IT Service: SSH Jump Hosts (lxlogin.gsi.de)

Quick guide

Jump hosts are machines dedicated to forwarding network traffic between different security zones. Hosts of this service forward SSH traffic.

At GSI these hosts enable all users with a Linux account to access internal networks from the internet. They have a minimal setup to reduce security risks and improve performance.

Service description

Jump hosts can be used in the following ways (with examples). For more information about SSH connections see Remote Access to Linux Machines.

  • As minimal login node (ssh lxlogin.gsi.de)
  • As jump host, to reach an internal machine (ssh -J lxlogin.gsi.de lxtarget.gsi.de)
  • For local port forwarding (ssh -L 80:lxtarget.gsi.de:80 lxlogin.gsi.de)
  • As simple VPN with sshuttle (sshuttle -r lxlogin.gsi.de lxtarget.gsi.de)

When you connect for the first time, you will be asked to accept the SSH fingerprint. Please lookup the correct value at Linux Pool Machines.

Hosts in this service provide a minimal setup for a restricted purpose. Therefore only a minimal set of software is installed. There is no graphical user interface available. Moreover they do not have access to central home directories (/u/$account). When you login you get a new directory which will be removed when the session is closed.

You can login to the machines with your GSI Linux account. Moreover you can use SSH keys even tough the hosts do not mount central home directories. They are collected every half hour from all central home directories (.ssh/authorized_keys) and are made available to the jump hosts.

The pool is highly available. This means that you can reconnect almost instantly when losing a SSH connections due to a faulty machine. Please see the instructions at Remote Access to Linux Machines to see how this process can be automated.

All machines in the pool are rebooted sequentially every Monday at 1 am. During this time connections will be lost, but the pool will stay available.

Availability and support


Loading...