Access from the Internet

From Molecular Modeling Wiki

Revision as of 14:19, 17 March 2009 by Polach (Talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
Dear users, I have finished installing a new access server which can be used as one of the channels through which it is possible to access our network from outside. Please read carefully the following instructions and notes. Instructions: To login to any computer in our network (includes Canon building and clusters) from outside (anything else, including UOCHB network), follow these steps:
  • Use your ssh client to connect to "teogate.uochb.cas.cz" and log in
using "sshgate" as username and "sshgate" as password.
  • Wait for system to ask you to enter the name of the machine you want
to connect to and your login name on this machine.
  • Wait for connection to the target machine; once the connection is
established, you will be prompted for your password. Notes:
  • This method allows anyone to connect from anywhere without a need to
know any special secrets or number sequences.
  • On the other hand, there are limits - you cannot use direct "scp" or
"sftp" or establish port-forwardind tunnels (except X11 tunnel - see below) when connecting from outside. As for copying files, it is, of course, acceptable to use ssh to log in to a machine and use scp or sftp there to initiate the file transfer from the other end of the connection; your end must be running an ssh daemon and you must not be behind a firewall which would block the transfer. If this method is not acceptable or if you need to establish encrypted port-forwarding tunnels, wait until another access channel is configured (see below).
  • The connection through teogate should automatically honor X11
forwarding, so when you connect to the target machine, you should be able to run X11 applications that open windows on you side of the connection.
  • To access a machine using teogate gateway, the machine name and ssh
public key must be explicitly listed on the teogate server. At the moment, only clusters and servers are allowed to be accessed, so if you want me to add your machine to the list, please send me a mail.
  • This access method will be complemented by another method based on
formerly used port knocking, which will allow less limited access to the network, but will need to have the client and configuration file handy before opening connection. I will let you know when this channel is configured. Anyway, the lately used "knock" access through the marge server will not be re-opened. Please let me know if you have any questions. Jiri Polach _______________________________________________ cluster-info mailing list cluster-info@marge.uochb.cas.cz http://marge.uochb.cas.cz/mailman/listinfo/cluster-info
Retrieved from "http://centrum.uochb.cas.cz/mediawiki/index.php/Access_from_the_Internet"
Personal tools