DV-Zeuthen

| Computer Center

Warp Login Usage

Warp Usage for Safe Remote Login

Computer Center

Warp Usage for Safe Remote Login


Login

Log in to your group's least-loaded WGS:
ssh warp.zeuthen.desy.de
ssh <username>@warp.zeuthen.desy.de

Log in to a special WGS of your choice:
ssh warp.zeuthen.desy.de -t target=<wgs>

Access to internal Web Pages


Internal web pages are e.g.

Establish an ssh tunnel to warp.
ssh has built-in support to act as a SOCKS proxy. All you have to do is use the -D option.
ssh -D localhost:2233 <username>@warp.zeuthen.desy.de

For Windows-10 an up-to-date release (at least 1909) is required!
Open the cmd promt and type the command described above.

Start your browser or other application which supports SOCKS proxies with proxy localhost and your choosen port, here 2233

Firefox

Linux: Edit->Preferences->Network
Windows-10: Tools->Options->General->Network Settings->Settings

choose "Manual proxy configuration"
SOCKS Host: localhost
Port: 2233
SOCKS v5 should work

Safari (macOS)

Preferences ->Advanced, Proxies: Change Settings

Select SOCKS Proxy
Enter as SOCKS Proxy Server:
localhost:2233

Hint: There are browser plugins to make it easier to switch between proxies.
E.g. FoxyProxy is a set of proxy management tools for Firefox and SwitchyOmega for Chrome.

All outgoing and incoming data for the browsing session will be encrypted since it passes through the SSH connection.

Usage of VNC via an SSH tunnel

You can run your vnc session by the command vncserver :<displaynumber> on your group's WGS. To connect to it from outside, you'll have to create a ssh tunnel.

First configure Kerberos on your system for password-less login as explained on
https://dvinfo.zeuthen.desy.de/BYOD/User-Info

Then configure your ~/.ssh/config like this:

Host warp.zeuthen.desy.de
   User <accountname>
   GSSAPIAuthentication yes
   GSSAPIDelegateCredentials yes

Host <yourwgs>.zeuthen.desy.de
   User <accountname>
   GSSAPIAuthentication yes
   GSSAPIDelegateCredentials yes
   ProxyCommand ssh warp.zeuthen.desy.de nc %h %p
   LocalForward 5901 localhost:590<displaynumber>
   DynamicForward 2345

Replace your account name, the name of the wgs running the vnc server and the port number, e.g. for port 4, the forward command should direct to localhost:5904. You can then run
ssh <yourwgs>.zeuthen.desy.de and then connect to the vnc session on localhost:1. You can also use port 2345 as SOCKS5 proxy in your browser to access internal pages.