- Home
- Information Technology Research Computing
- Research Computing Knowledge Base
- Secure Shell (SSH) Proxy
SSH Proxy
We recommend that all users use one of the VPN services offered by the university to connect to HPC resources from off campus, in particular the 'Research VPN'. For situations where the VPN is impractical, access can be accommodated via a proxy server. If you have access to a Linux system, that system can be used to proxy ssh connections to HPC and other resources on campus. The research computing group also maintains a proxy server on an "as time and resources permits" basis. If you have a use case that requires proxy access, please contact us for further information (IT-RC@umb.edu).
Setting up your local client to proxy can be done by configuration file, or on the command line. The configuration file is probably the simplest approach, and involves creating an entry in your ssh configuration (~/.ssh/config on Linux, Mac OSX, or Cygwin systems):
Host ravana_proxy
User ravanauser
HostName ravana.umb.edu
ProxyCommand ssh proxyuser@<proxyname>.umb.edu -W %h:%p 2> /dev/null
In the above, set the Host to any name you want to refer to your connection as. This will be the 'machine' you ssh to in order to connect via the proxy (e.g. 'ssh ravana_proxy' in the above example). We recommend that you choose something that is not identical to the actual machine name, in case you want to connect directly. Replace 'ravanauser' with your username on the remote system that you ultimately want to connect to. The 'Hostname' should be the fully qualified domain name of the remote system, in this example it refers to the ravana cluster. The proxy command should be edited to show the username of the account on the proxy machine and the fully qualified domain name of the proxy machine.
When you connect via the proxy, you will get two password prompts - the first will be for the proxy and the second will be for the remote machine. These may look identical, so take care to get the passwords correct on the first try. If you are using ssh keys, your public key (and only your public key) should be on the proxy and remote systems. Do not put your private key on the proxy.
IT Research Computing
Healey Library, Lower Level
UMass Boston
100 Morrissey Blvd.
Boston, MA 02125
Book a Consultation
617.287.5399
It-rc@umb.edu