DESY Intranet Access
KEK
From within KEK direct access to confluence.desy.de is enabled. Form remote KEK can be reached by VPN.
SSHUTTLE
sshuttle is a convenient way to tunnel all accesses to services in the DESY intranet through bastion.
- DESY IT Tunneling (...connect from LINUX to internal Network)
Requirements: Linux, Unix, or MacOS plus sudo access rights.
sshuttle -r <account>@bastion.desy.de 131.169.0.0/16 --dns -D -x bastion.desy.de --disable-ipv6
Tunneling Web Service through SSH Proxy
In order to reach services in the DESY intranet with a web browser (e.g. firefox) under the usual URLs.
Prepare ssh as a proxy:
> ssh -D 2280 @bastion.desy.de
Prepare firefox to use the proxy: Firefox → Open Settings (top right) → General → Network Settings
Tunneling SSH Access
In order to enable scp from KEK to a host at DESY which is behind the DESY firewall do the following (example). (Be aware also this action requires a kerberos token or a regular typing in of the password.).
ssh -nNT -L 2222:confluence.desy.de:22 @bastion.desy.de
-> after typing in your DESY password and OTP send this process to the background (^Z)
-> confluence.desy.de is then seen as localhost with ssh on port 2222!
-> https://localhost:2222/