Use lxtunnel for CERN SSH proxying

This uses fewer server resources compared with lxplus.
author: Timo Wilken 2023-03-28 19:59:00 +0200
committer: Timo Wilken 2023-03-28 19:59:00 +0200
commit: 8f7349f122ea78e8e144235cdda4fb389360a175 (patch)
tree: 0c99d829059db4a74eeb6c40ceb962d0ce473300 /tw/home.scm
parent: 280c6b8e0e72fa476bd26f4fd91768d61a79c4b1 (diff)
1 files changed, 5 insertions, 2 deletions
diff --git a/tw/home.scm b/tw/home.scm
index aabc6579..91be88fd 100644
--- a/tw/home.scm
+++ b/tw/home.scm
@@ -101,8 +101,11 @@ auto-expand-secmem
           (accepted-key-types '("+ssh-rsa")))
         ;; CERN stuff
         ,(openssh-host
+          (name "lxtunnel.cern.ch")
+          (proxy-command "none"))    ; avoid ProxyJump loops
+        ,(openssh-host
           (name "lxplus.cern.ch")
-          (proxy-command "none")    ; avoid ProxyJump loops
+          (proxy-command "none")     ; no jump needed
           (extra-content "GSSAPIDelegateCredentials yes"))   ; needed for EOS home mount
         ,(openssh-host
           (name "aiadm.cern.ch")
@@ -138,7 +141,7 @@ auto-expand-secmem
           (user "twilken")
           (identity-file "~/.local/share/ssh-keys/cern_id_rsa")
           (proxy-command (if proxy-to-cern?
-                             "ssh -W '[%h]:%p' -l twilken lxplus.cern.ch"
+                             "ssh -W '[%h]:%p' -l twilken lxtunnel.cern.ch"
                              "none"))
           (extra-content  "\
   # Kerberos authentication
author	Timo Wilken	2023-03-28 19:59:00 +0200
committer	Timo Wilken	2023-03-28 19:59:00 +0200
commit	8f7349f122ea78e8e144235cdda4fb389360a175 (patch)
tree	0c99d829059db4a74eeb6c40ceb962d0ce473300 /tw/home.scm
parent	280c6b8e0e72fa476bd26f4fd91768d61a79c4b1 (diff)