Changes between Version 2 and Version 3 of TransparentMultiHopSSHNewLobby

Timestamp:

2021-07-07T18:12:57+02:00 (3 years ago)

Author:

Pieter Neerincx

Comment:

--

TransparentMultiHopSSHNewLobby

@@ -5 +5 @@
 [[TOC()]]
 
-Our servers can only be accessed using a jumphost (a.k.a. proxy) server. This requires port 22 to be open on all machines between your computer and our jumphost server. [[BR]]
+Most of our servers can only be accessed using a jumphost (a.k.a. proxy) server. This requires port 22 to be open on all machines between your computer and our jumphost server. [[BR]]
 The existing {{{lobby.hpc.rug.nl}}} will shortly be replaced by a new machine with the same name. This new machine currently has no DNS entry yet; the example config below is for the new {{{lobby}}} jumphost and is based on its IP address only.
 
-Note that previously there was also a jumphost named {{{lobby.hpc.rug.nl}}}, but this one has been deprecated. Furthermore there many other machines specified in the example config like {{{flexo}}} and {{{bender}}}. Please remove all entries for these machines from your {{{~/.ssh/config}}} file:
- * The only line that should remain in your ~/.ssh/config for the UMCG Research HPC machines is:
+Note that:
+ * Previously there was also a jumphost named {{{foyer.hpc.rug.nl}}}, but this one has been deprecated.
+ * Furthermore the old example config listed many other machines like {{{flexo}}} and {{{bender}}}: Please remove all entries for machines that could be accessed via the old ''lobby'' or ''foyer'' jumphosts as well as the entries for these jumphosts themselves from your {{{~/.ssh/config}}} file:
+ * The only line that should remain in your ~/.ssh/config for the UMCG Research HPC machines that must be accessed via a jumphost is:
    {{{
    Include conf.d/*
    }}}
- * Additional lines that are required to access our machines are added to a separate {{{~/.ssh/conf.d/calculon}}} file now.
+ * You should keep lines for machines that are accessed via our jumphost. E.g. lines for the {{{cher-ami}}} data staging server, for the RUG {{{peregrine}}} cluster and for machines from other sites/services.
+ * Additional lines that are required to access our machines are added to a separate {{{~/.ssh/conf.d/lobby}}} file now.
 
 == Users on Linux / Unix / Mac OS X ==
@@ -80 +83 @@
     #     which means it works with home dirs from a shared network file system.
     #     (as sockets cannot be shared by servers.)
-    #   * not getting to long as the hash has a fixed size not matter how long %l_%h_%p_%r was.
+    #   * not getting to long as the hash has a fixed size no matter how long %l_%h_%p_%r was.
     #
     ControlMaster auto
@@ -127 +130 @@
 }}}
    Note the colon at the end of the ''scp'' and ''rsync'' commands. Without the colon you would copy to a local file named ''lobby+calculon''.
-   You can add additional ''proxy+*'' aliases for other User Interface (UI) servers and other proxy servers depending on your computing preferences or authorization. If you also added the {{{Host *+*+*}}} code block you can do tripple hops starting with a proxy like this:
+   You can add additional ''jumphost+*'' aliases for other User Interface (UI) servers depending on your computing preferences or authorization. If you also added the {{{Host *+*+*}}} code block you can do tripple hops starting with a jumphost like this:
 {{{
-ssh proxy+intermediate_server+destination_server
+ssh jumphost+intermediate_server+destination_server
 }}}
    In case you are on a network where the default port for SSH (22) is blocked by a firewall you can try to setup SSH over port 443 using an alias like this:
@@ -140 +143 @@
    A: You may have failed to create the **''~/.ssh/tmp''** folder in the first step or the permissions on this folder are wrong. [[BR]][[BR]]
  * Q: Why do I get the error {{{ControlPath too long}}}? [[BR]]
-   A: The {{{ControlPath ~/.ssh/tmp/%h_%p_%r}}} line in your ''~/.ssh/config'' file expands to a path that is too long. Change the ''!ControlPath'' line in your ''~/.ssh/config'' file to create a shorter path for the automagically created sockets. You can use for example {{{ControlPath /tmp/%h_%p_%r}}} to create sockets in /tmp. [[BR]][[BR]]
+   A: The {{{ControlPath ~/.ssh/tmp/%C}}} line in your ''~/.ssh/config'' file expands to a path that is too long. Change the ''!ControlPath'' line in your ''~/.ssh/config'' file to create a shorter path for the automagically created sockets. You can use for example {{{ControlPath /tmp/%h_%p_%r}}} to create sockets in /tmp. [[BR]][[BR]]
  * Q: Why do I get the error {{{nc: getaddrinfo: Name or service not known. ssh_exchange_identification: Connection closed by remote host}}}? [[BR]]
    A: This server does not exist (anymore); You have a typo in the name of the server you are trying to connect to. Check both the command you typed as well as your ''~/.ssh/config'' for typos in server names. [[BR]][[BR]]
@@ -170 +173 @@
    1. Go to **''Connection''** -> **''Data''** and fill in your user name in the **auto-login username''** option
 
- * You can now connect to for example ''calculon.hpc.rug.nl'' via for example proxy server ''lobby.hpc.rug.nl'' using a double hop like this
-   * In **''Putty''** connect to **''lobby.hpc.rug.nl''** (or choose another proxy from the list)
+ * You can now connect to for example ''calculon'' via for example jumphost server ''lobby.hpc.rug.nl'' using a double hop like this
+   * In **''Putty''** connect to **''lobby.hpc.rug.nl''**
    * Once the connection is established type the following command in a terminal:
 {{{
-ssh prefix-youraccount@calculon.hpc.rug.nl
+ssh youraccount@calculon
 }}}
    Change the name of the destination host to connect to other User Interface (UI) servers.