Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
doku:vpn_ssh_access [2017/04/07 08:56]
dieter [Parameters in ''.ssh/config'']
doku:vpn_ssh_access [2024/02/16 11:39] (current)
mpfister Jump host in ssh configuration file
Line 8: Line 8:
 Common ways of connecting are either the use of a VPN or a SSH gateway provided by the university. Common ways of connecting are either the use of a VPN or a SSH gateway provided by the university.
  
-See also [[doku:vsc3quickstart|Login]], and  [[doku:win2vsc|Connecting from windows]].+See also [[pandoc:introduction-to-vsc:02_connecting_to_vsc:connecting_to_vsc|Login and data transfer]], and  [[doku:win2vsc|Connecting from windows]].
  
 === VPN services === === VPN services ===
-  * University of Vienna: [[http://zid.univie.ac.at/en/services/services-from-a-z/v/vpn-virtual-private-network|English]] [[http://zid.univie.ac.at/vpn/|German]] +  * University of Vienna: [[http://zid.univie.ac.at/en/vpn|English]] [[http://zid.univie.ac.at/vpn/|German]] 
-  * TU Vienna: [[http://www.zid.tuwien.ac.at/en/tunet_the_network_of_the_tu_vienna/vpn/remote_access/|English]] [[http://www.zid.tuwien.ac.at/tunet/vpn/|German]]+  * TU Vienna: [[https://www.it.tuwien.ac.at/en/services/network-and-servers/tuvpn|English]] [[https://www.it.tuwien.ac.at/services/netzwerk-und-server/tuvpn|German]]
   * University of Innsbruck: [[http://www.uibk.ac.at/zid/netz-komm/vpn/|German]]   * University of Innsbruck: [[http://www.uibk.ac.at/zid/netz-komm/vpn/|German]]
-  * University of Graz: [[http://it.uni-graz.at/de/fernzugriff/login-datenzugriff/vpn/|German]] +  * University of Graz: [[https://it.uni-graz.at/de/services/zugang-zum-uninetz/vpn/|German]] 
-  * TU Graz: [[https://sso.tugraz.at/idp/Authn/GenericAuthn| Web Single Sign-On]]+  * TU Graz: [[http://portal.tugraz.at/portal/page/portal/zid/netzwerk/zugang/vpn| Web Single Sign-On]]
  
  
 === SSH Gateway === === SSH Gateway ===
  
-Users can connect first to any linux machine within a university and then connect further to VSC. Some universities provide a dedicated SSH gateway (contact your local IT services if you don't know how to connect)+Users can connect first to any linux machine within a university and then connect further to VSC. Some universities provide a dedicated SSH gateway (contact your local IT services if you don't know how to connect).
-  * TU Graz: [[https://sso.tugraz.at/idp/Authn/GenericAuthn|SSH gateway]]+
  
 ====== Using SSH keys and SSH agent to connect to VSC ====== ====== Using SSH keys and SSH agent to connect to VSC ======
Line 40: Line 39:
 -rw-r--r-- 1 user user  394 Dec  6 09:15 /home/user/.ssh/id_rsa.pub -rw-r--r-- 1 user user  394 Dec  6 09:15 /home/user/.ssh/id_rsa.pub
 </code> </code>
 +See also [[doku:sshkeygen|sshkeygen]].
 ==== remote machine ==== ==== remote machine ====
   * Preparing the remote machine for logging in with your key: On the remote machine the contents of your 'id_rsa.pub' file have to be added to the 'authorized_keys' file in the '.ssh' directory. Login to the remote machine and use a text editor of your choice to do this. Afterwards check if the permissions of the 'authorized_keys' file are correct:<code>   * Preparing the remote machine for logging in with your key: On the remote machine the contents of your 'id_rsa.pub' file have to be added to the 'authorized_keys' file in the '.ssh' directory. Login to the remote machine and use a text editor of your choice to do this. Afterwards check if the permissions of the 'authorized_keys' file are correct:<code>
Line 52: Line 51:
     * written to ''~/.ssh/config'' (see below).     * written to ''~/.ssh/config'' (see below).
  
-==== Connecting to VSC-or VSC-via ssh-key: ====+==== Connecting to VSC-or VSC-via ssh-key: ====
 <code> <code>
-ssh -p 27 <username>@vsc2.vsc.ac.at     # or  +ssh -p 27 <username>@vsc4.vsc.ac.at     # or  
-ssh -p 27 <username>@vsc3.vsc.ac.at+ssh -p 27 <username>@vsc5.vsc.ac.at
 </code> </code>
  
-=== Forwarding the ssh-agent over multiple servers === +=== Using a jump host === 
-If the machine to which one wants to login is reachable only over one or several hops in between, the ssh-agent of the local machine can be forwarded to the machines in between using the '-Aoption of the 'ssh' command. Prerequisite is that on all remote hosts the public key has been added to the 'authorized_keys' file as described above. For example, a connection to VSC-over the 'login.univie.ac.at' machine would look like this :+It is also possible to use SSH keys if the machine to which one wants to login is reachable only over one or several hops in between. To do thisuse the command ''-J'' to specify the jump host. Prerequisite is that on all remote hosts the public key has been added to the ''authorized_keys'' file as described above. For example, a connection to VSC-over the ''login.univie.ac.at'' machine would look like this :
 <code> <code>
-user@host:~$ ssh -p27 -X --<uni_username>@login.univie.ac.at ssh -p27 -X <vsc_username>@vsc3.vsc.ac.at+user@host:~$ ssh -p27 -X --<uni_username>@login.univie.ac.at <vsc_username>@vsc5.vsc.ac.at
 </code> </code>
  
Line 69: Line 68:
  
 <code> <code>
-Host vsc3.vsc.ac.at vsc3+Host vsc5.vsc.ac.at vsc5
   Port 27   Port 27
 +  User vsc_username
 #  ForwardAgent yes #  ForwardAgent yes
   IdentityFile id_rsa   IdentityFile id_rsa
   IdentitiesOnly yes   IdentitiesOnly yes
 #  ForwardX11 yes #  ForwardX11 yes
 +</code>
 +
 +=== Using a jump host ===
 +A configuration for automatically using a jump host could look like this:
 +
 +<code>
 +Host vsc5.vsc.ac.at vsc5
 +  User vsc_username
 +  ProxyJump login.univie.ac.at
 +
 +Host login.univie.ac.at
 +  User uni_username
 </code> </code>
  
  • doku/vpn_ssh_access.1491555383.txt.gz
  • Last modified: 2017/04/07 08:56
  • by dieter