DESY Intranet Access

KEK

From within KEK direct access to confluence.desy.de is enabled. Form remote KEK can be reached by VPN.

KEK registration checklist

eduVPN

The most convenient way to access services in the DESY intranet, e.g. XWIKI is eduVPN.
Please refer to the documentation in DESY IT eduVPN.

SSHUTTLE

sshuttle is a convenient way to tunnel all accesses to services in the DESY intranet through bastion.

DESY IT Tunneling (...connect from LINUX to internal Network)

Requirements: Linux, Unix, or MacOS plus sudo access rights.

sshuttle -r <account>@bastion.desy.de 131.169.0.0/16 --dns -D -x bastion.desy.de --disable-ipv6

Tunneling Web Service through SSH Proxy

In order to reach services in the DESY intranet with a web browser (e.g. firefox) under the usual URLs.

DESY IT Tunneling (... access internal Websites)

Prepare ssh as a proxy:

> ssh -D 2280 @bastion.desy.de

Prepare firefox to use the proxy: Firefox → Open Settings (top right) → General → Network Settings

Tunneling SSH Access

In order to enable scp from KEK to a host at DESY which is behind the DESY firewall do the following (example). (Be aware also this action requires a kerberos token or a regular typing in of the password.).

ssh -nNT -L 2222:confluence.desy.de:22 @bastion.desy.de -> after typing in your DESY password and OTP send this process to the background (^Z) -> confluence.desy.de is then seen as localhost with ssh on port 2222! -> https://localhost:2222/