Controls/gitea-pages
0
2
Fork 0
Code Pull Requests Actions Activity

update gateway documentation

Browse Source
This commit is contained in:
ebner
2023-10-30 11:43:45 +01:00
parent 4709f049d6
commit dd4b3f22c3
2 changed files with 9 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files
services-admin-guide/ssh_gateways.md
+8 -1
View File
@@ -2,7 +2,14 @@
The purpose of the ssh gateways is to give access to protected networks and resources (for a finite period of time).
Users are only supposed to use ssh to connect and on the gateways. They are also supposed to only use the ssh command to further connect to other machines. It is not intended that users keep state on the gateways (e.g. screen/tmux sessions)
Users are only supposed to use ssh to connect to the gateways as well as them to further connect to other machines. Never the less, for ease of use, there are some protocols/ports that can directly be accessed from the ssh gateway. These ports include: 5900 VNC, 3389 RDP, ICMP/PING.
Therefore direct portforwarding on those ports will work.
```
ssh -L 3389:machine-you-want-to-connect:3389 protected-network-gw
```
It is not intended that users keep state on the gateways (e.g. screen/tmux sessions)
Depending on the gateway the user authenticates via password or password/MFA combination.
services-user-guide/ssh_gateways.md
+1 -5
View File
@@ -1,10 +1,9 @@
# SSH Gateways
The purpose of the ssh gateways is to give temporary access to protected networks and resources. Users are only supposed to use __ssh__ to connect to and on the gateways. They are not supposed to only use the __ssh__ command to further connect to the machine they need to connect to.
The purpose of the ssh gateways is to give temporary access to protected networks and resources. Users are only supposed to use __ssh__ to connect to and from the gateways.
The access to the gateway is controlled by special ActiveDirectory groups. The membership of the groups are managed by the responsible of the protected network the gateway gives access to. In case of a beamline this is the beamline scientist.
Connecting to a gateway:
```bash
@@ -25,6 +24,3 @@ Establishing an SSH connection through the gateway to a machine inside the prote
```bash
ssh -J <gateway-name>-gw <name-of-the-machine-you-want-to-connect>
```