Connecting from Outside: Difference between revisions
| (16 intermediate revisions by 6 users not shown) | |||
| Line 1: | Line 1: | ||
go back to [[Main Page]], [[Computational Resources]], [[Services]] | go back to [[Main Page]], [[Computational Resources]], [[Services]] | ||
== | == Access to Local Clusters from outside == | ||
So you want to connect from your home/cybercafe/WIFI/whatever. | So you want to connect from your home/cybercafe/WIFI/whatever. | ||
You will need an ssh client. | You will need an ssh client. | ||
The "direct" entrance to the clusters from outside is forbidden for safety reasons, and it must be done through an intermediate computer called betelgeuse.Ask your favourite admin (Martín) for a user/password if you don't already have one (it isn't the same as kimik/tekla) | |||
To do it so, you have two options: | |||
ssh | '''1. Connect first to betelgeuse.iciq.es and then from there to your cluster (kimik, telkla...) | ||
''' | |||
'''ATENTION: [http://aliga.iciq.es/wiki/images/2/27/2FAS-BETELGEUSE.pdf READ THIS DOCUMENT] of 2FA (2 Factor Authenticator), is mandatory. | |||
''' | |||
*In linux, from command line: | |||
ssh username@betelgeuse.iciq.es -p 2004 -X -C | |||
an then once inside betelgeuse; ssh username@namecluster.iciq.es | |||
(where namecluster the cluster you want to connect to) | |||
for other programs, RTFM or ask admin for help. | for other programs, RTFM or ask admin for help. | ||
* | *In Windows, You will need an ssh client, like Putty or MobaXTerm (more than a ssh client). To connect from home/cybercafe/WIFI/whatever:"-p 2004" means port 2004. You can enter the port number in the box next to computer name without the -p, (change the default 22 by 2004). | ||
*To copy a folder from kimik2 to/from an external linux machine, you can issue the following commands in kimik2: | |||
scp -Cr folder-name user@external-ip:folder-name | |||
scp -Cr user@external-ip:folder-name . | |||
(the external machine needs to have ssh-server or the like installed; and no paranoid protection) | |||
'''2. Create a SSH tunnel''' | |||
A Secure Shell (SSH) tunnel consists of an encrypted tunnel created through a SSH protocol connection. Users may set up SSH tunnels to transfer unencrypted traffic over a network through an encrypted channel. SSH tunnels provide a means to bypass firewalls that prohibit certain Internet services — so long as a site allows outgoing connections. To set up an SSH tunnel, one configures an SSH client to forward a specified local port to a port on the remote machine. Once the SSH tunnel has been established, the user can connect to the specified local port to access the network service. The local port need not have the same port number as the remote port. | |||
In this case, the first step is create the SSH tunnel between namecluster (kimik, tekla,...) to localhost (client computer) through the betelgeuse. It is possible with two methods to create SSH tunnel. The direct SSH tunnel (-L option) or the reverse SSH tunnel (-R option). For more information: http://en.wikipedia.org/wiki/Tunneling_protocol | |||
In this example, the SSH tunnel is created from the 22022 port of localhost (client computer) to the 22 port of namecluster through the 2004 port of betelgeuse. | |||
For this reason, the connection through the ssh tunnel would connect to the localhost by the 22022 port. | |||
The 22022 port is an imagined port. It is possible to change this port by other (80, 21, 22, 8080,...) in function of the open ports in your outside connection. | |||
*In linux, type in the command line: | |||
Create the SSH tunnel to the cluster (namecluster): | |||
sudo ssh -C -X -p 2004 username@betelgeuse.iciq.es -L 22022:namecluster:22 | |||
Connect your PC (localhost) with the SSH tunnel: | |||
ssh -C -X username@localhost -p 22022 | |||
To transfer files: | |||
sftp -C -P 22022 username@localhost | |||
To copy files: | |||
scp -C username@localhost:\\directory\.. . | |||
You can also use it to connect to the [[Terminal Server]] from home, by using -L 22022:10.07.248:3389 | |||
*In Windows, using Putty or similar, it is also possible... (http://osiux.ws/2009/02/tunel-ssh-en-windows-usando-putty/) | |||
*WinSCP can do the tunnel without a previous putty sesion.(http://winscp.net/eng/docs/ui_login_tunnel) | |||
The example are: | |||
http://oldsite.precedence.co.uk/nc/putty.html | |||
http://thedaneshproject.com/posts/ssh-tunneling-with-putty-linux/ | |||
It is necessary put the betelgeuse.iciq.es with 2004 port and the tunnel with 22022 at namecluster:22. It is necessary to open other putty sesion to connet at the namecluster but the hostname is localhost and the port is the 22022. To transfer the files use the WinSCP (http://winscp.net/eng/docs/lang:es) that connet to localhost with 22022 port. | |||
== | == Access to electronic journals from outside == | ||
1.- ICIQ proxy | 1.- ICIQ proxy | ||
| Line 23: | Line 75: | ||
You can have acces to electronic journals from home by using iciq's proxy. | You can have acces to electronic journals from home by using iciq's proxy. | ||
http proxy: proxy.iciq.es | |||
port: 8088 | |||
The username required is: | The username required is: youriciqusername, where youriciqusername is in your e-mail adress (youriciqusername@iciq.es) | ||
The password required is your e-mail's password | The password required is your e-mail's password | ||
2.- URV proxy | 2.- URV proxy | ||
http proxy: proxyauth.urv.net | |||
port: 8085 | |||
[http://intranet.iciq.es/index.php?option=com_content&task=view&id=16&Itemid=28#revistes Intranet_proxy] | more information there: [http://intranet.iciq.es/index.php?option=com_content&task=view&id=16&Itemid=28#revistes Intranet_proxy] | ||
Latest revision as of 11:35, 14 May 2023
go back to Main Page, Computational Resources, Services
Access to Local Clusters from outside[edit]
So you want to connect from your home/cybercafe/WIFI/whatever.
You will need an ssh client.
The "direct" entrance to the clusters from outside is forbidden for safety reasons, and it must be done through an intermediate computer called betelgeuse.Ask your favourite admin (Martín) for a user/password if you don't already have one (it isn't the same as kimik/tekla)
To do it so, you have two options:
1. Connect first to betelgeuse.iciq.es and then from there to your cluster (kimik, telkla...)
ATENTION: READ THIS DOCUMENT of 2FA (2 Factor Authenticator), is mandatory.
- In linux, from command line:
ssh username@betelgeuse.iciq.es -p 2004 -X -C
an then once inside betelgeuse; ssh username@namecluster.iciq.es (where namecluster the cluster you want to connect to)
for other programs, RTFM or ask admin for help.
- In Windows, You will need an ssh client, like Putty or MobaXTerm (more than a ssh client). To connect from home/cybercafe/WIFI/whatever:"-p 2004" means port 2004. You can enter the port number in the box next to computer name without the -p, (change the default 22 by 2004).
- To copy a folder from kimik2 to/from an external linux machine, you can issue the following commands in kimik2:
scp -Cr folder-name user@external-ip:folder-name
scp -Cr user@external-ip:folder-name .
(the external machine needs to have ssh-server or the like installed; and no paranoid protection)
2. Create a SSH tunnel
A Secure Shell (SSH) tunnel consists of an encrypted tunnel created through a SSH protocol connection. Users may set up SSH tunnels to transfer unencrypted traffic over a network through an encrypted channel. SSH tunnels provide a means to bypass firewalls that prohibit certain Internet services — so long as a site allows outgoing connections. To set up an SSH tunnel, one configures an SSH client to forward a specified local port to a port on the remote machine. Once the SSH tunnel has been established, the user can connect to the specified local port to access the network service. The local port need not have the same port number as the remote port. In this case, the first step is create the SSH tunnel between namecluster (kimik, tekla,...) to localhost (client computer) through the betelgeuse. It is possible with two methods to create SSH tunnel. The direct SSH tunnel (-L option) or the reverse SSH tunnel (-R option). For more information: http://en.wikipedia.org/wiki/Tunneling_protocol
In this example, the SSH tunnel is created from the 22022 port of localhost (client computer) to the 22 port of namecluster through the 2004 port of betelgeuse. For this reason, the connection through the ssh tunnel would connect to the localhost by the 22022 port. The 22022 port is an imagined port. It is possible to change this port by other (80, 21, 22, 8080,...) in function of the open ports in your outside connection.
- In linux, type in the command line:
Create the SSH tunnel to the cluster (namecluster):
sudo ssh -C -X -p 2004 username@betelgeuse.iciq.es -L 22022:namecluster:22
Connect your PC (localhost) with the SSH tunnel:
ssh -C -X username@localhost -p 22022
To transfer files:
sftp -C -P 22022 username@localhost
To copy files:
scp -C username@localhost:\\directory\.. .
You can also use it to connect to the Terminal Server from home, by using -L 22022:10.07.248:3389
- In Windows, using Putty or similar, it is also possible... (http://osiux.ws/2009/02/tunel-ssh-en-windows-usando-putty/)
- WinSCP can do the tunnel without a previous putty sesion.(http://winscp.net/eng/docs/ui_login_tunnel)
The example are: http://oldsite.precedence.co.uk/nc/putty.html http://thedaneshproject.com/posts/ssh-tunneling-with-putty-linux/ It is necessary put the betelgeuse.iciq.es with 2004 port and the tunnel with 22022 at namecluster:22. It is necessary to open other putty sesion to connet at the namecluster but the hostname is localhost and the port is the 22022. To transfer the files use the WinSCP (http://winscp.net/eng/docs/lang:es) that connet to localhost with 22022 port.
Access to electronic journals from outside[edit]
1.- ICIQ proxy
You can have acces to electronic journals from home by using iciq's proxy.
http proxy: proxy.iciq.es port: 8088
The username required is: youriciqusername, where youriciqusername is in your e-mail adress (youriciqusername@iciq.es) The password required is your e-mail's password
2.- URV proxy
http proxy: proxyauth.urv.net port: 8085
more information there: Intranet_proxy