Network gateway to protected filesystems

Permanent Link:

Overview

There are two reasons to use this service:

1. The institute uses two highly sophisticated network file sharing protocols which require a lot of configuration on the client side. Integrating an outside computer--i.g. a laptop--would require significant changes to its configuration. To avoid that, a gateway service is available which enables access to AFS (/afs/...) and StorageUnified (/data/...) via SFTP--a secure file sharing protocol spoken by easily installable software.
2. A computer has some problem accessing these file systems. Currently the only known examples are a software bug in macOS' SMB client component which causes access to directories and files to fail which a user actually has access to If you need to access AFS files from CentralWindows you also need this gateway.

Usage Instructions

1. Get a software package that can connect to SFTP servers.
   • The program FileZilla (Downloadable here) can be used for that. It's available for Linux, Windows and macOSX . Have a look at FileGatewayUser for a short howto.
2. Connect using these parameters:
   • Name of the server: filegateway.cbs.mpg.de
   • Protocol: sftp
   • Username: Your login name (just the name part without cbs.mpg.de)
   • Password: Your institute password
   • For verification, you should check the server's identity's fingerprint. It should match one of these:
     • SHA256:/S1eYkDjDeAylR8c/yyziQb3uBwOSEW5WTcXZRQE/Rc.

     • +--[ED25519 256]--+
       |        ++.. .=*=|
       |       +o.+.o .E |
       |      o o=+o.o  o|
       |       +o+.+ o  o|
       |      . S = + o .|
       |     . . o * *   |
       |      . . = O o  |
       |         = = +   |
       |          + .    |
       +----[SHA256]-----+
       

Advanced information:

• Sometimes it's possible to use a URL: sftp://[Your_loginname]@filegateway.cbs.mpg.de
• Port: 22 (This is the default port. You should not have to enter it somewhere.)
• SSH-authentication method is: password
  • keyboard-interactive is explicitly not supported.
  • gssapi-keyx and gssapi-with-mic is available as well. However, you'll have to have a working Kerberos infrastructure on your client for it which is unlikely if you require the FileGatewayUser service.

Filezilla howto

Filezilla is a client software for the SFTP protocol, you need to use to access the gateway. Just fill in the text fields marked in the screenshot and hit "Quickconnect" to establish a connection. Make sure, not to forget your username in the "Username" field.