SL:Remote Access und Diskussion:Shell/Fingerprints: Unterschied zwischen den Seiten
(Unterschied zwischen Seiten)
Zur Navigation springen
Zur Suche springen
imported>Burghardt |
imported>Matthias.neumann (Neuer Abschnitt →shell server fingerprints) |
||
| Zeile 1: | Zeile 1: | ||
| + | When trying to connect to<br /> |
||
| − | == Single Hop == |
||
| + | <code>shell.stud.informatik.uni-goettingen.de</code><br/> |
||
| − | Repetition of some well known facts and a standard procedure: |
||
| + | via ssh, it tells me that the fingerprint is<br /> |
||
| + | <code>SHA256:L+FCMj2bm8x/BfR8AdaaLnqTmFD35D0EYNlFG7a2dt8</code>,<br/> |
||
| + | which is documented here to be the old fingerprint, so it should only have been in use till april 2017. |
||
| + | So, is the documentation incorrect or is the shell server still using the older fingerprint (at least sometimes)? |
||
| + | --[[Benutzer:Matthias.neumann|Matthias.neumann]] 17:29, 27. Sep. 2017 (CEST) |
||
| + | == shell server fingerprints == |
||
| − | * local computers are ''not'' reachable from the outside world as this is the definition of "local" |
||
| − | * all our "normal" LANs uses subnets in several sub-ranges of <code>172.16.0.0/12</code>. E.g. Telematic uses <code>172.22.0.0/16</code> |
||
| − | * the Sensor Lab's net is ''behind'' a local router <code>172.22.255.253</code>) and uses a private network <code>192.168.22.0/24</code> |
||
| − | * standard protocol to access local machines from outside is [[SSH]] |
||
| − | * to reach (for example) <code>tmgsim1.sl.tmg.loc</code> you need to login to a public server first and then connect to the final destination |
||
| + | Also, the fingerprints for <tt>ssh-ed25519</tt> is the same on <tt>shell.informatik.uni-goettingen.de</tt> and <tt>shell.stud.informatik.uni-goettingen.de</tt>, but does not match any of the fingerprints documented. |
||
| − | ''This does work only if your destination address:port is reachable from the single intermediate hop. '' |
||
| + | I get the following fingerprint: <tt>SHA256:H4FLNG2aNYRZ3jxepIx5E0s0a2ZvtZbbmVLt56b+nK0</tt>. |
||
| − | |||
| + | What is the correct fingerprint? |
||
| − | === Accessing a virtual Windows Desktop from a local Windows machine === |
||
| + | If the documentation is correct, it looks like I'm getting the old fingerprints while the server should be using the new ones... |
||
| − | * <code>tmgsim4.tmg.loc</code> is running Windows 7 |
||
| − | |||
| − | Please note that this machine is ''not'' located in the Sensor Lab Network because of limitations of the available license for [[Qualnet]]. |
||
| − | ~$ host tmgsim4.tmg.loc |
||
| − | tmgsim4.tmg.loc has address 172.22.98.204 |
||
| − | |||
| − | Use the login server (<code>login.stud.informatik.uni-goettingen.de</code>) and establish Port Forwarding of an arbitray /unused local port (e.g. 12345) to port 3389 on that target machine using [[PuTTY]]. |
||
| − | |||
| − | For reference: the unix command line looks like this: |
||
| − | ssh -L 12345:tmgsim4.tmg.loc:3389 username@login.stud.informatik.uni-goettingen.de |
||
| − | |||
| − | In [[PuTTY]] you need to go to Connections --> SSH --> Tunnels and fill Source Port with 12345 and Destination with <code>tmgsim4.tmg.loc:3389</code>. After pressing "Add" the result is one line in the "Forwarded Ports" list reading: |
||
| − | L12345 tmgsim4.tmg.loc:3389 |
||
| − | |||
| − | Now you can connect with <code>rdesktop</code> (Linux) or "<code>Remote Desktop Connection</code>" (Windows) to |
||
| − | |||
| − | localhost:12345 |
||
| − | |||
| − | You will get a windows login screen. Log in with your credentials in the usual form, e.g. <code>UG-STUDENT\username</code> or <code>GWDG\username</code> |
||
| − | |||
| − | Please note the number of licenses is small, so you might not be able to use Qualnet. |
||
| − | |||
| − | <small>Successfully verified: Eduroam/WLAN --> login.stud --> rdesktop --> Qualnet. Udo, 05.10.2011 </small> |
||
| − | |||
| − | == Double Hop == |
||
| − | * http://sshmenu.sourceforge.net/articles/transparent-mulithop.html |
||
| − | Please read and adapt and document here :-) |
||
| − | |||
| − | |||
| − | == See also == |
||
| − | * [[SL:Virtual Machines]] |
||
| − | * [[SL:Introduction]] |
||
| − | |||
| − | == Links == |
||
| − | * ... |
||
| − | |||
| − | [[Category:Sensorlab]] |
||
Version vom 27. September 2017, 20:20 Uhr
When trying to connect to
shell.stud.informatik.uni-goettingen.de
via ssh, it tells me that the fingerprint is
SHA256:L+FCMj2bm8x/BfR8AdaaLnqTmFD35D0EYNlFG7a2dt8,
which is documented here to be the old fingerprint, so it should only have been in use till april 2017.
So, is the documentation incorrect or is the shell server still using the older fingerprint (at least sometimes)?
--Matthias.neumann 17:29, 27. Sep. 2017 (CEST)
shell server fingerprints
Also, the fingerprints for ssh-ed25519 is the same on shell.informatik.uni-goettingen.de and shell.stud.informatik.uni-goettingen.de, but does not match any of the fingerprints documented. I get the following fingerprint: SHA256:H4FLNG2aNYRZ3jxepIx5E0s0a2ZvtZbbmVLt56b+nK0. What is the correct fingerprint? If the documentation is correct, it looks like I'm getting the old fingerprints while the server should be using the new ones...