| Both sides previous revisionPrevious revisionNext revision | Previous revision |
| en:centro:servizos:pasarela_ssh [2016/04/19 15:57] – fernando.guillen | en:centro:servizos:pasarela_ssh [2025/02/20 14:10] (current) – external edit 127.0.0.1 |
|---|
| ====== SSH Gateway ====== | ====== SSH Gateway ====== |
| |
| ===== Description ===== | ===== Service Description ===== |
| The SSH Gateway allows access to a host inside the CITIUS internal network from the external network. This service is the backup plan when using the [[en:centro:servizos:vpn|VPN]] is not possible. | |
| |
| ===== Activation ===== | Provides access to a machine on the center's internal network via SSH from the outside. This service is intended to access the center's network in cases where it is not possible to use the [[:centro:servizos:vpn:start|VPN]]. |
| You have to register filling the [[https://citius.usc.es/dashboard/enviar-incidencia| requests and problem reporting form]]. This form is only available to CITIUS users. | ===== Service Registration ===== |
| | First, check in the [[https://apps.citius.usc.es/xici/personainternas/edit|Xici Account and Permissions section]] if the service //Ext. Access SSH Gateway// is already listed. In that case, the service is already active for your account. |
| | |
| | The registration must be requested through the [[https://citius.usc.es/dashboard/enviar-incidencia|requests and incidents form]]. To access the form you need your CiTIUS username and password. If you have problems remembering the username or password, you can request a reactivation at [[citius.tic@usc.es]]. |
| | |
| | You must also add an SSH public key to your account in the [[https://citius.usc.es/me|«Biography and other data» section of Xici]], since **only SSH key authentication is accepted**. |
| | |
| | To generate the keys, run the following command from a terminal: |
| |
| To use the gateway you must generate a public and private key pair and include the public key file in the request. | |
| To do so, execute in a terminal: | |
| <code bash>ssh-keygen -t rsa</code> | <code bash>ssh-keygen -t rsa</code> |
| Introduce a password to protect your keys. This process will generate the files ''~/.ssh/id_rsa'' (the private key) e ''~/.ssh/id_rsa.pub'' (the public key). And then send us this last file attached on the request form. | |
| |
| ===== User manual ===== | Enter a password to protect your keys. This will generate the files ''~/.ssh/id_rsa'' (the private key) and ''~/.ssh/id_rsa.pub'' (the public key). The latter is what you need to enter in Xici. |
| |
| ==== Config info ==== | ===== User Manual ===== |
| |
| * Server: ''vpn.citius.usc.es'' | ==== Connection Details ==== |
| | |
| | * Server: ''193.144.78.45'' |
| * Port: ''22'' | * Port: ''22'' |
| * User: //Your CITIUS username// | * User: //Your CiTIUS username// |
| * Password: //The private key password. If you don't remember it the only solution is to create a new pair of keys and send us the public one again.// | |
| |
| ==== Connection example in GNU/Linux ==== | |
| |
| To connect you can use the SSH command. If your private key is not in the default location you can optionally specify it. | ==== Simple Connection from GNU/Linux ==== |
| | |
| | To connect, you can use the SSH command. Optionally, you can specify the location of the private key if it is not in its default location. |
| <code bash> | <code bash> |
| ssh -i ~/.ssh/id_rsa user.name@vpn.citius.usc.es | ssh -i ~/.ssh/id_rsa username@193.144.78.45 |
| </code> | </code> |
| |
| Once connected, you can access all the other hosts in the internal network, like for example yours. Note that you can power it on and off using the [[en:centro:servizos:acendido_remoto_de_equipos_wake_on_lan|remote power tool]]. | Once connected, you can connect to other machines in the center, for example to your work machine. Remember that you can turn it on (and off) using the [[:centro:servizos:acendido_remoto_de_equipos_wake_on_lan|remote power on]] service. |
| |
| ==== Connection example in Windows ==== | ==== Simple Connection from Windows ==== |
| [[http://www.chiark.greenend.org.uk/~sgtatham/putty/|PuTTY]] can be used with the same configuration data used in the linux example. | |
| |
| However it is necessary to transform the private key file from SSH format to PUTTY format. This one time step can be done with PuTTYgen, which is found in the same web page as PUTTY. | You can use the [[http://www.chiark.greenend.org.uk/~sgtatham/putty/|PuTTY]] program, using the same data provided above. |
| |
| * Choose the option //Conversions// » //Import key//. | To connect, you need to convert the private key from SSH format to PuTTY format. You can do this with PuTTYgen which you can find on the same PuTTY page. To do this: |
| * Select the private key file in SSH format (default name is ''id_rsa''). | |
| * Introduce the password if necessary. | |
| * Push the //Save private key// button and select where to save the ''.ppk'' file. | |
| |
| Now you can use the ''ppk'' file in the //Private key file// field both in PuTTY and in WinSCP. | * Access the //Conversions// menu » //Import key//. |
| | * Locate the private key in SSH format (the default name is ''id_rsa''). |
| | * Enter the passphrase, if you have one. |
| | * Click on the //Save private key// button and select a location to save the generated ''.ppk'' file. |
| |
| ==== Connection to a service using a SSH tunnel ==== | Once you have the file with the ''ppk'' extension, you can use it in the //Private key file// field of both PuTTY and WinSCP. |
| You can use the SSH gateway to access a CITIUS service by mapping the necessary ports into your local machine. | |
| For example, you can access the [[en:centro:servizos:acceso_o_almacenamento_mediante_smb_e_ssh|storage using SSH]] mapping the ports like this: | ==== Connecting to a Service via SSH Tunnel ==== |
| | |
| | You can use the SSH gateway to access a CITIUS service, mapping the necessary ports from the machine that offers the service to your local machine. |
| | |
| | For example, you can access [[:centro:servizos:acceso_o_almacenamento_mediante_smb_e_ssh|storage via SSH]] by mapping the service as follows: |
| |
| <code bash> | <code bash> |
| ssh -i ~/.ssh/id_rsa user.name@vpn.citius.usc.es -L 8000:172.16.242.41:22 | ssh -i ~/.ssh/id_rsa username@193.144.78.45 -L 8000:172.16.242.41:22 |
| </code> | </code> |
| |
| Once connected the files can be accessed trough SSH using the address ''127.0.0.1:8000''. This same process can be used to access other services. | Once connected, you can access the files via SSH at the address ''127.0.0.1:8000''. In the same way, you can access other services. |
| This can also be done in Windows using the [[http://winscp.net/eng/download.php|WinSCP]] program then choosing //Advanced options// and finally filling in the connection data of the //Tunnel// panel. | |
| | It can also be done from Windows, via the [[http://winscp.net/eng/download.php|WinSCP]] program. To do this, you must click on //Advanced options// and fill in the connection details in the //Tunnel// panel. |
| |