This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
institute_lorentz:institutelorentz_remoteaccess [2022/05/31 07:57] – [SSH access/tunnelling behind firewalls] lenocil | institute_lorentz:institutelorentz_remoteaccess [2022/11/29 12:27] (current) – [SSH access/tunnelling behind firewalls] lenocil | ||
---|---|---|---|
Line 94: | Line 94: | ||
The set up on your side is rather simple and requires only editing a file on the SSH client you wish to use, e.g. laptop, workstation, | The set up on your side is rather simple and requires only editing a file on the SSH client you wish to use, e.g. laptop, workstation, | ||
- | Add the following stanza to your SSH client config file ('' | + | Add the following stanza to your SSH client config file((The same result is obtained by executing directly '' |
<code bash> | <code bash> | ||
Host ssh.lorentz.firewall | Host ssh.lorentz.firewall | ||
- | ProxyCommand openssl s_client -connect access.lorentz.leidenuniv.nl: | + | ProxyCommand openssl s_client -connect access.lorentz.leidenuniv.nl: |
User <Your IL username> | User <Your IL username> | ||
</ | </ | ||
+ | |||
+ | Then to initiate a SSL-wrapped SSH connection open a terminal and type | ||
+ | |||
+ | <code bash> | ||
+ | $ ssh ssh.lorentz.firewall | ||
+ | depth=2 C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority | ||
+ | verify return:1 | ||
+ | depth=1 C = NL, O = GEANT Vereniging, CN = GEANT OV RSA CA 4 | ||
+ | verify return:1 | ||
+ | depth=0 C = NL, ST = Zuid-Holland, | ||
+ | verify return:1 | ||
+ | |||
+ | -------------------------------------------------- | ||
+ | Welcome to the Lorentz Institute workstations | ||
+ | Access is allowed for authorized users only. | ||
+ | Any abuse will be tracked. | ||
+ | |||
+ | Helpdesk | ||
+ | https:// | ||
+ | support@lorentz.leidenuniv.nl | ||
+ | -------------------------------------------------- | ||
+ | |||
+ | READ THIS CAREFULLY BEFORE PROCEEDING: | ||
+ | ------------------------------------- | ||
+ | https:// | ||
+ | |||
+ | Last login: Tue May 17 09:36:49 2022 from XX.XX.XX.XX | ||
+ | ***** | ||
+ | |||
+ | $ | ||
+ | </ | ||
+ | |||
+ | When the connection is initiated you will be able to double-check the SSL certificate details, especially the '' | ||
+ | |||
+ | Similarly it is possible to initiate an SSL-wrapped SSH SOCKS proxy connection useful to protect your browser sessions from eavesdroppers | ||
+ | |||
+ | <code bash> | ||
+ | ssh -ND 8888 ssh.lorentz.firewall | ||
+ | </ | ||
+ | |||
+ | then modify your browser settings to instruct it to redirect all connections to a SOCKS proxy listening on '' | ||