| Both sides previous revisionPrevious revision | |
| en:centro:servizos:pasarela_ssh [2023/01/13 17:56] – [Activation] jorge.suarez | en:centro:servizos:pasarela_ssh [2025/02/20 14:10] (current) – external edit 127.0.0.1 |
|---|
| ====== SSH Gateway ====== | ====== SSH Gateway ====== |
| |
| ===== Description ===== | ===== Service Description ===== |
| The SSH Gateway allows access to a host inside the CITIUS internal network from the external network. This service is the backup plan when using the [[en:centro:servizos:vpn:start|VPN]] is not possible. | |
| |
| ===== Activation ===== | Provides access to a machine on the center's internal network via SSH from the outside. This service is intended to access the center's network in cases where it is not possible to use the [[:centro:servizos:vpn:start|VPN]]. |
| Check in [[https://apps.citius.usc.es/xici/personainternas/edit|Xici permissions]] whether the service //Acceso ext. pasarela SSH// is listed. If the service is listed, you don't need to register. | ===== Service Registration ===== |
| | First, check in the [[https://apps.citius.usc.es/xici/personainternas/edit|Xici Account and Permissions section]] if the service //Ext. Access SSH Gateway// is already listed. In that case, the service is already active for your account. |
| |
| You have to register filling the [[https://citius.usc.es/dashboard/enviar-incidencia| requests and problem reporting form]]. This form is only available to CITIUS users. | The registration must be requested through the [[https://citius.usc.es/dashboard/enviar-incidencia|requests and incidents form]]. To access the form you need your CiTIUS username and password. If you have problems remembering the username or password, you can request a reactivation at [[citius.tic@usc.es]]. |
| |
| You must also add a public SSH key in your account, in the [[https://citius.usc.es/me|Account and Permissions section in Xici]]. **Only SSH keys authentication method is enabled**. | You must also add an SSH public key to your account in the [[https://citius.usc.es/me|«Biography and other data» section of Xici]], since **only SSH key authentication is accepted**. |
| |
| <note important>The option to add a SSH public key is temporarily unavailable. You must send the key using the [[https://citius.usc.es/dashboard/enviar-incidencia|issues submission form]] to be able to use the service.</note> | To generate the keys, run the following command from a terminal: |
| |
| To generate an SSH key, execute in a terminal: | |
| <code bash>ssh-keygen -t rsa</code> | <code bash>ssh-keygen -t rsa</code> |
| Introduce a password to protect your keys. This process will generate the files ''~/.ssh/id_rsa'' (the private key) e ''~/.ssh/id_rsa.pub'' (the public key). And then use that last file contents to add the SSH key. | |
| |
| ===== User manual ===== | Enter a password to protect your keys. This will generate the files ''~/.ssh/id_rsa'' (the private key) and ''~/.ssh/id_rsa.pub'' (the public key). The latter is what you need to enter in Xici. |
| |
| ==== Config info ==== | ===== User Manual ===== |
| |
| * Server: ''vpn.citius.usc.es'' (''193.144.78.45'') | ==== Connection Details ==== |
| | |
| | * Server: ''193.144.78.45'' |
| * Port: ''22'' | * Port: ''22'' |
| * User: //Your CITIUS username// | * User: //Your CiTIUS username// |
| |
| ==== Connection example in GNU/Linux ==== | |
| |
| To connect you can use the SSH command. If your private key is not in the default location you can optionally specify it. | ==== Simple Connection from GNU/Linux ==== |
| | |
| | To connect, you can use the SSH command. Optionally, you can specify the location of the private key if it is not in its default location. |
| <code bash> | <code bash> |
| ssh -i ~/.ssh/id_rsa user.name@vpn.citius.usc.es | ssh -i ~/.ssh/id_rsa username@193.144.78.45 |
| </code> | </code> |
| |
| Once connected, you can access all the other hosts in the internal network, like for example yours. Note that you can power it on and off using the [[en:centro:servizos:acendido_remoto_de_equipos_wake_on_lan|remote power tool]]. | Once connected, you can connect to other machines in the center, for example to your work machine. Remember that you can turn it on (and off) using the [[:centro:servizos:acendido_remoto_de_equipos_wake_on_lan|remote power on]] service. |
| |
| ==== Connection example in Windows ==== | ==== Simple Connection from Windows ==== |
| [[http://www.chiark.greenend.org.uk/~sgtatham/putty/|PuTTY]] can be used with the same configuration data used in the linux example. | |
| |
| However it is necessary to transform the private key file from SSH format to PUTTY format. This one time step can be done with PuTTYgen, which is found in the same web page as PUTTY. | You can use the [[http://www.chiark.greenend.org.uk/~sgtatham/putty/|PuTTY]] program, using the same data provided above. |
| |
| * Choose the option //Conversions// » //Import key//. | To connect, you need to convert the private key from SSH format to PuTTY format. You can do this with PuTTYgen which you can find on the same PuTTY page. To do this: |
| * Select the private key file in SSH format (default name is ''id_rsa''). | |
| * Introduce the password if necessary. | |
| * Push the //Save private key// button and select where to save the ''.ppk'' file. | |
| |
| Now you can use the ''ppk'' file in the //Private key file// field both in PuTTY and in WinSCP. | * Access the //Conversions// menu » //Import key//. |
| | * Locate the private key in SSH format (the default name is ''id_rsa''). |
| | * Enter the passphrase, if you have one. |
| | * Click on the //Save private key// button and select a location to save the generated ''.ppk'' file. |
| |
| ==== Connection to a service using a SSH tunnel ==== | Once you have the file with the ''ppk'' extension, you can use it in the //Private key file// field of both PuTTY and WinSCP. |
| You can use the SSH gateway to access a CITIUS service by mapping the necessary ports into your local machine. | |
| For example, you can access the [[en:centro:servizos:acceso_o_almacenamento_mediante_smb_e_ssh|storage using SSH]] mapping the ports like this: | ==== Connecting to a Service via SSH Tunnel ==== |
| | |
| | You can use the SSH gateway to access a CITIUS service, mapping the necessary ports from the machine that offers the service to your local machine. |
| | |
| | For example, you can access [[:centro:servizos:acceso_o_almacenamento_mediante_smb_e_ssh|storage via SSH]] by mapping the service as follows: |
| |
| <code bash> | <code bash> |
| ssh -i ~/.ssh/id_rsa user.name@vpn.citius.usc.es -L 8000:172.16.242.41:22 | ssh -i ~/.ssh/id_rsa username@193.144.78.45 -L 8000:172.16.242.41:22 |
| </code> | </code> |
| |
| Once connected the files can be accessed trough SSH using the address ''127.0.0.1:8000''. This same process can be used to access other services. | Once connected, you can access the files via SSH at the address ''127.0.0.1:8000''. In the same way, you can access other services. |
| This can also be done in Windows using the [[http://winscp.net/eng/download.php|WinSCP]] program then choosing //Advanced options// and finally filling in the connection data of the //Tunnel// panel. | |
| | It can also be done from Windows, via the [[http://winscp.net/eng/download.php|WinSCP]] program. To do this, you must click on //Advanced options// and fill in the connection details in the //Tunnel// panel. |
| |