{"id":20687513,"url":"https://github.com/mrakitin/putty-config","last_synced_at":"2026-02-18T23:01:40.586Z","repository":{"id":88973886,"uuid":"250401630","full_name":"mrakitin/putty-config","owner":"mrakitin","description":"PuTTY configuration with multiple-hop proxies and port forwarding","archived":false,"fork":false,"pushed_at":"2020-03-27T01:58:42.000Z","size":1104,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-10-19T11:59:05.590Z","etag":null,"topics":["docs","putty"],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-3-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mrakitin.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-03-27T00:14:00.000Z","updated_at":"2020-03-27T01:58:45.000Z","dependencies_parsed_at":"2023-06-13T09:30:41.414Z","dependency_job_id":null,"html_url":"https://github.com/mrakitin/putty-config","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/mrakitin/putty-config","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mrakitin%2Fputty-config","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mrakitin%2Fputty-config/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mrakitin%2Fputty-config/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mrakitin%2Fputty-config/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mrakitin","download_url":"https://codeload.github.com/mrakitin/putty-config/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mrakitin%2Fputty-config/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29597853,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-18T22:25:43.180Z","status":"ssl_error","status_checked_at":"2026-02-18T22:25:42.766Z","response_time":162,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["docs","putty"],"created_at":"2024-11-16T22:57:33.031Z","updated_at":"2026-02-18T23:01:40.570Z","avatar_url":"https://github.com/mrakitin.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# PuTTY configuration with multiple-hop proxies and port forwarding\n\nHere are PuTTY configuration steps to allow connections to the NSLS-II machines on the experimental floor, which are behind 2 firewalls: BNL's VPN and the NSLS-II controls gateway. This will require setting up multiple-hop proxies and port forwarding via a tunnel to allow access to internal systems, e.g. Jupyter instances.\n\n## Generate a public/private key pair\n\nThis step is needed to allow password-less access of the machines. The steps can be found in https://www.ssh.com/ssh/putty/windows/puttygen. Follow BNL cybersecurity requirements, i.e. use a password to protect your private/public key pair. See https://www.bnl.gov/itd/unix/ssh/ for more details. Add the contents of your public key to each machine's `~/.ssh/authorized_keys` file.\n\n*Note*: Use `Pagent` program to keep your keys \"active\", so that you don't have to enter the key protection password every time you connect.\n\n## Proxies set up\n\n### First hop: BNL ssh gateway\n\nCreate a new session to connect to `ssh.bnl.gov`:\n\n![bnl-session](images/bnl-session.png)\n\n**The following 2 steps are needed for all connections explained below.**\n\nIn the \"Connection\" -\u003e \"Data\" menu enter your username:\n\n![bnl-connection-data](images/bnl-connection-data.png)\n\nEnter the path to the private (`.ppk`) key file, generated on the first step:\n\n![bnl-connection-ssh-auth](images/bnl-connection-ssh-auth.png)\n\n\n### Second hop: NSLS-II ssh gateway\n\nCreate a new session (by copying the existing one):\n\n![nsls2-session](images/nsls2-session.png)\n\nConfigure proxy parameters to use the previously defined BNL ssh gateway (`ssh.bnl.gov`) as a proxy:\n\n![nsls2-connection-proxy](images/nsls2-connection-proxy.png)\n\nThe following command is entered into the \"local proxy command\" field:\n```\nplink.exe %user@%proxyhost -P %proxyport -nc %host:%port\n```\nSee https://stackoverflow.com/questions/28926612/putty-configuration-equivalent-to-openssh-proxycommand for details.\n\n\n### Workstation on the NSLS-II experimental floor\n\nCreate a new session (by copying the existing one):\n\n![ws-session](images/ws-session.png)\n\nOptionally configure the X11-forwarding:\n\n![ws-connection-ssh-x11](images/ws-connection-ssh-x11.png)\n\nThis requires installation and starting of https://sourceforge.net/projects/vcxsrv on the Windows machine.\n\nConfigure proxy parameters to use the previously defined NSLS-II ssh gateway (`ssh.nsls2.bnl.gov`) as a proxy:\n\n![ws-connection-proxy](images/ws-connection-proxy.png)\n\n\n## Tunneling ports\n\nIf you want to forward some specific ports from the remote workstation, the following configuration will do the trick:\n\n![ws-connection-ssh-tunnels](images/ws-connection-ssh-tunnels.png)\n\nSee a more thorough explanation here: https://blog.devolutions.net/2017/04/how-to-configure-an-ssh-tunnel-on-putty.\n\n\n## Summary:\n\nNow you should be able to connect to `xf07id1-ws19` (a machine on the experimental floor) without a password \"jumping\" through the 2 proxies defined above, and have access to the forwarded port `8890`. In the example above, the port `8890` of a Jupyter server running on `xf07id1-ws19`, will be forwarded to the same local port on the Windows machine, so the Jupyter interface can be accessed on that machine via http://localhost:8890:\n\n![browser](images/browser.png)\n\nEnjoy!\n\n----\n\n## Other goodies:\n\nA free/time-limited/unactivated MS Windows VirtualBox image can be used for testing purposes: https://developer.microsoft.com/en-us/microsoft-edge/tools/vms.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmrakitin%2Fputty-config","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmrakitin%2Fputty-config","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmrakitin%2Fputty-config/lists"}