DESY Intranet Access

KEK

From within KEK direct access to confluence.desy.de is enabled. Form remote KEK can be reached by VPN.

KEK registration checklist

SSHUTTLE

sshuttle is a convenient way to tunnel all accesses to services in the DESY intranet through bastion.

DESY IT Tunneling (...connect from LINUX to internal Network)

Requirements: Linux, Unix, or MacOS plus sudo access rights.

sshuttle -r <account>@bastion.desy.de 131.169.0.0/16 --dns -D -x bastion.desy.de --disable-ipv6

Tunneling Web Service through SSH Proxy

In order to reach services in the DESY intranet with a web browser (e.g. firefox) under the usual URLs.

DESY IT Tunneling (... access internal Websites)

Prepare ssh as a proxy:

> ssh -D 2280 @bastion.desy.de

Prepare firefox to use the proxy: Firefox → Open Settings (top right) → General → Network Settings

Tunneling SSH Access

In order to enable scp from KEK to a host at DESY which is behind the DESY firewall do the following (example). (Be aware also this action requires a kerberos token or a regular typing in of the password.).

ssh -nNT -L 2222:confluence.desy.de:22 @bastion.desy.de -> after typing in your DESY password and OTP send this process to the background (^Z) -> confluence.desy.de is then seen as localhost with ssh on port 2222! -> https://localhost:2222/