====== Off-campus access to Cor@l network ======
===== Security =====
The Jumphost (ssh.lehigh.edu) is now protected by dual factor authentication ( [[https://confluence.cc.lehigh.edu/display/LKB/Two-factor+Authentication+with+Duo+-+FAQ|Duo Two Factor Authentication]] ) when logging in directly. As an alternative passwordless ssh can be configured. Please review the Security section when setting up passwordless ssh access to Lehigh IT resources through the jumphost.
**We are recommending that a password protected key be used when accessing ssh.lehigh.edu from off campus to protect the integrity of internal IT resources.**
__Please review the best practices from the website:__
**Best Security Practices**
* **Always protect your key pair with a passphrase.**
* Use a strong passphrase just as you would for your password.
* **Do not use your password as your passphrase.**
* Do not write your password/passphrase and store at a place that anyone can access for e.g. post-it note on your monitor.
* Verify only your account has access to ssh keys by running chmod 700 ~/.ssh.
* Never share your private key and/or your passphrase/password.
* Always store your credentials in ssh-agent with a definite lifetime.
* Change your passphrase as regularly as you change your password.
* Do not use reuse your password and passphrase.
* Limit the number of systems that you log in from.
[[https://confluence.cc.lehigh.edu/display/hpc/SSH+public-key+authentication|For more information please review this link.]]
===== SSH =====
SSH access to COR@L network is blocked for security reasons. In case you need to access it, there are two ways to access it:
- Connect to [[tutorial:vpn|VPN]] and ssh to [[info:coral|server you want]] (coral.ie.lehigh.edu, polyps.ie.lehigh.edu, etc..)
- Connect to ssh server of Lehigh ssh username@ssh.lehigh.edu
with your Lehigh username and **Lehigh password**. \\ Then ssh into COR@L: ssh username@coral.ie.lehigh.edu
and enter your **[[coral:password|COR@L password]]**.
===== SCP =====
For SCP (Remote file copy) access to your files, you may use a tunnel over ssh.lehigh.edu.
==== WinSCP ====
* Enter coral.ie.lehigh.edu for the host name and your username \\ {{ :tutorial:1.png?nolink |}}
* Click Advanced and Connection/Tunnel
* Enable "Connect through SSH Tunnel" and enter ''ssh.lehigh.edu'' as the host name and enter your username \\ {{ :tutorial:2.png?nolink |}}
* Save and try to connect. You will be asked two passwords, the first one is your **Lehigh password** and second one is your **COR@L password**.