Skip to main content

Connecting to VMs More Easily and through Trinity's Network

If you have tried to connect to any of the VMs from Trinity's network you might have noticed that you're not able to, this is because Trinity blocks SSH on non-standard (i.e., other than 22) ports, which we reserve for the host system.

For the moment the host system is using Port 22 although in the near future we will be setting up a simple jailed jump host on port 22 which you can use. For the moment you can request temporary access to Proxmox from which you can SSH into the internal network.

Connecting to VMs from Proxmox

Admins can connect to VMs by first connecting to Proxmox:

ssh [username]@srv.abair.ie

From which you can SSH further into the network using Internal IPs rather than the external IP, be sure to include the port of the machine as well. Below is an example of connecting to Services from Proxmox (or any other VM)

ssh [username]@10.0.0.1 -p 22100

~/.ssh/config

A much nicer method of connecting to the network through the use of ~/.ssh/config

~/.ssh/config is a configuration file used by the OpenSSH client (i.e., the ssh command.) We can use this to configure SSH to automatically proxy our SSH sessions via Proxmox (or a jump box)

Here is an example of what each entry in the config file should look like.

Host webserver
    HostName 10.0.0.1
    User errityr
    IdentityFile ~/.ssh/id_ed25519
    Port 22100
    ProxyJump proxmox

This allows us to connect to any VM from any network (that allows SSH on port 22, such as my home internet/Trinitiy's) by simply writing

ssh [Host]

Where Host is one of the strings following the Host directive (I'm using the servers' respective hostnames.) I don't have to specify username, or port as they're preconfigured in my SSH config, and all SSH is automatically routed through Proxmox for cases where you can't connect directly to an individual VM.

Eventually this approach will be essentially mandatory, as we will be disabling external SSH access to the VPNs once we have a jump box setup.

In order to use the above configuration you will need to swap out the username for your own and ensure you have access to Proxmox.