Versions Compared

Old Version 14

changes.mady.by.user Richard Leslie Talbot

Saved on

compared with

New Version Current

changes.mady.by.user Bret Giddings

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

...

...

...

NOTE: You do not need to be running GlobalProtect VPN to access SSH resources listed in your VPN access profile. When not running GlobalProtect, you will get an additional MFA prompt.

Permissions

Permission for remote SSH server access via GlobalProtect (or without) is handled in the same central manner as OpenVPN.See below for details of your via your SSH/RDP access profile.

(warning) Only SSH entries allow SSH access.

VPN Account Details

Terminal Access via PuTTY

If you are already using PuTTY (version 0.77 or newer), you will need to modify the configuration under Connection -> Proxy and set the following:

...

Proxy type to SSH

...

In all cases, you have to setup your SSH client to use a jump host of sshgw.essex.ac.uk

...

Port to 22

(warning) Remember to save your settings.

...

You may be prompted for your login name and password twice (once on the SSH gateway and once on your target host), however, this should be the only change you need to make. If you use an SSH keypair, this will be passed on by the SSH gateway to the destination.

ℹ️ We recommend using OpenSSH client on Windows instead of PuTTY. You only need install the client, not the server.

Full Guidance

as described in the sections below.

...

Terminal Access via OpenSSH

on Linux, macOS or Windows

Both Linux and the macOS come with OpenSSH pre-installed but you can also install OpenSSH on Windows 10 or newer too. You only need install the client, not the server.

...

Again, you may be prompted for your login name and password twice (once on the SSH gateway and once on your target host), however, this should be the only change you need to make. If you use an SSH keypair, this will be passed on by the SSH gateway to the destination.

Modify Default

...

OpenSSH Config File

You can also modify your default OpenSSH configuration file ($HOME/.ssh/config) as shown below.

...

There is also an alternative which uses CA signed SSH keys that will enable you to avoid the password prompt on the gateway, and if you configure it, the target host. This will also work without needing to also run GlobalProtect as it uses its own two-factor authentication (2fa).

...

Terminal Access via PuTTY

If you are already using PuTTY (version 0.77 or newer), you will need to modify the configuration under Connection -> Proxy and set the following:

  1. Proxy type to SSH

  2. Proxy hostname to sshgw.essex.ac.uk

  3. Port to 22

(warning) Remember to save your settings.

...

You may be prompted for your login name, password and Microsoft MFA code for sshgw and your login and password on your target host. However, this should be the only change you need to make. If you use an SSH keypair, this will be passed on by the SSH gateway to the destination.

ℹ️ We recommend using OpenSSH client on Windows instead of PuTTY. You only need install the client, not the server.

Full Guidance

...

Copying files using scp/sftp

Should you want to copy files between your local device and the remote server, the standard scp and sftp commands (or PuTTY equivalents) should work fine. Note that for M: drive remote access, please see instructions at https://universityofessex.atlassian.net/l/cp/PxxeKgR8.

...

Copying files using FileZilla

...