Computer Documentation Wiki

User Tools

Site Tools

Trace:
institute_lorentz:institutelorentz_remoteaccess

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
institute_lorentz:institutelorentz_remoteaccess [2022/05/31 07:57] – [SSH access/tunnelling behind firewalls] lenocilinstitute_lorentz:institutelorentz_remoteaccess [2022/11/29 12:27] (current) – [SSH access/tunnelling behind firewalls] lenocil
Line 94: Line 94:
 The set up on your side is rather simple and requires only editing a file on the SSH client you wish to use, e.g. laptop, workstation, etc.. The set up on your side is rather simple and requires only editing a file on the SSH client you wish to use, e.g. laptop, workstation, etc..
  
-Add the following stanza to your SSH client config file (''~/.ssh/config'' on most GNU/Linux distros)+Add the following stanza to your SSH client config file((The same result is obtained by executing directly ''ssh -o ProxyCommand="openssl s_client -quiet -connect access.lorentz.leidenuniv.nl:443" ssh.lorentz.firewall'' on the command line.)) (''~/.ssh/config'' on most GNU/Linux distros)
  
 <code bash> <code bash>
 Host ssh.lorentz.firewall Host ssh.lorentz.firewall
-  ProxyCommand openssl s_client -connect access.lorentz.leidenuniv.nl:443 -quiet+  ProxyCommand openssl s_client -connect access.lorentz.leidenuniv.nl:443 -servername lorentz -quiet
   User <Your IL username>   User <Your IL username>
 </code> </code>
 +
 +Then to initiate a SSL-wrapped SSH connection open a terminal and type
 +
 +<code bash>
 +$ ssh ssh.lorentz.firewall
 +depth=2 C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority
 +verify return:1
 +depth=1 C = NL, O = GEANT Vereniging, CN = GEANT OV RSA CA 4
 +verify return:1
 +depth=0 C = NL, ST = Zuid-Holland, O = Universiteit Leiden, CN = access.lorentz.leidenuniv.nl
 +verify return:1
 +
 +--------------------------------------------------
 +    Welcome to the Lorentz Institute workstations
 +    Access is allowed for authorized users only. 
 +    Any abuse will be tracked.
 +
 +    Helpdesk     Room HL40[7-9]   Tel 8484  
 +    https://helpdesk.lorentz.leidenuniv.nl
 +    support@lorentz.leidenuniv.nl
 +--------------------------------------------------
 +
 +READ THIS CAREFULLY BEFORE PROCEEDING:
 +-------------------------------------
 +https://ilorentz.org/wiki/doku.php?id=institute_lorentz
 +
 +Last login: Tue May 17 09:36:49 2022 from XX.XX.XX.XX
 +*****
 +
 +$
 +</code>
 +
 +When the connection is initiated you will be able to double-check the SSL certificate details, especially the ''CN'' entry (see above) which must correspond to our server ''access.lorentz.leidenuniv.nl''. Then upon a successful authentication, you will be let in and be able to use the command line as usual.
 +
 +Similarly it is possible to initiate an SSL-wrapped SSH SOCKS proxy connection useful to protect your browser sessions from eavesdroppers  as in the example below. Provided you set up your SSH client config as described above, type
 +
 +<code bash>
 +ssh -ND 8888 ssh.lorentz.firewall
 +</code>
 +
 +then modify your browser settings to instruct it to redirect all connections to a SOCKS proxy listening on ''localhost'' post ''8888''.
  
institute_lorentz/institutelorentz_remoteaccess.1653983855.txt.gz · Last modified: 2022/05/31 07:57 by lenocil

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki