Since November 2013 access to VSC is restricted to IP addresses from the participating partner universities of the VSC project. If users wants to access VSC from IPs outside of these IP ranges, they have first to login to a machine or service to get access to their university network.
Common ways of connecting are either the use of a VPN or a SSH gateway provided by the university.
See also Login and data transfer, and Connecting from windows.
Users can connect first to any linux machine within a university and then connect further to VSC. Some universities provide a dedicated SSH gateway (contact your local IT services if you don't know how to connect).
user@host:~$ ls -dl ~/.ssh drwx------ 4 user user 4096 Dec 6 09:20 /home/user/.ssh
This directory should only be accessible for your user. If permissions are not as in the above example set them with:
user@host:~$ chmod 700 ~/.ssh
ssh passphrase should be as strong as your password!:
user@host:~$ ssh-keygen -t rsa
If default options are used, the private and public key are saved into your $HOME/.ssh directory. 'id_rsa' is the private key file, this should not be lost or given to any other person. 'id_rsa.pub' is the public key file which is used for authenticating on remote machines. Again, check if the permissions of the generated files are correct. By default they should look like this:
user@host:~$ ls -la ~/.ssh/id_* -rw------- 1 user user 1766 Dec 6 09:15 /home/user/.ssh/id_rsa -rw-r--r-- 1 user user 394 Dec 6 09:15 /home/user/.ssh/id_rsa.pub
See also sshkeygen.
user@remote_host:~$ ls -l .ssh/authorized_keys -rw------- 1 user user 1194 Dec 6 09:39 .ssh/authorized_keys
Alternatively you can copy the key via the ssh-copy-id
command:
user@remote_host:~$ ssh-copy-id <username>@vsc3.vsc.ac.at
~/.ssh/config
(see below).ssh -p 27 <username>@vsc4.vsc.ac.at # or ssh -p 27 <username>@vsc5.vsc.ac.at
It is also possible to use SSH keys if the machine to which one wants to login is reachable only over one or several hops in between. To do this, use the command -J
to specify the jump host. Prerequisite is that on all remote hosts the public key has been added to the authorized_keys
file as described above. For example, a connection to VSC-5 over the login.univie.ac.at
machine would look like this :
user@host:~$ ssh -p27 -X -t -J <uni_username>@login.univie.ac.at <vsc_username>@vsc5.vsc.ac.at
Parameters may be written, e.g. on a per-host basis, to ~/.ssh/config
of the local machine (see also man ssh_config
(agent and X11 forwarding may be enabled if permanently required):
Host vsc5.vsc.ac.at vsc5 Port 27 User vsc_username # ForwardAgent yes IdentityFile id_rsa IdentitiesOnly yes # ForwardX11 yes
A configuration for automatically using a jump host could look like this:
Host vsc5.vsc.ac.at vsc5 User vsc_username ProxyJump login.univie.ac.at Host login.univie.ac.at User uni_username
.ssh/authorized_keys
: from=“*.trusted.host.example.com”
(see man sshd
).