Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
doku:vpn_ssh_access [2022/11/04 10:47] – [Parameters in .ssh/config] goldenberg | doku:vpn_ssh_access [2024/05/02 09:54] (current) – [Security issues] adding link to man sshd jz | ||
---|---|---|---|
Line 12: | Line 12: | ||
=== VPN services === | === VPN services === | ||
* University of Vienna: [[http:// | * University of Vienna: [[http:// | ||
- | * TU Vienna: [[https:// | + | * TU Vienna: [[https:// |
* University of Innsbruck: [[http:// | * University of Innsbruck: [[http:// | ||
* University of Graz: [[https:// | * University of Graz: [[https:// | ||
Line 57: | Line 57: | ||
</ | </ | ||
- | === Forwarding the ssh-agent over multiple servers | + | === Using a jump host === |
- | If the machine to which one wants to login is reachable only over one or several hops in between, the ssh-agent of the local machine can be forwarded to the machines in between using the '-A' | + | It is also possible to use SSH keys if the machine to which one wants to login is reachable only over one or several hops in between. To do this, use the command ''-J'' to specify |
< | < | ||
- | user@host: | + | user@host: |
</ | </ | ||
Line 68: | Line 68: | ||
< | < | ||
- | Host vsc4.vsc.ac.at | + | Host vsc5.vsc.ac.at |
Port 27 | Port 27 | ||
+ | User vsc_username | ||
# ForwardAgent yes | # ForwardAgent yes | ||
IdentityFile id_rsa | IdentityFile id_rsa | ||
IdentitiesOnly yes | IdentitiesOnly yes | ||
# ForwardX11 yes | # ForwardX11 yes | ||
+ | </ | ||
+ | |||
+ | === Using a jump host === | ||
+ | A configuration for automatically using a jump host could look like this: | ||
+ | |||
+ | < | ||
+ | Host vsc5.vsc.ac.at vsc5 | ||
+ | User vsc_username | ||
+ | ProxyJump login.univie.ac.at | ||
+ | |||
+ | Host login.univie.ac.at | ||
+ | User uni_username | ||
</ | </ | ||
Line 79: | Line 92: | ||
* In theory it would be possible to create an ssh key without passphrase. However, the possession of this key would allow anyone from anywhere to open a connection. | * In theory it would be possible to create an ssh key without passphrase. However, the possession of this key would allow anyone from anywhere to open a connection. | ||
* Forwarding the ssh key as a standard procedure, e.g. by aliasing the ' | * Forwarding the ssh key as a standard procedure, e.g. by aliasing the ' | ||
- | * One of the worst security issues concerning ssh keys would be to create a passphrase-less ssh-key and copy the public key directly to the ' | + | * One of the worst security issues concerning ssh keys would be to create a passphrase-less ssh-key and copy the public key directly to the ' |