...
...
...
...
NOTE: You do not need to be running GlobalProtect VPN to access SSH resources listed in your VPN access profile. When not running GlobalProtect, you will get an additional MFA prompt.
Permissions
Permission for remote SSH server access via GlobalProtect (or without) is handled in the same central manner as OpenVPN.See below for details of your via your SSH/RDP access profile.
Only SSH entries allow SSH access.
Terminal Access via PuTTY
If you are already using PuTTY (version 0.77 or newer), you will need to modify the configuration under Connection -> Proxy and set the following:
...
Proxy type to SSH
...
In all cases, you have to setup your SSH client to use a jump host of sshgw.essex.ac.uk
...
Port to 22
Remember to save your settings.
...
You may be prompted for your login name and password twice (once on the SSH gateway and once on your target host), however, this should be the only change you need to make. If you use an SSH keypair, this will be passed on by the SSH gateway to the destination.
ℹ️ We recommend using OpenSSH client on Windows instead of PuTTY. You only need install the client, not the server.
as described in the sections below.
...
Terminal Access via OpenSSH
on Linux, macOS or Windows
Both Linux and the macOS come with OpenSSH pre-installed but you can also install OpenSSH on Windows 10 or newer too. You only need install the client, not the server.
...
Again, you may be prompted for your login name and password twice (once on the SSH gateway and once on your target host), however, this should be the only change you need to make. If you use an SSH keypair, this will be passed on by the SSH gateway to the destination.
Modify Default
...
OpenSSH Config File
You can also modify your default OpenSSH configuration file ($HOME/.ssh/config) as shown below.
...
There is also an alternative which uses CA signed SSH keys that will enable you to avoid the password prompt on the gateway, and if you configure it, the target host. This will also work without needing to also run GlobalProtect as it uses its own two-factor authentication (2fa).
...
Terminal Access via PuTTY
If you are already using PuTTY (version 0.77 or newer), you will need to modify the configuration under Connection -> Proxy and set the following:
Proxy type to SSH
Proxy hostname to sshgw.essex.ac.uk
Port to 22
Remember to save your settings.
...
You may be prompted for your login name, password and Microsoft MFA code for sshgw and your login and password on your target host. However, this should be the only change you need to make. If you use an SSH keypair, this will be passed on by the SSH gateway to the destination.
ℹ️ We recommend using OpenSSH client on Windows instead of PuTTY. You only need install the client, not the server.
...
Copying files using scp/sftp
Should you want to copy files between your local device and the remote server, the standard scp and sftp commands (or PuTTY equivalents) should work fine. Note that for M: drive remote access, please see instructions at https://universityofessex.atlassian.net/l/cp/PxxeKgR8.
...
Copying files using FileZilla
...