Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
doku:vpn_ssh_access [2015/08/17 09:25] – jz | doku:vpn_ssh_access [2024/02/16 11:39] (current) – Jump host in ssh configuration file mpfister | ||
---|---|---|---|
Line 8: | Line 8: | ||
Common ways of connecting are either the use of a VPN or a SSH gateway provided by the university. | Common ways of connecting are either the use of a VPN or a SSH gateway provided by the university. | ||
- | See also Login to [[doku:vsc2quickStart|VSC-2]], [[doku:vsc3quickstart|VSC-3]], and [[doku: | + | See also [[pandoc:introduction-to-vsc:02_connecting_to_vsc: |
=== VPN services === | === VPN services === | ||
- | * University of Vienna: [[http:// | + | * University of Vienna: [[http:// |
- | * TU Vienna: [[http://www.zid.tuwien.ac.at/ | + | * TU Vienna: [[https://www.it.tuwien.ac.at/ |
* University of Innsbruck: [[http:// | * University of Innsbruck: [[http:// | ||
- | * University of Graz: [[http:// | + | * University of Graz: [[https:// |
- | * TU Graz: [[https://sso.tugraz.at/idp/Authn/GenericAuthn| Web Single Sign-On]] | + | * TU Graz: [[http://portal.tugraz.at/portal/page/portal/ |
=== SSH Gateway === | === SSH Gateway === | ||
- | Users can connect first to any linux machine within a university and then connect further to VSC. Some universities provide a dedicated SSH gateway (contact your local IT services if you don't know how to connect): | + | Users can connect first to any linux machine within a university and then connect further to VSC. Some universities provide a dedicated SSH gateway (contact your local IT services if you don't know how to connect). |
- | * TU Graz: [[https:// | + | |
- | ==== Using SSH keys and SSH agent to connect to VSC ==== | + | ====== Using SSH keys and SSH agent to connect to VSC ====== |
- | * Check permissions of your local .ssh directory:< | + | ==== Check permissions of your local .ssh directory:==== |
+ | < | ||
user@host: | user@host: | ||
drwx------ 4 user user 4096 Dec 6 09:20 / | drwx------ 4 user user 4096 Dec 6 09:20 / | ||
Line 31: | Line 31: | ||
</ | </ | ||
- | * Generate ssh-key, ssh passphrase should be as strong as your password!:< | + | ==== Generate ssh-key |
+ | ssh passphrase should be as strong as your password!:< | ||
user@host: | user@host: | ||
</ | </ | ||
Line 38: | Line 39: | ||
-rw-r--r-- 1 user user 394 Dec 6 09:15 / | -rw-r--r-- 1 user user 394 Dec 6 09:15 / | ||
</ | </ | ||
+ | See also [[doku: | ||
+ | ==== remote machine ==== | ||
* Preparing the remote machine for logging in with your key: On the remote machine the contents of your ' | * Preparing the remote machine for logging in with your key: On the remote machine the contents of your ' | ||
user@remote_host: | user@remote_host: | ||
-rw------- 1 user user 1194 Dec 6 09:39 .ssh/ | -rw------- 1 user user 1194 Dec 6 09:39 .ssh/ | ||
+ | </ | ||
+ | |||
+ | * Logging in with ssh-keys: For using the ssh-keys, | ||
+ | * they may be added to the so-called ssh-agent. Most window managers have a ssh-agent running by default and if a connection with an applicable key is opened you are asked to enter the passphrase. The ssh-agent will then store the passphrase and reuse it for further connection attempts with this private/ | ||
+ | * Alternatively, | ||
+ | * written to '' | ||
+ | |||
+ | ==== Connecting to VSC-4 or VSC-5 via ssh-key: ==== | ||
+ | < | ||
+ | ssh -p 27 < | ||
+ | ssh -p 27 < | ||
</ | </ | ||
- | * Logging in with ssh-keys: For using the ssh-keys, they must be added to the so-called ssh-agent. Most window managers have a ssh-agent running by default and if a connection with an applicable key is opened you are asked to enter the passphrase. The ssh-agent will then store the passphrase and reuse it for further connection attemps with this private/public key pair. | + | === Using a jump host === |
- | * Connecting | + | It is also possible to use SSH keys if the machine |
+ | < | ||
+ | user@host: | ||
+ | </ | ||
+ | |||
+ | ==== Parameters in .ssh/config ==== | ||
+ | |||
+ | Parameters may be written, e.g. on a per-host basis, to '' | ||
+ | |||
+ | < | ||
+ | Host vsc5.vsc.ac.at vsc5 | ||
+ | Port 27 | ||
+ | User vsc_username | ||
+ | # ForwardAgent yes | ||
+ | IdentityFile id_rsa | ||
+ | IdentitiesOnly yes | ||
+ | # ForwardX11 yes | ||
+ | </ | ||
+ | |||
+ | === Using a jump host === | ||
+ | A configuration for automatically using a jump host could look like this: | ||
+ | |||
+ | < | ||
+ | Host vsc5.vsc.ac.at vsc5 | ||
+ | User vsc_username | ||
+ | ProxyJump login.univie.ac.at | ||
- | * Forwarding the ssh-agent over multiple servers: If the machine to which one wants to login is reachable only over one or several hops in between, the ssh-agent of the local machine can be forwarded to the machines in between using the ' | + | Host login.univie.ac.at |
- | user@host: | + | |
- | </ | + | |
- | Host vsc2.univie.ac.at | + | |
- | ForwardAgent yes | + | |
</ | </ | ||
- | * Security issues | + | ===== Security issues |
* In theory it would be possible to create an ssh key without passphrase. However, the possession of this key would allow anyone from anywhere to open a connection. | * In theory it would be possible to create an ssh key without passphrase. However, the possession of this key would allow anyone from anywhere to open a connection. | ||
* Forwarding the ssh key as a standard procedure, e.g. by aliasing the ' | * Forwarding the ssh key as a standard procedure, e.g. by aliasing the ' | ||
* One of the worst security issues concerning ssh keys would be to create a passphrase-less ssh-key and copy the public key directly to the ' | * One of the worst security issues concerning ssh keys would be to create a passphrase-less ssh-key and copy the public key directly to the ' |