====== Off-campus access to Cor@l network ======

===== Security =====

The Jumphost (ssh.lehigh.edu) is now protected by dual factor authentication ( [[https://confluence.cc.lehigh.edu/display/LKB/Two-factor+Authentication+with+Duo+-+FAQ|Duo Two Factor Authentication]] ) when logging in directly. As an alternative passwordless ssh can be configured. Please review the Security section when setting up passwordless ssh access to Lehigh IT resources through the jumphost.

**We are recommending that a password protected key be used when accessing ssh.lehigh.edu from off campus to protect the integrity of internal IT resources.**

__Please review the best practices from the website:__

**Best Security Practices**
  * **Always protect your key pair with a passphrase.**
  * Use a strong passphrase just as you would for your password.
  * **Do not use your password as your passphrase.**
  * Do not write your password/passphrase and store at a place that anyone can access for e.g. post-it note on your monitor.
  * Verify only your account has access to ssh keys by running chmod 700 ~/.ssh.
  * Never share your private key and/or your passphrase/password.
  * Always store your credentials in ssh-agent with a definite lifetime.
  * Change your passphrase as regularly as you change your password.
  * Do not use reuse your password and passphrase.
  * Limit the number of systems that you log in from.


[[https://confluence.cc.lehigh.edu/display/hpc/SSH+public-key+authentication|For more information please review this link.]]

===== SSH =====


SSH access to COR@L network is blocked for security reasons. In case you need to access it, there are two ways to access it:

  - Connect to [[tutorial:vpn|VPN]] and ssh to [[info:coral|server you want]] (coral.ie.lehigh.edu, polyps.ie.lehigh.edu, etc..)
  - Connect to ssh server of Lehigh <code>ssh username@ssh.lehigh.edu</code> with your Lehigh username and **Lehigh password**. \\ Then ssh into COR@L: <code>ssh username@coral.ie.lehigh.edu</code> and enter your **[[coral:password|COR@L password]]**.

===== SCP =====

For SCP (Remote file copy) access to your files, you may use a tunnel over ssh.lehigh.edu.

==== WinSCP ====

  * Enter coral.ie.lehigh.edu for the host name and your username \\ {{ :tutorial:1.png?nolink |}}
  * Click Advanced and Connection/Tunnel
  * Enable "Connect through SSH Tunnel" and enter ''ssh.lehigh.edu'' as the host name and enter your username \\ {{ :tutorial:2.png?nolink |}}
  * Save and try to connect. You will be asked two passwords, the first one is your **Lehigh password** and second one is your **COR@L password**.