SSH Gateway

The SSH Gateway allows access to a host inside the CITIUS internal network from the external network. This service is the backup plan when using the VPN is not possible.

Check in Xici permissions whether the service Acceso ext. pasarela SSH is listed. If the service is listed, you don't need to register.

You have to register filling the requests and problem reporting form. This form is only available to CITIUS users.

You must also add a public SSH key in your account, in the Account and Permissions section in Xici. Only SSH keys authentication method is enabled.

To generate an SSH key, execute in a terminal:

ssh-keygen -t rsa

Introduce a password to protect your keys. This process will generate the files ~/.ssh/id_rsa (the private key) e ~/.ssh/id_rsa.pub (the public key). And then use that last file contents to add the SSH key.

Config info

  • Server: vpn.citius.usc.es (193.144.78.45)
  • Port: 22
  • User: Your CITIUS username

Connection example in GNU/Linux

To connect you can use the SSH command. If your private key is not in the default location you can optionally specify it.

ssh -i ~/.ssh/id_rsa user.name@vpn.citius.usc.es

Once connected, you can access all the other hosts in the internal network, like for example yours. Note that you can power it on and off using the remote power tool.

Connection example in Windows

PuTTY can be used with the same configuration data used in the linux example.

However it is necessary to transform the private key file from SSH format to PUTTY format. This one time step can be done with PuTTYgen, which is found in the same web page as PUTTY.

  • Choose the option Conversions » Import key.
  • Select the private key file in SSH format (default name is id_rsa).
  • Introduce the password if necessary.
  • Push the Save private key button and select where to save the .ppk file.

Now you can use the ppk file in the Private key file field both in PuTTY and in WinSCP.

Connection to a service using a SSH tunnel

You can use the SSH gateway to access a CITIUS service by mapping the necessary ports into your local machine. For example, you can access the storage using SSH mapping the ports like this:

ssh -i ~/.ssh/id_rsa user.name@vpn.citius.usc.es -L 8000:172.16.242.41:22

Once connected the files can be accessed trough SSH using the address 127.0.0.1:8000. This same process can be used to access other services. This can also be done in Windows using the WinSCP program then choosing Advanced options and finally filling in the connection data of the Tunnel panel.

  • en/centro/servizos/pasarela_ssh.txt
  • Last modified: 2020/03/11 16:37
  • by jorge.suarez