User Tools

Site Tools


Sidebar

NetYCE Documentation



maintenance:general:ssh_jumphost

SSH jumphost

To set up a permanent jumphost for all SSH sessions from NetYCE the following is required.

  1. Generate SSH keys on the netyce server ssh-keygen -b 2048
  2. Copy the contents of .ssh/id_rsa.pub to the jumphost ~/.ssh/authorized_keys file. Make sure it is all on one line.
  3. Verify you can login to the jumphost without a password ssh <jumpuser>@<jumphost>
  4. modify the /opt/yce/etc/ssh_config to include the following portion:
    1. Host *
      	GSSAPIAuthentication yes
      	ForwardX11Trusted yes
      	ProxyCommand ssh -q -i ~/.ssh/id_rsa <jumpuser>@<jumphost> -W %h:%p
    2. do not modify other aspects
  5. Verify you can connect to a node. ssh <user>@<node> -v -F /opt/yce/etc/ssh_config
    1. you should see this line in the debug output: debug1: Executing proxy command: exec ssh -q -i ~/.ssh/id_rsa <jumpuser>@<jumphost> -W <node_ip>:22

From this point on all SSH session will use the jumphost.

Drawbacks

NCCM

Without having direct return traffic from the node to NetYCE cripples the NCCM functionality.

You'll have to disable the pre and post backups for the command_jobs as well.

Set all disabled values to 1.

OS upgrades

Since the NetYCE server isn't reachable from the node, the OS can't be retrieved for OS upgrades.

maintenance/general/ssh_jumphost.txt · Last modified: 2020/01/30 07:40 by bdorlandt