1.6 KiB
SSH Gateways
The purpose of the ssh gateways is to give temporary access to protected networks and resources. Users are only supposed to use ssh to connect to and from the gateways.
The access to the gateway is controlled by special ActiveDirectory groups. The membership of the groups are managed by the responsible of the protected network the gateway gives access to. In case of a beamline this is the beamline scientist.
Connecting to a gateway:
ssh <gateway-name>-gw
To avoid having to type your password to connect to the gateway you can upload your ssh public key to it. This can be done by:
ssh-copy-id <gateway-name>-gw
Afterwards you should be able to login to the gateway without a password.
Establishing an SSH connection through the gateway to a machine inside the protected network:
ssh -J <gateway-name>-gw <name-of-the-machine-you-want-to-connect>
Request Gateway Access
Access to a Gateway can be requested via Service Now with the following workflow:
Open Service Now and https://psi.service-now.com/psisp and browse to the Request Gateway Access Workflow as follows:
Alternatively you can search for "Gateway" in the search field.
Afterwards specify the user and the Gateway you request access for:
Once the request is submitted the responsible person for the Gateway Access List will be informed and requested for approval. Once the Approval is given the user will be automatically added to the necessary AD group.