gogs/git issues and VPN access to the Auton Lab

Predrag Punosevac predragp at andrew.cmu.edu
Tue Nov 3 17:07:45 EST 2020 

This is just a quick follow up building upon Gus's solution.

The ssh trick as described is not a 100% GUI access but it goes quote long
to alleviate the need for GUI. To have CLI access to Git repository you
will need the following small blurb in your ~/.ssh/config

Host gogs
    HostName git.int.autonsys.com
    User git
    Port 2224
    IdentityFile ~/.ssh/gogs
    ProxyCommand           ssh springdale1 exec nc %h %p


Note that the user is always git. That is not a mistake. Gogs automatically
maps singe uid git  to your ssh-keys (you need the GUI access to upload
them) and in turn to your repos. That is what I personally use working from
home.

For example, instead of login into the shell gateway and then moving to one
of your favorite computing nodes, you can do something like this with your
~/.ssh/config file

Host foxconn
    HostName foxconn.int.autonlab.org
    Port 22
    User predragp
    ProxyCommand           ssh -W %h:%p predragp at lop2.autonlab.org

I will conclude this email by saying that with the exception of MATLAB GUI
or genuine web browsing you really don't need the X2Go client and GUI
access to servers.

In my experience, most members actually use Jupiter notebook, RStudio or
just some programming language (I use Julia as many of you know) and need
access only to Gogs web services. Does anybody need help to convert the
following trick?

https://fizzylogic.nl/2017/11/06/edit-jupyter-notebooks-over-ssh/

into the appropriate ~/.ssh/config entry?

If people need help with RStudio or if you guys insist on me running
RStudio-server that would be OK. That kind of suggestions followed with
some nice little hacks are much more useful to all of us in my opinion than
asking for some fundamental changes
requiring complex technologies.

If there is an interest I would be happy to give a ZOOM overview of the Lab
capabilities or even to have regular or irregular Q&A sessions.

Best,
Predrag



On Tue, Nov 3, 2020 at 11:45 AM Predrag Punosevac <predragp at andrew.cmu.edu>
wrote:

> Dear Autonians,
>
> I know that many of you were annoyed by the fact that in order to use our
> internal instance of Gogs you had to use X2Go for GUI access to one of the
> shell gateways first.
>
> https://gogs.io
>
> After a bit of consideration the following solution proposed by Gus Welter
> seems to be the easiest. Locate on your machine the following file or
> create a new one
>
> ~/.ssh/config
>
> use your favorite editor and create an entry as follows:
>
> Host gogs
>          Hostname lop2.autonlab.org (you could do any other shell gateway)
>          User $yourusername
>          IdentityFile ~/.ssh/$your_private_key  (could be left out if you
> insist on using LDAP password)
>          Port 22
>          LocalForward 2222 git.int.autonlab.org:80
>
>
> Then just ssh to gogs. Open the web browser on your own computer and type
> in the search bar
>
> http://localhost:2222
>
> Magic will happen. I will update documentation shortly.
>
>
> After further consideration, evaluation of various VPN technologies:
> OpenSSH, IKEv2, OpenVPN, tinc, WireGuard, AnyConnect (CISCO proprietary
> version as well as open source *ocserv *clone)  the following
> decision was made:
>
> We will continue to provide world wide access to the Auton Lab
> infrastructure via shell gateways OpenSSH for people who don't have the
> Auton Lab provided/supported desktops. However, I will add the additional
> 4th shell gateways. FYI (will be updated in the documenation as well) There
> is a minor difference between
>
> lop2.autonlab.org
> lop1.autonlab.org (I will replace dead gateway with the new one)
>
> and
>
> bash.autonlab.org
> lion.auton.cs.cmu.edu
>
> The first two shell gateways have no VPN overhead. The second two shell
> gateways are just the desktops which are connected via OpenVPN to the
> computing nodes. As a matter of fact any Auton Lab desktop is potentially
> shell gateway but the login is restricted only to the desktop owner. The
> desktops use OpenVPN to connect to the Auton Lab LAN zone. Unless your ISP
> is blocking UDP port 1194 (not uncommon) and you have a very complicated
> NAT (network address translation) set up at home there is no reason that a
> desktop which you take home will stop having VPN access to the lan zone.
>
> Upon the insistence of Robert Edman I agreed to create and distribute
> certificates/keys and configuration files to any Auton Lab member who would
> like to set up OpenVPN access from her/his home computer to our VPN
> gateway. However, I am not willing to give any support beyond that and
> furthermore I am not willing to answer any emails regarding your personal
> machines and home networks.
>
>
> Most Kind Regards,
> Predrag Punosevac
>
>
>
>
>
>
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.srv.cs.cmu.edu/pipermail/autonlab-users/attachments/20201103/35d0b515/attachment.html>

More information about the Autonlab-users mailing list