Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
public:ssh-usage [2018-07-18 08:31] – Reinoud Bokhorst | public:ssh-usage [2018-07-18 11:46] (current) – [Simple VPN using dynamic port forwarding] Reinoud Bokhorst | ||
---|---|---|---|
Line 199: | Line 199: | ||
When you need to become lofarsys on the current host, you can use the following trick to overcome host key conflics: | When you need to become lofarsys on the current host, you can use the following trick to overcome host key conflics: | ||
alias lof=' | alias lof=' | ||
+ | |||
+ | \\ | ||
+ | |||
+ | |||
+ | |||
+ | ===== Simple VPN using dynamic port forwarding ===== | ||
+ | |||
+ | Instead of forwarding a single port you can also use dynamic port forwarding. This will turn your SSH client into a local [[https:// | ||
+ | |||
+ | The most useful application is to use a SOCKS proxy to access LOFAR web services that are behind the firewall (when you are not connected to the LAN). Two steps are needed: | ||
+ | - Create a SOCKS proxy to the LOFAR portal | ||
+ | - Configure your browser (or OS) to use the proxy | ||
+ | Below a description on how to do that. | ||
+ | |||
+ | ==== Create SOCKS proxy ==== | ||
+ | |||
+ | __With SSH__ | ||
+ | |||
+ | The SOCKS proxy is created by enabling the dynamic port forwarding feature when connecting to the LOFAR portal: | ||
+ | |||
+ | < | ||
+ | ssh -D 1080 < | ||
+ | </ | ||
+ | |||
+ | Port 1080 is the default SOCKS port but you can also choose another non-privileged one (e.g. 9999). Some client programs however may expect that port 1080 is used. | ||
+ | |||
+ | Additionally you may add the ' | ||
+ | |||
+ | __With PuTTY__ | ||
+ | |||
+ | Create a new session in the Putty configuration dialog to portal.lofar.eu on port 22 as you would normally do (e.g. adding your ssh key for authentication). | ||
+ | |||
+ | Then go to Connections-> | ||
+ | |||
+ | {{: | ||
+ | \\ | ||
+ | |||
+ | Go back to the Session and save this configuration under an existing or new session. | ||
+ | |||
+ | |||
+ | |||
+ | ==== Configuring your web browser ==== | ||
+ | |||
+ | A web browser must be configured to use the SOCKS tunnel as a proxy server. Generally this is done by going to the web browser settings and looking for something like ' | ||
+ | |||
+ | __Firefox__ | ||
+ | |||
+ | - Go to Preferences | ||
+ | - Look for an item called ' | ||
+ | - Click on Settings, choose " | ||
+ | - Now try to access an internal web service, you should be able to use the internal domain name of the service (xxx.control.lofar). | ||
+ | |||
+ | \\ | ||
+ | |||
+ | __Chrome__ | ||
+ | |||
+ | Newer versions of chrome use the system-wide network configuration for its proxy settings. This is an alternative to only configuring the web browser to use the proxy. However, if you want to limit the proxy only for web browsing you can start Chrome adding the flag --proxy-server, | ||
+ | |||
+ | < | ||
+ | google-chrome-stable --proxy-server=" | ||
+ | </ | ||
+ | |||
+ | |||
+ | |||
+ | |||
- | ===== Simple VPN using SOCKS over SSH ===== |