From 8f7349f122ea78e8e144235cdda4fb389360a175 Mon Sep 17 00:00:00 2001
From: Timo Wilken
Date: Tue, 28 Mar 2023 19:59:00 +0200
Subject: Use lxtunnel for CERN SSH proxying

This uses fewer server resources compared with lxplus.
---
 tw/home.scm | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'tw/home.scm')

diff --git a/tw/home.scm b/tw/home.scm
index aabc6579..91be88fd 100644
--- a/tw/home.scm
+++ b/tw/home.scm
@@ -100,9 +100,12 @@ auto-expand-secmem
           (host-key-algorithms '("+ssh-rsa"))
           (accepted-key-types '("+ssh-rsa")))
         ;; CERN stuff
+        ,(openssh-host
+          (name "lxtunnel.cern.ch")
+          (proxy-command "none"))    ; avoid ProxyJump loops
         ,(openssh-host
           (name "lxplus.cern.ch")
-          (proxy-command "none")    ; avoid ProxyJump loops
+          (proxy-command "none")     ; no jump needed
           (extra-content "GSSAPIDelegateCredentials yes"))   ; needed for EOS home mount
         ,(openssh-host
           (name "aiadm.cern.ch")
@@ -138,7 +141,7 @@ auto-expand-secmem
           (user "twilken")
           (identity-file "~/.local/share/ssh-keys/cern_id_rsa")
           (proxy-command (if proxy-to-cern?
-                             "ssh -W '[%h]:%p' -l twilken lxplus.cern.ch"
+                             "ssh -W '[%h]:%p' -l twilken lxtunnel.cern.ch"
                              "none"))
           (extra-content  "\
   # Kerberos authentication
-- 
cgit v1.2.3