Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
public:ssh-usage [2015-03-09 09:49] – [SSH Port forwarding / tunneling] grit | public:ssh-usage [2018-07-18 11:12] – [Simple VPN using dynamic port forwarding] Reinoud Bokhorst | ||
---|---|---|---|
Line 12: | Line 12: | ||
==== Linux or OS X ==== | ==== Linux or OS X ==== | ||
- | The first thing you need to do is generate an authorisation key using the DSA algorithm, which means you need to do the following once. | + | The first thing you need to do is generate an authorisation key using the RSA algorithm |
You need to have a somewhat recent version of OpenSSL on your system for this to work: | You need to have a somewhat recent version of OpenSSL on your system for this to work: | ||
- | ssh-keygen -tdsa | + | ssh-keygen -t rsa |
- | cp .ssh/id_dsa.pub .ssh/ | + | cp .ssh/id_rsa.pub .ssh/ |
Use cat or some editor like vi, kate or emacs if authorized keys already exists and can't be simply copied. Copy your '' | Use cat or some editor like vi, kate or emacs if authorized keys already exists and can't be simply copied. Copy your '' | ||
Line 26: | Line 26: | ||
Select from the '' | Select from the '' | ||
- | * Select in the '' | + | * Select in the '' |
* Press the '' | * Press the '' | ||
* Now you'll have to move your mouse over the grey area below the progress bar. | * Now you'll have to move your mouse over the grey area below the progress bar. | ||
Line 93: | Line 93: | ||
{{public: | {{public: | ||
- | If you have this set up, then you can easily make bookmarks in [[http:// | + | If you have this set up, then you can easily make bookmarks/ |
{{ : | {{ : | ||
Line 193: | Line 193: | ||
< | < | ||
That will send send a message to the server every 60 seconds, keeping the connection open. I prefer this way because I login to several machines every day, and I don’t have root access to all of them. | That will send send a message to the server every 60 seconds, keeping the connection open. I prefer this way because I login to several machines every day, and I don’t have root access to all of them. | ||
+ | |||
+ | |||
+ | ==== lofarsys@localhost ==== | ||
+ | |||
+ | When you need to become lofarsys on the current host, you can use the following trick to overcome host key conflics: | ||
+ | alias lof=' | ||
+ | |||
+ | \\ | ||
+ | |||
+ | |||
+ | |||
+ | ===== Simple VPN using dynamic port forwarding ===== | ||
+ | |||
+ | Instead of forwarding a single port you can also use dynamic port forwarding. This will turn your SSH client into a local [[https:// | ||
+ | |||
+ | The most useful application is to use a SOCKS proxy to access LOFAR web services that are behind the firewall (when you are not connected to the LAN). Two steps are needed: | ||
+ | - Open a SOCKS proxy tunnel to the LOFAR portal | ||
+ | - Configure your browser (or OS) to use the proxy | ||
+ | Below a description on how to do that. | ||
+ | |||
+ | ==== Create SOCKS proxy tunnel ==== | ||
+ | |||
+ | __With SSH__ | ||
+ | |||
+ | The SOCKS tunnel is created by enabling the dynamic port forwarding feature when connecting to the LOFAR portal: | ||
+ | |||
+ | < | ||
+ | ssh -D 1080 < | ||
+ | </ | ||
+ | |||
+ | Port 1080 is the default SOCKS port but you can also choose another non-privileged one (e.g. 9999). Some client programs however may expect that port 1080 is used. | ||
+ | |||
+ | Additionally you may add the ' | ||
+ | |||
+ | __With PuTTY__ | ||
+ | |||
+ | Create a new session in the Putty configuration dialog to portal.lofar.eu on port 22 as you would normally do (e.g. adding your ssh key for authentication). | ||
+ | |||
+ | Then go to Connections-> | ||
+ | |||
+ | {{: | ||
+ | \\ | ||
+ | |||
+ | Go back to the Session and save this configuration under an existing or new session. | ||
+ | |||
+ | |||
+ | |||
+ | ==== Configuring your web browser ==== | ||
+ | |||
+ | A web browser must be configured to use the SOCKS tunnel as a proxy server. Generally this is done by going to the web browser settings and looking for something like ' | ||
+ | |||
+ | __Firefox__ | ||
+ | |||
+ | - Go to Preferences | ||
+ | - Look for an item called ' | ||
+ | - Click on Settings, choose " | ||
+ | - Now try to access an internal web service, you should be able to use the internal domain name of the service (xxx.control.lofar). | ||
+ | |||
+ | \\ | ||
+ | |||
+ | __Chrome__ | ||
+ | |||
+ | Newer versions of chrome use the system-wide network configuration for its proxy settings. This is an alternative to only configuring the web browser to use the proxy. However, if you want to limit the proxy only for web browsing you can start Chrome adding the flag --proxy-server, | ||
+ | |||
+ | < | ||
+ | google-chrome-stable --proxy-server=" | ||
+ | </ | ||
+ | |||