Search…
SSH Passthrough
SSH passthrough allows you to skip the two-step login process, enabling you to transfer files directly from your computer to cfe.
This article is adapted from NASA's NAS documentation here: https://www.nas.nasa.gov/hecc/support/kb/setting-up-ssh-passthrough_232.html Charlie uses the same system structure as NAS, just substitute CFE (Charlie Front End) when they use PFE (Pleiades Front End). Also, we do not currently use multiple SFE/CFE hosts (e.g. cfe1, cfe2).

Setting up SSH passthrough

Step 1: Copy OpenSSH public key to host.

This tutorial assumes that you already have a public/private key pair on your local machine.
TIP: Ensure that you have an .ssh directory on CFE before issuing the scp command below. Otherwise, the command will copy the file id_rsa.pub to CFE with the filename ".ssh." To create the directory, log into CFE and issue the command mkdir .ssh.
On your local system, run:
1
your_local_system$ ssh [email protected]
Copied!
On SFE, run:
1
sfe$ scp .ssh/id_rsa.pub [email protected]:~.ssh
Copied!
If you get an error that id_rsa.pub doesn't exist, you will need to create a new key using the following command:
1
sfe$ ssh-keygen
Copied!
Press Enter when prompted for a file location (leave blank for default) Press Enter when prompted for a passphrase (leave blank) Press Enter to confirm a blank passphrase
Add your public key to your .ssh/authorized_keys file on cfe
Copied!
On CFE, run:
1
cfe$ cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
2
cfe$ chmod 600 ~/.ssh/authorized_keys
Copied!
If you get the error message "/u/username/.ssh/authorized_keys: No such file or directory" after issuing the above command, you likely have set noclobber, which prevents you from overwriting files. You can use the command unset noclobber first to avoid this problem.

Step 2: Create/Modify the .ssh/config File on Your Local System

In the ~/.ssh/config file on your local system, add the following entries for sfe and cfe. If you do not have a ~/.ssh/config file, you can create one by using the following template:
1
Host sfe
2
HostName sfe.bigelow.org
3
4
Host cfe
5
HostName cfe.bigelow.org
6
ProxyJump sfe
Copied!
WARNING: Your .ssh/config file should be set with no group/others write permission. Otherwise, you will get this error message when you connect: Bad owner or permissions on /u/your_local_username/.ssh/config.
You should now be able to ssh to CFE from your local machine using the following command without the VPN:
1
your_local_system$ ssh [email protected]
Copied!
You will be prompted for your sfe password, but should then be passed through to CFE.

More information

Last modified 9mo ago
Export as PDF
Copy link