remote_access_new
This is an old revision of the document!
In addition to other forms of remote access, CS Techstaff provides multifactor SSH access to non-forward-facing hosts through the following pair of bastion (jump) hosts.
bastion1.cs.uchicago.edubastion2.cs.uchicago.edu
To access a host that is not directly connected to the Internet via one of the bastion hosts, you may do the following.
amcguire@Andrews-MacBook-Pro ~ % ssh -J bastion1.cs.uchicago.edu linux1.cs.uchicago.edu (amcguire@bastion1.cs.uchicago.edu) Duo two-factor login for amcguire Enter a passcode or select one of the following options: 1. Duo Push to XXX-XXX-YYYY 2. Phone call to XXX-XXX-YYYY 3. SMS passcodes to XXX-XXX-YYYY Passcode or option (1-3): 1 Success. Logging you in... Last login: Mon Aug 25 00:57:26 2025 from 128.135.164.17 amcguire@focal1:~$
In the preceding, please observe that YYYY should be the last four digits of your telephone number that's been enrolled with Duo, while the -J option is used to specify that bastion1 is the proxy jump host used to "jump" to linux1. A similar result may be obtained via an entry in ~/.ssh/config such as the following.
amcguire@Andrews-MacBook-Pro ~ % cat .ssh/config Host linux1 HostName linux1.cs.uchicago.edu ProxyJump bastion1.cs.uchicago.edu
So that then all one need do is,
amcguire@Andrews-MacBook-Pro ~ % ssh linux1 (amcguire@bastion1.cs.uchicago.edu) Duo two-factor login for amcguire Enter a passcode or select one of the following options: 1. Duo Push to XXX-XXX-YYYY 2. Phone call to XXX-XXX-YYYY 3. SMS passcodes to XXX-XXX-YYYY Passcode or option (1-3):
eliminating the need for the -J option.
/var/lib/dokuwiki/data/attic/remote_access_new.1756151292.txt.gz · Last modified: 2025/08/25 14:48 by amcguire