Copyright 2022 - CSIM - Asian Institute of Technology

When you need to access CSIM facilities from outside, you must connect through CSIM VPN or use a Secure SHell (SSH) remote connection to bazooka.cs.ait.ac.th. Both solutions will ensure that the data transiting between your system and CSIM are fully encrypted from end to end.

In MS Windows world, puTTY is a robust, portable and well used SSH solution. Windows 10 version 1803 or newer bundles its own version of OpenSSH, or you can download OpenSSH for Windows.

bazooka.cs.ait.ac.th is the only machine that you can contact from outside with SSH. If you need to access another machine, you must connect to bazooka first.

While SSH is more limited than a VPN connection, for one of operation, it is faster to use.

Using ProxyJump to ease connection

Connecting to bazooka before accessing the macine you want to connect to is a burden.

With the most recent versions of SSH client, you can use the option -J to define a ProxyJump. For example you want to connect to puffer.cs.ait.ac.th, you can use

ssh -J This email address is being protected from spambots. You need JavaScript enabled to view it. puffer

that will connect you to bazooka first and then to puffer. The ProxyJump option can be used with scp, sftp, tunnels, etc. Because bazooka and puffer are both in CSIM domain and use the same usernames, you could use the shorter name puffer instead of This email address is being protected from spambots. You need JavaScript enabled to view it.. Note that puTTY does not implement ProxyJump.

Using public/private keys and ssh-agent

Each time you issue an SSH command, you have to authenticate and enter a password. That can become tiresome (for ProxyJump, you need to provide your password once for bazooka and a second time for the machine you want to access!)

You can set a pair of public and private keys to authenticate and leverage the power of ssh-agent to do the authentication automatically.

Tunneling through SSH

Another solution is to create an SSH tunnel: a tunnel is a pipeline between your local machine and bazooka, when you access an Internet service on your local machine, it will be like you are accessing that service from bazooka.

ssh This email address is being protected from spambots. You need JavaScript enabled to view it. -L lport:server:rport

opens a connection to bazooka; then bazooka connects to server on port rport; finally it opens the port lport on your local macine. Any traffic to localhost on port lport will be directed to server on port rport.

For example, you are  running a web server on a machine inside CSIM, access to your web server is prevented by the firewall, you could do:

ssh This email address is being protected from spambots. You need JavaScript enabled to view it. -L 80:myweb:80

and you can access your web server myweb with the URL http://localhost/.

Note that on Linux, defining any port number under 1024 needs to have superuser privileges.

You can see the following examples to configure an SSH tunnel on puTTY.

Creating special configuration for SSH

The file .ssh/config allow you to create some configuration templates for SSH.

For example you need to use ProxyJump repeatedly to access one machine, you could create a configuration file like:

Host puffer
    Hostname puffer.cs.ait.ac.th
    ProxyJump bazooka
    User st123456
Host bazooka
    Hostname bazooka.cs.ait.ac.th
    User st123456

The Host line creates a new section and the details are in the following lines, starting with a space.

You can the ssh puffer to be connected to puffer.cs.ait.ac.th through the ProxyJump bazooka.cs.ait.ac.th. The ssh-agent will take care of the authentication. Note how I have created two Hosts so you can also ssh bazooka.

You can also configure tunnels:

Host myweb
    Hostname bazooka.cs.ait.ac.th
    User st123456
    LocalForward 443 myweb:443

If you are tunneling ports under 1024, you must have superuser privileges, so the configuration file must be in the root home directory, as well as the ssh-agent running under root.

Tunneling VMplayer to access virtual machine

You need to access to the console of your virtual machine with VMplayer, for example to connect a CD-ROM to the virtual CD drive.

Tunneling file transfer

You need to transfer some files to a project machine running inside CSIM firewall, but the direct connection is not allowed.

Tunneling X window applications

You need to run an X window application on a project machine in CSIM lab and display the result on your PC outside of CSIM: this is not allowed

Tunneling MS Remote Desktop Protocol

Remote Desktop Protocol is convenient to connect to a Microsoft Windows system remotely. But the protocol is not allowed to cross CSIM firewall.

 Power by:  puTTY openssh

Login Form

Search

School of Engineering and technologies     Asian Institute of Technology