Warp Login Usage
Warp Usage for Safe Remote Login
Computer Center
Warp Usage for Safe Remote Login
1. Login
2. Access to internal Web Pages
3. Usage of VNC via an SSH tunnel
4. sshuttle
1. Login
Log in to your group's least-loaded WGS:
ssh warp.zeuthen.desy.de
ssh <username>@warp.zeuthen.desy.de
Log in to a special WGS of your choice:
ssh warp.zeuthen.desy.de -t target=<wgs>
2. Access to internal Web Pages
Internal web pages are e.g.
- https://registry.desy.de to change the password
- https://go.desy.de/ProcessPortal for business trips and holiday requests
- and all internal group web pages
Establish an ssh tunnel to warp.
ssh has built-in support to act as a SOCKS proxy. All you have to do is use the -D option.
ssh -D localhost:2233 <username>@warp.zeuthen.desy.de
For Windows-10 an up-to-date release (at least 1909) is required!
Open the cmd promt and type the command described above.
Start your browser or other application which supports SOCKS proxies with proxy localhost and your choosen port, here 2233
Firefox
Linux: Edit->Preferences->Network
Windows: Tools->Options->General->Network Settings->Settings
or application menu-> Settings->General->Network Settings-> Settings
choose "Manual proxy configuration"
SOCKS Host: localhost
Port: 2233
SOCKS v5 should work
Safari (macOS)
Preferences ->Advanced, Proxies: Change Settings
Select SOCKS Proxy
Enter as SOCKS Proxy Server:
localhost:2233
Hint: There are browser plugins to make it easier to switch between proxies.
E.g. FoxyProxy is a set of proxy management tools for Firefox and SwitchyOmega for Chrome.
All outgoing and incoming data for the browsing session will be encrypted since it passes through the SSH connection.
3. Usage of VNC via an SSH tunnel
You can run your vnc session by the command
vncserver:<displaynumber>
on your group's WGS.
To connect to it from outside, you'll have to create a ssh tunnel.
First configure Kerberos on your system for password-less login as explained on https://dvinfo.zeuthen.desy.de/BYOD/User-Info
Then configure your ~/.ssh/config like this:
Host warp.zeuthen.desy.de
User <accountname>
GSSAPIAuthentication yes
GSSAPIDelegateCredentials yes
Host <yourwgs>.zeuthen.desy.de
User <accountname>
GSSAPIAuthentication yes
GSSAPIDelegateCredentials yes
ProxyCommand ssh warp.zeuthen.desy.de nc %h %p
LocalForward 5901 localhost:590<displaynumber>
DynamicForward 2345
Replace your account name, the name of the wgs running the vnc server and the port number, e.g. for port 4, the forward command should direct to localhost:5904. You can then run
ssh <yourwgs>.zeuthen.desy.de
and then connect to the vnc session on localhost:1. You can also use port 2345 as SOCKS5 proxy in your browser to access internal pages.
4. sshuttle
sshuttle is an application which leads all network traffic through one specific gateway. So this application can be used as good alternative to a VPN conncetion.
Linux
Install sshuttle using your local Linux package manager. If it is not available there please download it from github: https://github.com/apenwarr/sshuttle Afterwards execute the following command to establish the connection (use option --no-latency-control on high-bandwidth internet connections for improved performance).
sshuttle --dns --no-latency-control -r <username>@warp.zeuthen.desy.de 141.34.0.0/16 131.169.0.0/16 -x warp.zeuthen.desy.de
Now you will be able to connect to all internal web sites and services and thus will be able to use Remote Desktop programs without using any specific parameters like local ports.
To connect to Windows Terminal Server please follow these instructions Setting up the SSH tunnel and connecting from a Linux host
or use xfreerdp
as Remote Desktop program.
xfreerdp /u: /d:win /v:znapis.zeuthen.desy.de
macOS
Install sshuttle via homebrew (https://brew.sh)
brew install sshuttle
Afterwards execute the following command to establish the connection.
sshuttle --dns --no-latency-control -r <username>@warp.zeuthen.desy.de 141.34.0.0/16 131.169.0.0/16 -x warp.zeuthen.desy.de
Now you will be able to connect to all internal web sites and services.
To connect to Windows Terminal Server please follow these instructions Setting up the SSH client and connection from a Mac host
or use the Microsoft Remote Desktop Client, which you can install from the Apple App Store.