Differences

This shows you the differences between two versions of the page.

--- institute_lorentz:institutelorentz_remoteaccess [2022/05/31 08:05] – [SSH access/tunnelling behind firewalls] lenocil
+++ institute_lorentz:institutelorentz_remoteaccess [2022/11/29 12:27] (current) – [SSH access/tunnelling behind firewalls] lenocil
@@ Line 94: / Line 94: @@
 The set up on your side is rather simple and requires only editing a file on the SSH client you wish to use, e.g. laptop, workstation, etc..
-Add the following stanza to your SSH client config file (''~/.ssh/config'' on most GNU/Linux distros)
+Add the following stanza to your SSH client config file((The same result is obtained by executing directly ''ssh -o ProxyCommand="openssl s_client -quiet -connect access.lorentz.leidenuniv.nl:443" ssh.lorentz.firewall'' on the command line.)) (''~/.ssh/config'' on most GNU/Linux distros)
 <code bash>
 Host ssh.lorentz.firewall
-  ProxyCommand openssl s_client -connect access.lorentz.leidenuniv.nl:443 -quiet
+  ProxyCommand openssl s_client -connect access.lorentz.leidenuniv.nl:443 -servername lorentz -quiet
   User <Your IL username>
 </code>
@@ Line 134: / Line 134: @@
 When the connection is initiated you will be able to double-check the SSL certificate details, especially the ''CN'' entry (see above) which must correspond to our server ''access.lorentz.leidenuniv.nl''. Then upon a successful authentication, you will be let in and be able to use the command line as usual.
+Similarly it is possible to initiate an SSL-wrapped SSH SOCKS proxy connection useful to protect your browser sessions from eavesdroppers  as in the example below. Provided you set up your SSH client config as described above, type
+<code bash>
+ssh -ND 8888 ssh.lorentz.firewall
+</code>
+then modify your browser settings to instruct it to redirect all connections to a SOCKS proxy listening on ''localhost'' post ''8888''.

Computer Documentation Wiki

User Tools

Site Tools

Differences

Page Tools