Difference: PPDBastionHost (1 vs. 8)
Revision 82022-07-28 - ChrisBrew
| ||||||||
| Changed: | ||||||||
| < < | The PPD Linux and Windows systems are behind the RAL site firewall so for offsite access you need to either use the RAL PPTP VPN or use the PPD SSH Bastion host. | |||||||
| > > | The PPD Linux and Windows systems are behind the RAL site firewall so for offsite access you need to either use the RAL VPN or use the PPD SSH Bastion host. | |||||||
Access to the PPD SSH BastionAccounts on the PPD SSH bastion are separate from the standard PPD linux account and need to be requested from PPDITHelpdesk@stfc.ac.uk. The Bastion host only supports ssh key authentication not passwords so you need to send us a copy of your public key. If you want to use ssh keys to log on to the PPD Linux machines or Windows Terminal Server please set up a separate key pair for that and use ssh-agent to manage them. We will occasionally compare authorized_key files.Creating an ssh key pair.ssh-keygen -t rsa [-C "Comment"] [-f output_keyfile]if you don't supply the "-f output_keyfile" this prompt you for the files to create, the default being ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub. It will then prompt you for a passphrase to encrypt you private key, please choose a strong passphrase.
If you are logging in from a linux or OSX desktop/laptop you may be able to run ssh-add to load up your new ssh key into an "agent" that will save you having to enter the passphrase every time you log in. Instructions for using the ssh agent with PuTTY on the PPD Windows desktops can be found here.
Logging onto the PPD SSH Bastionssh [-i private_keyfile] <username>@&voyager.pp.rl.ac.ukIf your ssh-keyfile is in the standard location or you are using an agent you can omit the -i option.
This will present you with a normal bash shell on the bastion host, from there you can ssh on to the PPD Linux systems or Windows Terminal Server. The home area is local to the bastion host but your PPD linux home area is available under /home/ppd/<username>.
If you use ssh-agent a useful way of simplifying this is to add the following section to your .ssh/config file | ||||||||
| Added: | ||||||||
| > > | ||||||||
Host voyager Hostname voyager.pp.rl.ac.uk ForwardAgent yes ForwardX11 yes ControlMaster auto ControlPath /tmp/%r@%h:%p ServerAliveInterval 15 ServerAliveCountMax 3 ProxyCommand noneThen create an alias such as: | ||||||||
| Added: | ||||||||
| > > | ||||||||
alias bssh='ssh -o "ProxyCommand = ssh <your-bastion-username>@voyager nc %h %p 2> /dev/null"'That will allow you to run bssh <host> to log into one of the PPD machines.
This also works with scp so you can also define: | ||||||||
| Added: | ||||||||
| > > | ||||||||
alias bscp='scp -o "ProxyCommand = ssh <your-bastion-username>@voyager nc %h %p 2> /dev/null白 | ||||||||
| Changed: | ||||||||
| < < | In Windows you can achieve the same first follow the SSHPUTTY instructions to set up pagent and make sure you can log into both voyager and the final target from RAL without needing a passphrase. | |||||||
| > > | In Windows you can achieve the same first follow the SSHPUTTY instructions to set up pagent and make sure you can log into both voyager and the final target from RAL without needing a passphrase. | |||||||
| Then open the config to log into your target machine and open the Connection -> Proxy tab and set: | ||||||||
| Changed: | ||||||||
| < < |
| |||||||
| > > |
| |||||||
| Save the config as target via voyager and test, you should get a login on your target machine. | ||||||||
| Deleted: | ||||||||
| < < | ||||||||
| -- ChrisBrew - 2013-11-09 | ||||||||
Revision 72018-11-09 - ChrisBrew
Access to the PPD SSH BastionAccounts on the PPD SSH bastion are separate from the standard PPD linux account and need to be requested from PPDITHelpdesk@stfc.ac.uk. The Bastion host only supports ssh key authentication not passwords so you need to send us a copy of your public key. If you want to use ssh keys to log on to the PPD Linux machines or Windows Terminal Server please set up a separate key pair for that and use ssh-agent to manage them. We will occasionally compare authorized_key files.Creating an ssh key pair.ssh-keygen -t rsa [-C "Comment"] [-f output_keyfile]if you don't supply the "-f output_keyfile" this prompt you for the files to create, the default being ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub. It will then prompt you for a passphrase to encrypt you private key, please choose a strong passphrase.
If you are logging in from a linux or OSX desktop/laptop you may be able to run ssh-add to load up your new ssh key into an "agent" that will save you having to enter the passphrase every time you log in. Instructions for using the ssh agent with PuTTY on the PPD Windows desktops can be found here.
Logging onto the PPD SSH Bastionssh [-i private_keyfile] <username>@&voyager.pp.rl.ac.ukIf your ssh-keyfile is in the standard location or you are using an agent you can omit the -i option.
This will present you with a normal bash shell on the bastion host, from there you can ssh on to the PPD Linux systems or Windows Terminal Server. The home area is local to the bastion host but your PPD linux home area is available under /home/ppd/<username>.
If you use ssh-agent a useful way of simplifying this is to add the following section to your .ssh/config file
Host voyager Hostname voyager.pp.rl.ac.uk ForwardAgent yes ForwardX11 yes ControlMaster auto ControlPath /tmp/%r@%h:%p ServerAliveInterval 15 ServerAliveCountMax 3 ProxyCommand noneThen create an alias such as: alias bssh='ssh -o "ProxyCommand = ssh <your-bastion-username>@voyager nc %h %p 2> /dev/null"'That will allow you to run bssh <host> to log into one of the PPD machines.
This also works with scp so you can also define:
alias bscp='scp -o "ProxyCommand = ssh <your-bastion-username>@voyager nc %h %p 2> /dev/null白 | ||||||||
| Changed: | ||||||||
| < < | -- ChrisBrew - 2013-09-09 | |||||||
| > > | In Windows you can achieve the same first follow the SSHPUTTY instructions to set up pagent and make sure you can log into both voyager and the final target from RAL without needing a passphrase. | |||||||
| Added: | ||||||||
| > > |
Then open the config to log into your target machine and open the Connection -> Proxy tab and set:
| |||||||
Revision 62016-11-24 - TimAdye
| ||||||||
| Changed: | ||||||||
| < < | The PPD linux systems are behind the RAL site firewall so for offsite access you need to either use the RAL PPTP VPN or use the PPD SSH Bastion host. | |||||||
| > > | The PPD Linux and Windows systems are behind the RAL site firewall so for offsite access you need to either use the RAL PPTP VPN or use the PPD SSH Bastion host. | |||||||
Access to the PPD SSH BastionAccounts on the PPD SSH bastion are separate from the standard PPD linux account and need to be requested from PPDITHelpdesk@stfc.ac.uk. | ||||||||
| Changed: | ||||||||
| < < | The Bastion host only supports ssh key authentication not passwords so you need to send us a copy of your public key. If you want to use ssh keys to log on to the PPD linux machines please set up a separate key pair for that and use ssh-agent to manage them. We will occasionally compare authorized_key files. | |||||||
| > > | The Bastion host only supports ssh key authentication not passwords so you need to send us a copy of your public key. If you want to use ssh keys to log on to the PPD Linux machines or Windows Terminal Server please set up a separate key pair for that and use ssh-agent to manage them. We will occasionally compare authorized_key files. | |||||||
Creating an ssh key pair.ssh-keygen -t rsa [-C "Comment"] [-f output_keyfile]if you don't supply the "-f output_keyfile" this prompt you for the files to create, the default being ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub. It will then prompt you for a passphrase to encrypt you private key, please choose a strong passphrase.
If you are logging in from a linux or OSX desktop/laptop you may be able to run ssh-add to load up your new ssh key into an "agent" that will save you having to enter the passphrase every time you log in. Instructions for using the ssh agent with PuTTY on the PPD Windows desktops can be found here.
Logging onto the PPD SSH Bastionssh [-i private_keyfile] <username>@&voyager.pp.rl.ac.ukIf your ssh-keyfile is in the standard location or you are using an agent you can omit the -i option. | ||||||||
| Changed: | ||||||||
| < < | This will present you with a normal bash shell on the bastion host, from there you can ssh on to the PPD linux systems. The home area is local to the bastion host but your PPD linux home area is available under /home/ppd/<username>. | |||||||
| > > | This will present you with a normal bash shell on the bastion host, from there you can ssh on to the PPD Linux systems or Windows Terminal Server. The home area is local to the bastion host but your PPD linux home area is available under /home/ppd/<username>. | |||||||
If you use ssh-agent a useful way of simplifying this is to add the following section to your .ssh/config file
Host voyager Hostname voyager.pp.rl.ac.uk ForwardAgent yes ForwardX11 yes ControlMaster auto ControlPath /tmp/%r@%h:%p ServerAliveInterval 15 ServerAliveCountMax 3 ProxyCommand noneThen create an alias such as: alias bssh='ssh -o "ProxyCommand = ssh <your-bastion-username>@voyager nc %h %p 2> /dev/null"'That will allow you to run bssh <host> to log into one of the PPD machines.
This also works with scp so you can also define:
alias bscp='scp -o "ProxyCommand = ssh <your-bastion-username>@voyager nc %h %p 2> /dev/null白-- ChrisBrew - 2013-09-09 | ||||||||
Revision 52015-11-25 - ChrisBrew
Access to the PPD SSH BastionAccounts on the PPD SSH bastion are separate from the standard PPD linux account and need to be requested from PPDITHelpdesk@stfc.ac.uk. The Bastion host only supports ssh key authentication not passwords so you need to send us a copy of your public key. If you want to use ssh keys to log on to the PPD linux machines please set up a separate key pair for that and use ssh-agent to manage them. We will occasionally compare authorized_key files.Creating an ssh key pair.ssh-keygen -t rsa [-C "Comment"] [-f output_keyfile]if you don't supply the "-f output_keyfile" this prompt you for the files to create, the default being ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub. It will then prompt you for a passphrase to encrypt you private key, please choose a strong passphrase. | ||||||||
| Changed: | ||||||||
| < < | If you are logging in from a linux or OSX desktop/laptop you may be able to run ssh-add to load up your new ssh key into an "agent" that will save you having to enter the passphrase every time you log in. | |||||||
| > > | If you are logging in from a linux or OSX desktop/laptop you may be able to run ssh-add to load up your new ssh key into an "agent" that will save you having to enter the passphrase every time you log in. Instructions for using the ssh agent with PuTTY on the PPD Windows desktops can be found here. | |||||||
Logging onto the PPD SSH Bastion | ||||||||
| Changed: | ||||||||
| < < | ssh [-i private_keyfile] <username>@<host>.pp.rl.ac.uk | |||||||
| > > | ssh [-i private_keyfile] <username>@&voyager.pp.rl.ac.uk | |||||||
If your ssh-keyfile is in the standard location or you are using an agent you can omit the -i option.
This will present you with a normal bash shell on the bastion host, from there you can ssh on to the PPD linux systems. The home area is local to the bastion host but your PPD linux home area is available under /home/ppd/<username>.
If you use ssh-agent a useful way of simplifying this is to add the following section to your .ssh/config file | ||||||||
| Changed: | ||||||||
| < < | Host bastion Hostname heplnv020.pp.rl.ac.uk | |||||||
| > > | Host voyager Hostname voyager.pp.rl.ac.uk | |||||||
| ForwardAgent yes ForwardX11 yes ControlMaster auto ControlPath /tmp/%r@%h:%p ServerAliveInterval 15 ServerAliveCountMax 3 ProxyCommand none Then create an alias such as: | ||||||||
| Changed: | ||||||||
| < < | alias bssh='ssh -o "ProxyCommand = ssh <your-bastion-username>@bastion nc %h %p 2> /dev/null"' | |||||||
| > > | alias bssh='ssh -o "ProxyCommand = ssh <your-bastion-username>@voyager nc %h %p 2> /dev/null"' | |||||||
That will allow you to run bssh <host> to log into one of the PPD machines.
This also works with scp so you can also define: | ||||||||
| Changed: | ||||||||
| < < | alias bscp='scp -o "ProxyCommand = ssh <your-bastion-username>@bastion nc %h %p 2> /dev/null白 | |||||||
| > > | alias bscp='scp -o "ProxyCommand = ssh <your-bastion-username>@voyager nc %h %p 2> /dev/null白 | |||||||
| -- ChrisBrew - 2013-09-09 | ||||||||
Revision 42015-10-05 - FedericoMelaccio
Access to the PPD SSH Bastion | ||||||||
| Changed: | ||||||||
| < < | Accounts on the PPD SSH bastion are separate from the standard PPD linux account and need to be requested from PPD.IT.Helpdesk@stfc.ac.uk. | |||||||
| > > | Accounts on the PPD SSH bastion are separate from the standard PPD linux account and need to be requested from PPDITHelpdesk@stfc.ac.uk. | |||||||
The Bastion host only supports ssh key authentication not passwords so you need to send us a copy of your public key. If you want to use ssh keys to log on to the PPD linux machines please set up a separate key pair for that and use ssh-agent to manage them. We will occasionally compare authorized_key files.
Creating an ssh key pair.ssh-keygen -t rsa [-C "Comment"] [-f output_keyfile]if you don't supply the "-f output_keyfile" this prompt you for the files to create, the default being ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub. It will then prompt you for a passphrase to encrypt you private key, please choose a strong passphrase.
If you are logging in from a linux or OSX desktop/laptop you may be able to run ssh-add to load up your new ssh key into an "agent" that will save you having to enter the passphrase every time you log in.
Logging onto the PPD SSH Bastionssh [-i private_keyfile] <username>@<host>.pp.rl.ac.ukIf your ssh-keyfile is in the standard location or you are using an agent you can omit the -i option.
This will present you with a normal bash shell on the bastion host, from there you can ssh on to the PPD linux systems. The home area is local to the bastion host but your PPD linux home area is available under /home/ppd/<username>.
If you use ssh-agent a useful way of simplifying this is to add the following section to your .ssh/config file | ||||||||
| Deleted: | ||||||||
| < < | ||||||||
Host bastion Hostname heplnv020.pp.rl.ac.uk ForwardAgent yes ForwardX11 yes ControlMaster auto ControlPath /tmp/%r@%h:%p ServerAliveInterval 15 ServerAliveCountMax 3 ProxyCommand noneThen create an alias such as: | ||||||||
| Deleted: | ||||||||
| < < | ||||||||
alias bssh='ssh -o "ProxyCommand = ssh <your-bastion-username>@bastion nc %h %p 2> /dev/null"'That will allow you to run bssh <host> to log into one of the PPD machines. | ||||||||
| Changed: | ||||||||
| < < | This also works with scp so you can also define: | |||||||
| > > | This also works with scp so you can also define:
alias bscp='scp -o "ProxyCommand = ssh <your-bastion-username>@bastion nc %h %p 2> /dev/null白 | |||||||
| Deleted: | ||||||||
| < < | alias bscp='scp -o "ProxyCommand = ssh <your-bastion-username>@bastion nc %h %p 2> /dev/null白 | |||||||
| Deleted: | ||||||||
| < < | ||||||||
| -- ChrisBrew - 2013-09-09 | ||||||||
Revision 32014-11-03 - ChrisBrew
Access to the PPD SSH BastionAccounts on the PPD SSH bastion are separate from the standard PPD linux account and need to be requested from PPD.IT.Helpdesk@stfc.ac.uk. The Bastion host only supports ssh key authentication not passwords so you need to send us a copy of your public key. If you want to use ssh keys to log on to the PPD linux machines please set up a separate key pair for that and use ssh-agent to manage them. We will occasionally compare authorized_key files.Creating an ssh key pair. | ||||||||
| Changed: | ||||||||
| < < | ssh-keygen -t rsa [-C "Comment"] [-f output_keyfile] | |||||||
| > > | ssh-keygen -t rsa [-C "Comment"] [-f output_keyfile] | |||||||
| Changed: | ||||||||
| < < | if you don't supply the "-f output_keyfile" this prompt you for the files to create, the default being ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub. It will then prompt you for a passphrase to encrypt you private key, please choose a strong passphrase. | |||||||
| > > | if you don't supply the "-f output_keyfile" this prompt you for the files to create, the default being ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub. It will then prompt you for a passphrase to encrypt you private key, please choose a strong passphrase. | |||||||
If you are logging in from a linux or OSX desktop/laptop you may be able to run ssh-add to load up your new ssh key into an "agent" that will save you having to enter the passphrase every time you log in.
Logging onto the PPD SSH Bastion | ||||||||
| Changed: | ||||||||
| < < | ssh [-i private_keyfile] <username>@<host>.pp.rl.ac.ukIf your ssh-keyfile is in the standard location or you are using an agent you can omit the -i option. | |||||||
| > > | ssh [-i private_keyfile] <username>@<host>.pp.rl.ac.uk | |||||||
| Changed: | ||||||||
| < < | This will present you with a normal bash shell on the bastion host, from there you can ssh on to the PPD linux systems. The home area is local to the bastion host but your PPD linux home area is available under /home/ppd/<username>. | |||||||
| > > | If your ssh-keyfile is in the standard location or you are using an agent you can omit the -i option. | |||||||
| Changed: | ||||||||
| < < | If you use ssh-agent a useful way of simplifying this is to add the following section to your .ssh/config file
Host bastion | |||||||
| > > | This will present you with a normal bash shell on the bastion host, from there you can ssh on to the PPD linux systems. The home area is local to the bastion host but your PPD linux home area is available under /home/ppd/<username>.
If you use ssh-agent a useful way of simplifying this is to add the following section to your .ssh/config file | |||||||
| Added: | ||||||||
| > > |
Host bastion | |||||||
| Hostname heplnv020.pp.rl.ac.uk ForwardAgent yes ForwardX11 yes ControlMaster auto ControlPath /tmp/%r@%h:%p ServerAliveInterval 15 ServerAliveCountMax 3 ProxyCommand none Then create an alias such as: | ||||||||
| Added: | ||||||||
| > > |
alias bssh='ssh -o "ProxyCommand = ssh <your-bastion-username>@bastion nc %h %p 2> /dev/null"'That will allow you to run bssh <host> to log into one of the PPD machines.
This also works with scp so you can also define: | |||||||
| Changed: | ||||||||
| < < | alias bssh='ssh -o "ProxyCommand = ssh <your-bastion-username>@bastion nc %h %p 2> /dev/null"' | |||||||
| > > | alias bscp='scp -o "ProxyCommand = ssh <your-bastion-username>@bastion nc %h %p 2> /dev/null白 | |||||||
| Deleted: | ||||||||
| < < | That will allow you to run bssh <host> to log into one of the PPD machines. | |||||||
| -- ChrisBrew - 2013-09-09 | ||||||||
Revision 22013-09-09 - ChrisBrew
Access to the PPD SSH BastionAccounts on the PPD SSH bastion are separate from the standard PPD linux account and need to be requested from PPD.IT.Helpdesk@stfc.ac.uk. The Bastion host only supports ssh key authentication not passwords so you need to send us a copy of your public key. If you want to use ssh keys to log on to the PPD linux machines please set up a separate key pair for that and use ssh-agent to manage them. We will occasionally compare authorized_key files.Creating an ssh key pair.ssh-keygen -t rsa [-C "Comment"] [-f output_keyfile]if you don't supply the "-f output_keyfile" this prompt you for the files to create, the default being ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub. It will then prompt you for a passphrase to encrypt you private key, please choose a strong passphrase.
If you are logging in from a linux or OSX desktop/laptop you may be able to run ssh-add to load up your new ssh key into an "agent" that will save you having to enter the passphrase every time you log in.
Logging onto the PPD SSH Bastionssh [-i private_keyfile] <username>@<host>.pp.rl.ac.ukIf your ssh-keyfile is in the standard location or you are using an agent you can omit the -i option.
This will present you with a normal bash shell on the bastion host, from there you can ssh on to the PPD linux systems. The home area is local to the bastion host but your PPD linux home area is available under /home/ppd/<username>. | ||||||||
| Changed: | ||||||||
| < < | -- ChrisBrew - 2012-05-11 | |||||||
| > > | If you use ssh-agent a useful way of simplifying this is to add the following section to your .ssh/config file | |||||||
| Added: | ||||||||
| > > | Host bastion Hostname heplnv020.pp.rl.ac.uk ForwardAgent yes ForwardX11 yes ControlMaster auto ControlPath /tmp/%r@%h:%p ServerAliveInterval 15 ServerAliveCountMax 3 ProxyCommand noneThen create an alias such as: alias bssh='ssh -o "ProxyCommand = ssh <your-bastion-username>@bastion nc %h %p 2> /dev/null"'That will allow you to run bssh <host> to log into one of the PPD machines.
-- ChrisBrew - 2013-09-09 | |||||||
Revision 12012-05-11 - ChrisBrew
Access to the PPD SSH BastionAccounts on the PPD SSH bastion are separate from the standard PPD linux account and need to be requested from PPD.IT.Helpdesk@stfc.ac.uk. The Bastion host only supports ssh key authentication not passwords so you need to send us a copy of your public key. If you want to use ssh keys to log on to the PPD linux machines please set up a separate key pair for that and use ssh-agent to manage them. We will occasionally compare authorized_key files.Creating an ssh key pair.ssh-keygen -t rsa [-C "Comment"] [-f output_keyfile]if you don't supply the "-f output_keyfile" this prompt you for the files to create, the default being ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub. It will then prompt you for a passphrase to encrypt you private key, please choose a strong passphrase.
If you are logging in from a linux or OSX desktop/laptop you may be able to run ssh-add to load up your new ssh key into an "agent" that will save you having to enter the passphrase every time you log in.
Logging onto the PPD SSH Bastionssh [-i private_keyfile] <username>@<host>.pp.rl.ac.ukIf your ssh-keyfile is in the standard location or you are using an agent you can omit the -i option.
This will present you with a normal bash shell on the bastion host, from there you can ssh on to the PPD linux systems. The home area is local to the bastion host but your PPD linux home area is available under /home/ppd/<username>.
-- ChrisBrew - 2012-05-11 |
View topic | History: r8 < r7 < r6 < r5 | More topic actions...
Copyright © 2008-2024 by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding TWiki? Send feedback