When you need to access CSIM facilities from outside, you must connect through CSIM VPN or use a Secure SHell (SSH) remote connection to
bazooka.cs.ait.ac.th. Both solutions will ensure that the data transiting between your system and CSIM are fully encrypted from end to end.
bazooka.cs.ait.ac.th is the only machine that you can contact from outside with SSH. If you need to access another machine, you must connect to
While SSH is more limited than a VPN connection, for one of operation, it is faster to use.
bazooka before accessing the macine you want to connect to is a burden.
With the most recent versions of SSH client, you can use the option
-J to define a ProxyJump. For example you want to connect to
puffer.cs.ait.ac.th, you can use
that will connect you to
bazooka first and then to
puffer. The ProxyJump option can be used with
sftp, tunnels, etc. Because
puffer are both in CSIM domain and use the same usernames, you could use the shorter name
puffer instead of
Each time you issue an SSH command, you have to authenticate and enter a password. That can become tiresome (for ProxyJump, you need to provide your password once for
bazooka and a second time for the machine you want to access!)
You can set a pair of public and private keys to authenticate and leverage the power of
ssh-agent to do the authentication automatically.
Another solution is to create an SSH tunnel: a tunnel is a pipeline between your local machine and
bazooka, when you access an Internet service on your local machine, it will be like you are accessing that service from
opens a connection to
bazooka; then bazooka connects to
server on port
rport; finally it opens the port
lport on your local macine. Any traffic to
localhost on port
lport will be directed to
server on port
For example, you are running a web server on a machine inside CSIM, access to your web server is prevented by the firewall, you could do:
and you can access your web server
myweb with the URL
Note that on Linux, defining any port number under 1024 needs to have superuser privileges.
You can see the following examples to configure an SSH tunnel on puTTY.
.ssh/config allow you to create some configuration templates for SSH.
For example you need to use ProxyJump repeatedly to access one machine, you could create a configuration file like:
Host line creates a new section and the details are in the following lines, starting with a space.
You can the
ssh puffer to be connected to
puffer.cs.ait.ac.th through the ProxyJump
ssh-agent will take care of the authentication. Note how I have created two
Hosts so you can also
You can also configure tunnels:
LocalForward 443 myweb:443
If you are tunneling ports under 1024, you must have superuser privileges, so the configuration file must be in the
root home directory, as well as the ssh-agent running under
You need to access to the console of your virtual machine with VMplayer, for example to connect a CD-ROM to the virtual CD drive.
You need to transfer some files to a project machine running inside CSIM firewall, but the direct connection is not allowed.
You need to run an X window application on a project machine in CSIM lab and display the result on your PC outside of CSIM: this is not allowed
Remote Desktop Protocol is convenient to connect to a Microsoft Windows system remotely. But the protocol is not allowed to cross CSIM firewall.