Skip to content

GSA VPN

Jump to bottom
Preston edited this page Jul 9, 2020 · 15 revisions

The BSP environments are only accessible from the GSA VPN.

If you have GSA Furnished Equipment (GFE), we recommend using AnyConnect to access the VPN directly.

Alternatively, Citrix VDI is a virtual desktop provided by GSA. The virtual desktop is a Windows machine on the GSA VPN, allowing access to the BSP environments. The GSA Insite describes how to request access to Citrix.

Setting up SSH on the Virtual Desktop

On the Virtual Desktop, download the portable version of Putty and follow the instructions for installation.

Copy your private SSH key to the Virtual Desktop (this is the private key paired with the public key you added to GSA/datagov-deploy Ansible vault). You can upload the key to Google Drive, then download it to the Virtual Desktop. You may need to rename the file to give it an extension .txt if the download is blocked. TODO: document how to share a local drive to Virtual Desktop so upload to Google Drive is not necessary.

Then use the Putty keygen tool (PUTTYGEN) to convert your SSH key to PPK format. From the menu, select "Conversions" -> "Import key". Select your the private SSH key. You will be prompted for your SSH passphrase.

PuttyGen dialog

The key fingerprint should match the fingerprint of your private key.

$ ssh-keygen -l -E md5 -f ~/.ssh/id_rsa
2048 MD5:39:05:62:65:35:0c:1b:c5:a2:63:e1:f1:61:0a:5d:77 [email protected] (RSA)

Click "Save private key" to save the converted PPK file.

Configure Putty to connect to the jumpbox using your converted SSH key and your username. First, enter the jumpbox host under Host Name.

Putty dialog showing host name

Under "Connection" -> "Data", enter your username under auto-login username. This is the same username you added to GSA/datagov-deploy.

Putty dialog showing Connection Data settings

Under "Connection" -> "SSH" -> "Auth", browse for your private SSH key (in PPK format).

Putty dialog showing SSH auth settings

Under "Session", enter a name for the session under "Saved Sessions", e.g. Data.gov staging. Then click Save.

Putty dialog showing saved sessions

You can repeat these steps for each BSP environment (production and staging). Select a session, then click Load. Then click Open to launch the session. You will be prompted for your SSH key passphrase.

Putty dialog showing saved sessions

[Optional] Keep PuTTY sessions

Windows keeps PuTTY sessions in its registry. It is lost every time you log off the Windows virtual desktop. Here is the way to save the session data so you don't have to re-enter the data over and over.

  1. Setup your putty session with everything you want saved (production and staging).

  2. Click on Start and then type cmd to open Command Prompt window, and enter the following command to run.

   regedit /e "%USERPROFILE%\datagov-putty.reg" HKEY_CURRENT_USER\Software\Simontatham\PuTTY\Sessions

  1. Click Windows File Explorer and type %USERPROFILE% in the address bar. Or equivalently go to folder C:\Users\[your-user-name]. You will see the file datagov-putty.reg created in step 1. Move the file to your Desktop.

  2. Next time you log into the new virtual desktop session, double click the file datagov-putty.reg on your Desktop, your putty sessions will be auto imported. No more typing.

Clone this wiki locally