Les deux révisions précédentesRévision précédenteProchaine révision | Révision précédenteDernière révisionLes deux révisions suivantes |
en:documentation:tutorials:ssh:multihop_ssh [2017/12/21 10:58] – cpetit | en:documentation:tutorials:ssh:multihop_ssh [2020/08/25 15:58] – modification externe 127.0.0.1 |
---|
====== Multi-hop SSH ====== | ====== Multi-hop SSH ====== |
| |
<WRAP center round todo 60%> | |
under construction | |
</WRAP> | |
| |
| The servers (calculations, preview, data) are sometimes behind several firewalls or gateways (or multi-hop SSH , "rebonds" SSH in French). The SSH documentation explains how to pass a single gateway ('' ProxyCommand '' option). It is possible to cumulate this system of "bridge jump" several times. For this example, we will detail multi-hop SSH from the network shown below. |
Les serveurs de travail (calculs, prévisualisation, données) sont parfois derrières plusieurs firewall ou passerelles (ou rebonds SSH, "hops" en anglais). La documentation SSH explique comment passer une seule passerelle (option ''ProxyCommand''). Il est possible de cumuler ce système de "saut de passerelle" plusieurs fois. Pour l'exemple, nous allons utiliser le réseau illustré ci-après. | |
| |
{{ :documentation:tutorials:infographie_sshmultihop.jpeg?&direct |Connection from "poste Chercheur" to front machine "vizu.psmn" via multihop SSH }} | {{ :documentation:tutorials:infographie_sshmultihop.jpeg?&direct |Connection from "poste Chercheur" to front machine "vizu.psmn" via multihop SSH }} |
| |
__Caption :__ | __Caption :__ |
* **noir** : physical link | * **black** : physical link |
* <wrap round notice>bleu</wrap> : standard ssh connection | * <wrap round notice>blue</wrap> : standard ssh connection |
* <wrap round danger>rouge</wrap> : virtual ssh connection (multi-hop) | * <wrap round danger>red</wrap> : virtual ssh connection (multi-hop) |
* <wrap round safety>vert</wrap> : NFs links (''/home'') | * <wrap round safety>green</wrap> : NFs links (''/home'') |
| |
| |
| |
The **Poste Chercheur** (your computer!) tries to join the server **vizu.psmn** through 2 SSH gateways (red path). | The **Poste Chercheur** (your computer!) reach the server **vizu.psmn** through 2 SSH gateways (red path). |
| |
===== From au Mac/Linux/BSD machine ===== | ===== From a Mac/Linux/BSD machine ===== |
| |
==== Manual multihop ==== | ==== Manual multihop ==== |
</code> | </code> |
| |
This manual operation can be automatize. | These manual operations can be automatized. |
| |
==== Automated multihop ==== | ==== Automated multihop ==== |
| |
You need to add the gateways and target servers entries in the ''~ / .ssh / config'' file on the **''postechercheur''** . By adding up the different connections as you go. | You need to add the gateways and target servers entries in the ''~/.ssh/config'' file on the **''postechercheur''** . By adding up the different connections as you go. |
| |
| |
| |
| |
The configuration and explanations on the automation of the login steps with an SSH-agent-ssh are explained | The configuration and explanations on the automation of the login steps with an SSH-agent are explained |
[[documentation:tutorials:ssh:clef_agent_ssh|here]]. | [[documentation:tutorials:ssh:clef_agent_ssh|here]]. |
| |