Argonne National Laboratory

Experimental Physics and
Industrial Control System

1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  <20122013  2014  2015  2016  2017  2018  2019  Index 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  <20122013  2014  2015  2016  2017  2018  2019 
<== Date ==> <== Thread ==>

Subject: Re: caxy-1.0.0 released; CA tunneling with SSH
From: Till Straumann <strauman@slac.stanford.edu>
To: tech-talk@aps.anl.gov
Date: Wed, 20 Jun 2012 15:54:55 -0500
The definite prerequisites for my solution were

- only ssh access is possible
- no root access on inside, preferably no root on outside

On 06/20/2012 03:41 PM, Martin Konrad wrote:
Don't I need root access to do that (mess with a tap interface)?
Yes, that's right. This is another downside of using a VPN. But if
everything is configured on a modern Linux machine (using network
manager) it only takes two clicks to establish the connection (no root
password needed).
I bet at many sites this is absolutely no, no, no. Definitely
at our lab.

If I had root access then I can to a lot of fancy things,
of course (at some point I even used quick-and-dirty ppp over ssh).

Also, what if everything besides ssh is firewalled?
The best way would be to talk to your network administrator... But if
you really need to you can use OpenVPN on TCP port 22 as well.
Probably not because ssh is already listening there.

Martin



References:
caxy-1.0.0 released; CA tunneling with SSH Till Straumann
Re: caxy-1.0.0 released; CA tunneling with SSH Martin Konrad
Re: caxy-1.0.0 released; CA tunneling with SSH Till Straumann
Re: caxy-1.0.0 released; CA tunneling with SSH Martin Konrad

Navigate by Date:
Prev: Re: caxy-1.0.0 released; CA tunneling with SSH Martin Konrad
Next: [device support] fast cameras Pavel Masloff
Index: 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  <20122013  2014  2015  2016  2017  2018  2019 
Navigate by Thread:
Prev: Re: caxy-1.0.0 released; CA tunneling with SSH Martin Konrad
Next: [device support] fast cameras Pavel Masloff
Index: 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  <20122013  2014  2015  2016  2017  2018  2019 
ANJ, 18 Nov 2013 Valid HTML 4.01! · Home · News · About · Base · Modules · Extensions · Distributions · Download ·
· Search · EPICS V4 · IRMIS · Talk · Bugs · Documents · Links · Licensing ·