SSH Passthrough

SSH passthrough allows you to skip the two-step login process, enabling you to transfer files directly from your computer to cfe.
This article is adapted from NASA's NAS documentation here: Charlie uses the same system structure as NAS, just substitute CFE (Charlie Front End) when they use PFE (Pleiades Front End). Also, we do not currently use multiple SFE/CFE hosts (e.g. cfe1, cfe2).

Setting up SSH passthrough

Step 1: Copy OpenSSH public key to host.

This tutorial assumes that you already have a public/private key pair on your local machine.
TIP: Ensure that you have an .ssh directory on CFE before issuing the scp command below. Otherwise, the command will copy the file to CFE with the filename ".ssh." To create the directory, log into CFE and issue the command mkdir .ssh.
On your local system, run:
your_local_system$ ssh [email protected]
On SFE, run:
sfe$ scp .ssh/ [email protected]:~.ssh
If you get an error that doesn't exist, you will need to create a new key using the following command:
sfe$ ssh-keygen
Press Enter when prompted for a file location (leave blank for default) Press Enter when prompted for a passphrase (leave blank) Press Enter to confirm a blank passphrase
Add your public key to your .ssh/authorized_keys file on cfe
On CFE, run:
cfe$ cat ~/.ssh/ >> ~/.ssh/authorized_keys
cfe$ chmod 600 ~/.ssh/authorized_keys
If you get the error message "/u/username/.ssh/authorized_keys: No such file or directory" after issuing the above command, you likely have set noclobber, which prevents you from overwriting files. You can use the command unset noclobber first to avoid this problem.

Step 2: Create/Modify the .ssh/config File on Your Local System

In the ~/.ssh/config file on your local system, add the following entries for sfe and cfe. If you do not have a ~/.ssh/config file, you can create one by using the following template:
Host sfe
Host cfe
ProxyJump sfe
WARNING: Your .ssh/config file should be set with no group/others write permission. Otherwise, you will get this error message when you connect: Bad owner or permissions on /u/your_local_username/.ssh/config.
You should now be able to ssh to CFE from your local machine using the following command without the VPN:
your_local_system$ ssh [email protected]
You will be prompted for your sfe password, but should then be passed through to CFE.

More information