SSH config

  • define the following section in your /home/guest/.ssh/config (note the indentation!)
Host lxplus lxplus.cern.ch
   HostName lxplus.cern.ch
   User %USERNAME%
   Compression yes
   Protocol 2
   ForwardAgent yes
   ForwardX11 yes
   ForwardX11Trusted no
   LocalForward 9999 cernts.cern.ch:3389
   LocalForward 9998 cerntsco2.cern.ch:3389
   DynamicForward 1080
  • for each machine inside you would like to reach within the CERN network (and is not directly accessible from outside) add the following entry:
Host pcfaserdcsdev pcfaserdcsdev.cern.ch
    HostName pcfaserdcsdev.cern.ch
    ForwardAgent yes
    ForwardX11 yes
    ForwardX11Trusted no
    ProxyCommand ssh lxplus nc %h 22
  • now you can directly ssh to the corresponding host without explicitly hopping via lxplus. You might still need to enter your password twice.

automatic SOCKS5 tunnel to CERN

  • create a pac file in your home directory (/home/guest/.proxy.pac) with the following content:
function FindProxyForURL(url, host) {
   var proxy_socks_cern = "SOCKS5 127.0.0.1:1080";
   var proxy_no = "DIRECT";

   if (dnsDomainIs(host, "faser-notes.cern.ch")) {
      return proxy_socks_cern;
   }
  //if nothing else, take the default way into the internet!
  return no_proxy;
}
  • adjust the Firefox settings in order to use that file: Preferences > General > Network Settings (at the very bottom) > Settings
  • select "Automatic proxy configuration URL" and specify the path to the proxy file from above, e.g. file:///home/guest/.proxy.pac (note: you need file:// in the beginning)
  • open a SSH connection to lxplus
  • as long as your SSH connection to lxplus is open, all traffic to faser-notes.cern.ch will be sent through the SSH tunnel and can reach resources restricted to the internal CERN network
  • more targets inside the CERN network can be added easily to the pac file, by just duplicating the if section with a different URL
  • in order to make Firefox aware of a changed pac file, one needs to reload the file in the Network Setting dialog

Windows remote desktop connection

  • make sure your target machine is listed under the lxplus Host section in the ssh config
  • open a ssh connection to lxplus
  • locally run the rdesktop comand with the correct port:
rdesktop -d CERN localhost:9999

VNC connection

  • login to the machine which you want to reach via VNC and start a server instance:
vncserver -localhost -name $HOSTNAME-vnc -geometry 1920x1080
  • from your local machine, run the vnc viewer, where you have to replace :1 by the actual session number you got when you started the server in the previous step:
vncviewer -via hostname.cern.ch :1

X2go connection

-- BenediktVormwald - 2020-06-19
Edit | Attach | Watch | Print version | History: r2 < r1 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r2 - 2020-06-26 - BenediktVormwald
 
    • Cern Search Icon Cern Search
    • TWiki Search Icon TWiki Search
    • Google Search Icon Google Search

    Main All webs login

This site is powered by the TWiki collaboration platform Powered by PerlCopyright & 2008-2021 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
or Ideas, requests, problems regarding TWiki? use Discourse or Send feedback