This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
institute_lorentz:institutelorentz_remoteaccess [2022/05/31 07:31] – [Remote Access to your Workstation] lenocil | institute_lorentz:institutelorentz_remoteaccess [2022/11/29 12:27] (current) – [SSH access/tunnelling behind firewalls] lenocil | ||
---|---|---|---|
Line 85: | Line 85: | ||
Browse to '' | Browse to '' | ||
+ | |||
+ | ===== SSH access/ | ||
+ | |||
+ | There are situations in which SSH could be forbidden by firewall settings of the internet service provider. Think of countries which limit freedom of speech for example. Luckily Lorentz Institute provides its members with a special access server to overcome these restrictions. | ||
+ | |||
+ | In a nutshell, IL offers SSL-wrapped SSH access, that is it conceals SSH connections using the SSL protocol which is the protocol used by the world wide web to serve '' | ||
+ | |||
+ | The set up on your side is rather simple and requires only editing a file on the SSH client you wish to use, e.g. laptop, workstation, | ||
+ | |||
+ | Add the following stanza to your SSH client config file((The same result is obtained by executing directly '' | ||
+ | |||
+ | <code bash> | ||
+ | Host ssh.lorentz.firewall | ||
+ | ProxyCommand openssl s_client -connect access.lorentz.leidenuniv.nl: | ||
+ | User <Your IL username> | ||
+ | </ | ||
+ | |||
+ | Then to initiate a SSL-wrapped SSH connection open a terminal and type | ||
+ | |||
+ | <code bash> | ||
+ | $ ssh ssh.lorentz.firewall | ||
+ | depth=2 C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority | ||
+ | verify return:1 | ||
+ | depth=1 C = NL, O = GEANT Vereniging, CN = GEANT OV RSA CA 4 | ||
+ | verify return:1 | ||
+ | depth=0 C = NL, ST = Zuid-Holland, | ||
+ | verify return:1 | ||
+ | |||
+ | -------------------------------------------------- | ||
+ | Welcome to the Lorentz Institute workstations | ||
+ | Access is allowed for authorized users only. | ||
+ | Any abuse will be tracked. | ||
+ | |||
+ | Helpdesk | ||
+ | https:// | ||
+ | support@lorentz.leidenuniv.nl | ||
+ | -------------------------------------------------- | ||
+ | |||
+ | READ THIS CAREFULLY BEFORE PROCEEDING: | ||
+ | ------------------------------------- | ||
+ | https:// | ||
+ | |||
+ | Last login: Tue May 17 09:36:49 2022 from XX.XX.XX.XX | ||
+ | ***** | ||
+ | |||
+ | $ | ||
+ | </ | ||
+ | |||
+ | When the connection is initiated you will be able to double-check the SSL certificate details, especially the '' | ||
+ | |||
+ | Similarly it is possible to initiate an SSL-wrapped SSH SOCKS proxy connection useful to protect your browser sessions from eavesdroppers | ||
+ | |||
+ | <code bash> | ||
+ | ssh -ND 8888 ssh.lorentz.firewall | ||
+ | </ | ||
+ | |||
+ | then modify your browser settings to instruct it to redirect all connections to a SOCKS proxy listening on '' | ||