Accessing the DAPLAB
SSH access ➙
ssh -p 2202 pubgw1.daplab.ch
- SSH client (for Windows, we recommend the use of PuTTY and see how to create a key with PuTTY)
- A browser -- well, if you can access this page, you should have met this requirement :)
Creating an account
Here are the steps to create a new DAPLAB account:
- go to https://portal.daplab.ch
select "New User" on the top menubar and fill the form. You will soon receive a confirmation email (as soon as an administrator got the time to review your application form).
Once the email received, you can go to Request Password Reset and enter your username. You will immediately receive an email containing a token.
Go to Finish Password Reset, enter your username as well as the token you just received by email. This last step will give you a temporary password.
That's it ! Now, it's time for your first login.
Once you get your temporary password, you can log into the gateway via ssh:
ssh -p 2202 email@example.com
A prompt will ask you your temporary password, then ask you for a new one. Please, ensure your password is strong enough !
The password has to contain letters, numbers and special characters, and can't be based on a dictionary word.
Congrats, you are now a Daplab user !
For enhanced security reasons, we decided to move the SSH port to
2202. If you use the ssh config described below, you're not forced to remember this trick.
Using a key instead of a password
In case you don't want to login with a password every time, you can copy your public key to the
~/.ssh/authorized_keys file in your daplab home directory.
Create a key: If you don't already have a key on your system, you need to generate one. On a unix-based system, creating a ssh key is done using
ssh-keygen -t rsa -b 2048. It should generate two files (private and public key) which default to
Copy your key: On your local system, navigate to
~/.ssh and copy the content of your public key file (the one ending with
.pug). SSH into the daplab and paste it to the
~/.ssh/authorized_keys file (you might need to create it). Note that those steps can also be performed automatically by using the commandline tool
Once this is done, you can use the tricks described below.
The following configuration can be added in your
~/.ssh/config file (given you have setup the key-based ssh login):
Host pubgw1.daplab.ch Port 2202 PreferredAuthentications publickey,password IdentityFile ~/.ssh/id_rsa ForwardAgent yes ProxyCommand none ControlPersist 60s ControlMaster auto ControlPath ~/.ssh/ssh_control_%h_%p_%r
Please update accordingly the parameter
IdentityFile in the above snippet. You might
also need to set a username using the
DAPLAB Admins Setup
This section is specific to the DAPLAB Admins in order to ease their life accessing frequently different servers.
In order to access every nodes transparently via the gateway, the following lines can be
Host daplab-*.fri.lan StrictHostKeyChecking no ProxyCommand ssh pubgw1.daplab.ch nc %h 22 2> /dev/null PreferredAuthentications publickey,password IdentityFile ~/.ssh/id_rsa
(mind updating the params, more particularly the ssh key and the User)
You can then ssh directly into any internal server:
To access internal UIs from outside the DAPLAB wifi, you can use sshuttle:
sshuttle --dns -r pubgw1.daplab.ch 10.10.10.0/24
And then you can ssh to daplab servers as if you where local to the infrastructure;
You are a MacOS Yosemite User ?
Then, you need to add an extra route in order to have the setup working properly (more details here):
sudo route add -net 10.10.10.0/24 188.8.131.52