Access from the Internet

From Molecular Modeling Wiki

Revision as of 14:36, 17 March 2009 by Polach (Talk | contribs)
Jump to: navigation, search

Contents

General

Due to the security reason, the remote access to the local network (to the clusters) from the external networks (Internet) is limited. There are two methods how to connect to a machine in the internal network; both are limited to the use of ssh/scp client/protocol.

SSH gate method

For this method, a user does not need any special software and/or configuration except a regular ssh client; the disadvantage is that only terminal access is available (the file transfer with scp/sftp protocols is not possible).

Instructions

To login to any computer in the internal network (includes Canon building and clusters) from outside (anything else, including IOCB network), follow these steps:

  1. Use your ssh client to connect to teogate.uochb.cas.cz and log in using sshgate as username and sshgate as password.
  2. Wait for system to ask you to enter the name of the machine you want to connect to and your login name on this machine.
  3. Wait for connection to the target machine; once the connection is established, you will be prompted for your password.

Notes

  • This method allows anyone to connect from anywhere without a need to know any special secrets or number sequences.
  • On the other hand, there are limits - you cannot use direct "scp" or "sftp" or establish port-forwardind tunnels (except X11 tunnel - see below) when connecting from outside. As for copying files, it is, of course, acceptable to use ssh to log in to a machine and use scp or sftp there to initiate the file transfer from the other end of the connection; your end must be running an ssh daemon and you must not be behind a firewall which would block the transfer. If this method is not acceptable or if you need to establish encrypted port-forwarding tunnels, use the port knocking method.
  • The connection through teogate should automatically honor X11 forwarding, so when you connect to the target machine, you should be able to run X11 applications that open windows on you side of the connection.
  • To access a machine using teogate gateway, the target machine name and ssh public key must be explicitly listed on the teogate server. At the moment, only clusters and servers are allowed to be accessed, so if you want to add your machine to the list, contact us.
  • The password you enter is not captured nor stored anywhere in the sshgate system; when entering a password you are already connected to the target machine, so that the passord cannot be captured on the gateway.

Port knocking method

Retrieved from "http://centrum.uochb.cas.cz/mediawiki/index.php/Access_from_the_Internet"
Personal tools