 394 Dec 6 09:15 / | ||
</ | </ | ||
+ | See also [[doku: | ||
+ | ==== remote machine ==== | ||
* Preparing the remote machine for logging in with your key: On the remote machine the contents of your ' | * Preparing the remote machine for logging in with your key: On the remote machine the contents of your ' | ||
user@remote_host: | user@remote_host: | ||
Line 44: | Line 46: | ||
</ | </ | ||
- | * Logging in with ssh-keys: For using the ssh-keys, they must be added to the so-called ssh-agent. Most window managers have a ssh-agent running by default and if a connection with an applicable key is opened you are asked to enter the passphrase. The ssh-agent will then store the passphrase and reuse it for further connection attempts with this private/ | + | * Logging in with ssh-keys: For using the ssh-keys, |
+ | * they may be added to the so-called ssh-agent. Most window managers have a ssh-agent running by default and if a connection with an applicable key is opened you are asked to enter the passphrase. The ssh-agent will then store the passphrase and reuse it for further connection attempts with this private/ | ||
+ | * Alternatively, | ||
+ | * written to '' | ||
+ | |||
+ | ==== Connecting to VSC-4 or VSC-5 via ssh-key: ==== | ||
+ | < | ||
+ | ssh -p 27 < | ||
+ | ssh -p 27 < | ||
+ | </ | ||
+ | |||
+ | === Using a jump host === | ||
+ | It is also possible to use SSH keys if the machine to which one wants to login is reachable only over one or several hops in between. To do this, use the command '' | ||
+ | < | ||
+ | user@host: | ||
+ | </ | ||
+ | |||
+ | ==== Parameters in .ssh/config ==== | ||
+ | |||
+ | Parameters may be written, e.g. on a per-host basis, to '' | ||
+ | |||
+ | < | ||
+ | Host vsc5.vsc.ac.at vsc5 | ||
+ | Port 27 | ||
+ | User vsc_username | ||
+ | # ForwardAgent yes | ||
+ | IdentityFile id_rsa | ||
+ | IdentitiesOnly yes | ||
+ | # ForwardX11 yes | ||
+ | </ | ||
+ | |||
+ | === Using a jump host === | ||
+ | A configuration for automatically using a jump host could look like this: | ||
- | * Connecting to **VSC-2** or **VSC-3** via ssh-key: '' | + | <code> |
+ | Host vsc5.vsc.ac.at | ||
+ | User vsc_username | ||
+ | ProxyJump login.univie.ac.at | ||
- | * Forwarding the ssh-agent over multiple servers: If the machine to which one wants to login is reachable only over one or several hops in between, the ssh-agent of the local machine can be forwarded to the machines in between using the ' | + | Host login.univie.ac.at |
- | user@host: | + | |
- | </ | + | |
- | Host vsc3.vsc.ac.at | + | |
- | ForwardAgent yes | + | |
</ | </ | ||
- | * Security issues | + | ===== Security issues |
* In theory it would be possible to create an ssh key without passphrase. However, the possession of this key would allow anyone from anywhere to open a connection. | * In theory it would be possible to create an ssh key without passphrase. However, the possession of this key would allow anyone from anywhere to open a connection. | ||
* Forwarding the ssh key as a standard procedure, e.g. by aliasing the ' | * Forwarding the ssh key as a standard procedure, e.g. by aliasing the ' | ||
* One of the worst security issues concerning ssh keys would be to create a passphrase-less ssh-key and copy the public key directly to the ' | * One of the worst security issues concerning ssh keys would be to create a passphrase-less ssh-key and copy the public key directly to the ' |