Changes between Version 8 and Version 9 of TransparentMultiHopSSHNewLobby


Ignore:
Timestamp:
2021-08-03T22:07:49+02:00 (3 years ago)
Author:
Pieter Neerincx
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • TransparentMultiHopSSHNewLobby

    v8 v9  
    66
    77Most of our servers can only be accessed using a jumphost (a.k.a. proxy) server. This requires port 22 to be open on all machines between your computer and our jumphost server. [[BR]]
    8 The existing {{{lobby.hpc.rug.nl}}} will shortly be replaced by a new machine with the same name. This new machine currently has no DNS entry yet; the example config below is for the new {{{lobby}}} jumphost and is based on its IP address only.
     8The jumphost for the Calculon cluster is: {{{lobby.hpc.rug.nl}}}.
     9It's ED25519 key fingerprint is: {{{SHA256:YBt5nyd2ragxOXmIoQ+2kkoCjBsbdFWbdpN2PfqxKCs}}}
    910
    10 Note that:
     11=== Update 2021-08-04 ===
     12 * The old {{{lobby.hpc.rug.nl}}} jumphost was replaced with a new one with the same name.
     13 * You can skip this update section if you never used the old jumphost.
     14 * It may take some time for the change to propagate to all corners of the internet Domain Name System (DNS): if the name {{{lobby.hpc.rug.nl}}} resolves to IP address 195.169.22.135, you are connecting to the new {{{lobby.hpc.rug.nl}}}
    1115 * Previously there was also a jumphost named {{{foyer.hpc.rug.nl}}}, but this one has been deprecated.
    1216 * Furthermore the old example config listed many other machines like {{{flexo}}} and {{{bender}}}: Please remove all entries for machines that could be accessed via the old ''lobby'' or ''foyer'' jumphosts as well as the entries for these jumphosts themselves from your {{{~/.ssh/config}}} file:
     
    1519   Include conf.d/*
    1620   }}}
    17  * You should keep lines for machines that are accessed via our jumphost. E.g. lines for the {{{cher-ami}}} data staging server, for the RUG {{{peregrine}}} cluster and for machines from other sites/services.
    18  * Additional lines that are required to access our machines are added to a separate {{{~/.ssh/conf.d/lobby}}} file now.
     21 * You should keep lines for machines that are not accessed via our jumphost. E.g. lines for the {{{cher-ami}}} data staging server, for the RUG {{{peregrine}}} cluster or for machines from other sites/services.
     22 * Additional lines that are required to access UMCG Research HPC machines are added to separate config files inside the {{{~/.ssh/conf.d/}}} directory. E.g. a {{{~/.ssh/conf.d/}}} file for machines accessed via {{{lobby.hpc.rug.nl}}}.
     23 * If you previously used the old '''lobby''', you may get a warning that the host key (fingerprint) has changed and you not be able to login until you remove the old host key from your list of **''known hosts''**.
    1924
    2025== Users on Linux / Unix / Mac OS X ==
     
    6671    # which may be confusing and won't work anyway.
    6772    #
    68     #IdentityFile "~/.ssh/id_rsa"
     73    IdentityFile "~/.ssh/id_rsa"
    6974    PasswordAuthentication No
    7075    #
     
    9297# Expand short jumphost names to FQDN or IP address.
    9398#
    94 Host lobby
    95     HostName 195.169.22.135
     99Host lobby !*.hpc.rug.nl
     100    HostName %h.hpc.rug.nl
    96101#
    97102# Universal jumphost settings for triple-hop SSH.
     
    103108#
    104109Host lobby+*
    105     ProxyCommand ssh -x -q $(echo "${JUMPHOST_USER:-%r}")@$(echo %h | sed 's/+[^+]*$//') -W $(echo %h | sed 's/^[^+]*+//'):%p
     110    ProxyCommand ssh -x -q $(echo "${JUMPHOST_USER:-%r}")@$(echo %h | sed 's/+[^+]*$//').hpc.rug.nl -W $(echo %h | sed 's/^[^+]*+//'):%p
    106111#
    107112# Sometimes port 22 for the SSH protocol is blocked by firewalls; in that case you can try to use SSH on port 443 as fall-back.
     
    110115#
    111116Host lobby443+*
    112     ProxyCommand ssh -x -q $(echo "${JUMPHOST_USER:-%r}")@$(echo %h | sed 's/443+[^+]*$//') -W $(echo %h | sed 's/^[^+]*+//'):%p -p 443
     117    ProxyCommand ssh -x -q $(echo "${JUMPHOST_USER:-%r}")@$(echo %h | sed 's/443+[^+]*$//').hpc.rug.nl -W $(echo %h | sed 's/^[^+]*+//'):%p -p 443
    113118}}}
    114    Replace all occurences of '''youraccount''' with the accountname you received from the UMCG HPC helpdesk.[[BR]][[BR]]
     119   Replace '''youraccount''' with the accountname you received from the UMCG HPC helpdesk.[[BR]][[BR]]
    115120   If you are **not** on a Mac or on a very old one you may have to comment the {{{# Generic stuff: only for MacOS clients}}} section at the top of the example **''~/.ssh/conf.d/lobby''**[[BR]][[BR]]
    116121 * You can now for example connect to the User Interface of the Calculon cluster named ''calculon'' with the account as specified in the ''User'' directive of your ''~/.ssh/conf.d/lobby'' file via the ''lobby'' jumphost using the alias ''lobby+calculon''. Type the following command in a terminal: