Skip to content

Connecting to the SunLab without VPN via Lehigh’s SSH Gateway

From off-campus locations, VPN is the primary method of accessing the SunLab via SSH.

If you are unable or unwilling to use Lehigh’s VPN, an alternate method of connection is via Lehigh’s SSH Gateway.

Info

More information about Lehigh’s SSH Gateway is available at the following website:

https://lehigh.atlassian.net/wiki/spaces/LKB/pages/26679833/SSH+-+Secure+Shell+access

Important

If you experience trouble using the SSH Gateway, ensure you are able to log directly into SunLab via SSH while connected to Lehigh's VPN. Once you have confirmed that is working properly, you can then attempt to utilize the SSH Gateway.

In a Terminal (Mac or Linux) or PowerShell (Windows) window, type the following to “jump” via Lehigh’s SSH Gateway and log into the SunLab. Be sure to replace ‘lid123’ with your Lehigh ID and ‘sunlabuser’ with your SunLab username (usually the same as your Lehigh ID) in the following command:

ssh -J lid123@ssh.lehigh.edu sunlabuser@sunlab.cse.lehigh.edu

Screenshot

Upon connecting, you will first be prompted for your Lehigh ID password, enter it. Next, you will be authenticated via DUO (if configured for your account). Once you proceed through DUO authentication, the next prompt will be for your SunLab password.

The following screenshot shows the login process via the ssh.lehigh.edu jump server:

Screenshot

Avoiding DUO and Passwords while connecting to Lehigh’s SSH Gateway

To avoid the need to authenticate twice (once for the Lehigh SSH Gateway, and once for the SunLab), you can distribute your SSH keys to the Lehigh SSH Gateway so future logins to the gateway will be passwordless and not require DUO authentication. You would still be prompted to authenticate with your SunLab password unless you copy your SSH key to the SunLab as well (see the next section of this document for that process).

To copy your SSH key to the Lehigh gateway, type the following command replacing ‘lid123’ with your Lehigh ID:

On Mac or Linux:

ssh-copy-id lid123@ssh.lehigh.edu

On Windows, use the following command within a PowerShell Window (which does not currently support the ssh-copy-id command). 

type $env:USERPROFILE\.ssh\id_rsa.pub | ssh lid123@ssh.lehigh.edu "cat >> .ssh/authorized_keys"

You will be prompted for your Lehigh ID password (not your SunLab password) and may need to authenticate with DUO.

If all goes well, the process should look like the following:

Screenshot

Next, attempt login to the Lehigh SSH Gateway to ensure you are no longer prompted for your password:

Screenshot

Pushing your SSH Key to SunLab via the Lehigh SSH Gateway

You can push your SSH Key to the SunLab via the SSH Gateway using the ProxyJump option of the ssh-copy-id function. To do this, enter the following command replacing ‘lid123’ and ‘sunlabuser’ as appropriate:

On Mac or Linux:

ssh-copy-id -o ProxyJump=lid123@ssh.lehigh.edu sunlabuser@sunlab.cse.lehigh.edu

On Windows, use the following command within a PowerShell Window (which does not currently support the ssh-copy-id command). Note, this is a single line command, and while shown on two lines in this document should be entered as a single command.)

type $env:USERPROFILE\.ssh\id_rsa.pub | ssh -o ProxyJump=[lid123@ssh.lehigh.edu](mailto:lid123@ssh.lehigh.edu) sunlabuser@sunlab.cse.lehigh.edu "cat >> .ssh/authorized_keys"

Screenshot

Now logins to SunLab via the Lehigh SSH Gateway will not prompt for any passwords nor DUO authentication.

Obtaining Assistance

Please email help@cse.lehigh.edu to obtain any assistance with the SSH environment.