Configuring WSL as a ControlMaster relay server: Difference between revisions
No edit summary |
|||
| Line 102: | Line 102: | ||
However, what I'm realizing now is that on those very same Windows apps I'm not able to list/display the contents of the local Windows drives. Instead they all show the contents of the ubuntu relay server, which may not be what users want. In the most generic case they would like to transfer files directly between Windows and cedar, and not between Ubuntu and cedar. | However, what I'm realizing now is that on those very same Windows apps I'm not able to list/display the contents of the local Windows drives. Instead they all show the contents of the ubuntu relay server, which may not be what users want. In the most generic case they would like to transfer files directly between Windows and cedar, and not between Ubuntu and cedar. | ||
I'm also trying to understand how to setup scp directly from Windows to cedar. | |||
Ultimately we can conceive multiple stanzas in the .ssh/config, one for each site (cedar, graham, beluga, ...) on different ports (2222, 2223, 2224, ...) | |||
Therefore, I probably need a hand from some of you to figure this out. Alliance staff members could post suggestions in the security-mfa channel. Users in general please send email to support with the subject "WSL, ControlMaster/MFA suggestion". Thanks | Therefore, I probably need a hand from some of you to figure this out. Alliance staff members could post suggestions in the security-mfa channel. Users in general please send email to support with the subject "WSL, ControlMaster/MFA suggestion". Thanks | ||
Revision as of 18:25, 22 March 2024
Disclaimer: This is still and experimental procedure (work in progress). Your feedback is welcome.
How to install Linux on Windows with WSL[edit]
- Please follow this link for more detailed instructions
https://learn.microsoft.com/en-us/windows/wsl/install
- this setup assumes the following:
* you selected Ubuntu as your distro of choice * the hostname for the WSL instance is 'ubuntu' edit /etc/hostname (ubuntu) and /etc/hosts (127.0.0.1 localhost ubuntu) * the Windows system is named 'smart' and my login name is 'jaime' * the user name on the ubuntu VM is also 'jaime' * the Alliance user name is 'pinto' and I want to connect to 'cedar'
Install additional packages[edit]
sudo apt update && sudo apt upgrade -y sudo apt install openssh-server -y NOTE: you may login from Windows to Ubuntu with: ssh localhost
General ideal of the setup[edit]
[ssh client] ----> [ssh relay server] ----> [ssh target server] your Windows modified authorized_keys target machine machine in your Ubuntu VM using cedar 'smart' 'ubuntu' 'cedar'
Login to the ubuntu VM and create a custom_ssh folder[edit]
jaime@ubuntu:~$ cat custom_ssh/sshd_config Port 2222 HostKey /home/jaime/custom_ssh/ssh_host_ed25519_key HostKey /home/jaime/custom_ssh/ssh_host_rsa_key AuthorizedKeysFile /home/jaime/custom_ssh/authorized_keys ChallengeResponseAuthentication no UsePAM no #UsePrivilegeSeparation no Subsystem sftp /usr/lib/openssh/sftp-server PidFile /home/jaime/custom_ssh/sshd.pid NOTE: you may copy the ssh_host keys from /etc/ssh
Customize .ssh/config on ubuntu[edit]
jaime@ubuntu:~$ cat .ssh/config
Host cedar
ControlPath ~/.ssh/cm-%r@%h:%p
ControlMaster auto
ControlPersist 10m
HostName cedar.computecanada.ca
User pinto
Configure your customer authorized_keys[edit]
jaime@ubuntu:~/custom_ssh$ cat /home/jaime/custom_ssh/authorized_keys
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHSRvqzlffkzcjRAaMQoTBrPe5FxlSA6cQ0v3yVzN+A+
NOTE: use the same public ssh key that you uploaded to CCDB
Now start the sshd server on 'ubuntu'[edit]
jaime@ubuntu:~/custom_ssh$ /usr/sbin/sshd -f ${HOME}/custom_ssh/sshd_config
NOTE: make sure your start the server as yourself, now as root.
Customize .ssh/config on smart RemoteCommand[edit]
jaime@smart ~/.ssh cat config
Host ubuntu
Hostname localhost
RemoteCommand ssh cedar
jaime@smart ~/.ssh
You are now ready to try to login to cedar[edit]
jaime@smart ~ $ ssh -t ubuntu -p 2222 Enter passphrase for key '/home/jaime/.ssh/id_ed25519': Last login: Fri Mar 22 10:50:12 2024 from 99.239.174.157 ================================================================================ Welcome to Cedar! / Bienvenue sur Cedar! ... ... ... [pinto@cedar1 ~]$
Setup with MobaXterm[edit]
Outstanding Challenges[edit]
With this setup you may be prompt for MFA-duo authentication only on the first session. Subsequently multiple ssh sessions can be started on cedar without MFA. This also works fine to get remote shells on cedar from several apps running natively on Windows. I already tried for WinSCP, but we can assume if will work for other apps with some tweaks.
However, what I'm realizing now is that on those very same Windows apps I'm not able to list/display the contents of the local Windows drives. Instead they all show the contents of the ubuntu relay server, which may not be what users want. In the most generic case they would like to transfer files directly between Windows and cedar, and not between Ubuntu and cedar.
I'm also trying to understand how to setup scp directly from Windows to cedar.
Ultimately we can conceive multiple stanzas in the .ssh/config, one for each site (cedar, graham, beluga, ...) on different ports (2222, 2223, 2224, ...)
Therefore, I probably need a hand from some of you to figure this out. Alliance staff members could post suggestions in the security-mfa channel. Users in general please send email to support with the subject "WSL, ControlMaster/MFA suggestion". Thanks