There are several parts of our git infrastructure which are only accessible within the CERN network.
The following advice should help you set up a browser to be able to access these protected pages remotely.
Extra step for windows:
If you don’t have OpenSSH install it as per this link.
Mac/Linux/Windows
Add the following to your .ssh/config file
host lxtunnel lxtunnel.cern.ch
Hostname lxtunnel.cern.ch
PubkeyAuthentication no
ForwardX11 yes
ControlPath ~/.ssh/controlmasters/%r@%h:%p
ControlMaster auto
ControlPersist 10m
GSSAPIAuthentication yes
GSSAPIDelegateCredentials yes
Protocol 2
ServerAliveInterval 60
ServerAliveCountMax 2
DynamicForward 8090
The key here is the Control* parts above and the DynamicForward port.
You also need to be sure that ~/.ssh/controlmasters/ exists, or create any other directory and just change the path to match what you have in your .ssh/config.
Add proxy extension:
In your browser, install the “FoxyProxy” extension. It is available for the following browsers:
Once installed, create a new profile in the extension/addon, with SOCKS5 protocol, to localhost server and the port used in DynamicForward in .ssh/config. i.e: 8090
It is advised to add a pattern as well, that uses the previous profile whenever *.cern.ch is typed into the browser.
Activate the extension by either selecting Proxy by Patterns (preferred) or directly the profile itself.
Thats it.
You start by doing ssh lxtunnel in the morning, then any page you open in your browser that is at CERN will always work as if you are at CERN.
Just remember that if your tunnel is NOT open, all links NOT in your bypass list in will fail But you can then just click on direct on the browser extension icon in your browser and it goes away.