SSH Tunnel

From UFRC
Revision as of 19:09, 2 April 2024 by Moskalenko (talk | contribs) (Created page with "If you need to access a host inside HiPerGator infrastructure from your local computer whether to use a local web browser to access a service like rstudio server or jupyter no...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

If you need to access a host inside HiPerGator infrastructure from your local computer whether to use a local web browser to access a service like rstudio server or jupyter notebook or to transfer data from a local machine to storage in PUBAPPS you may need to create an SSH tunnel. Depending on the type of local system you are on there are multiple approaches and applications you may need to create a tunnel.

Linux and MacOS

Linux or MacOS systems have similar architecture in regards to ssh client use, so the configurations are similar.

Tunnel to a Port

If you need to connect to a port listening on a host within the HiPerGator infrastructure the simplest approach is to do it in a single command. For example:

ssh -N -L 8080:c12345a-s42.ufhpc:37546 albert.gator@hpg.rc.ufl.edu

The arguments above include 

-N: do not log into the machine, only create a connection
-L: bind to an address (create a tunnel)

The '8080:c12345a-s42.ufhpc:37546' part can be broken into three sections separated by the ':' colon. 

8080 - local port, which you can e.g. open in your web browser like https://localhost:8080
c12345a-s42.ufhpc - hostname of the target node
37456 - target port on the target node

The final section with 'albert.gator@hpg.rc.ufl.edu' is for connecting to the 'jump host', which the tunnel will pass through. In this example it's HiPerGator login nodes, which are the only servers you can access from outside of HiPerGator with ssh. You can see our other documentation for using, for example, SSH Keys for authentication, or enabling SSH Multiplexing to simplify making many connections during a period of time without having to go through Duo authentication every time you connect.

Tunnel to a Host

In situations when you need to log in or transfer data (scp or rsync) to a host within the HiPerGator infrastructure it may be helpful to create ssh configuration on your local computer that would simplify the process to a single target host address. The configuration is created in ~/.ssh/config file on your local computer. Here is an example for ssh or data transfer into pubweb 

 Host hpg
   User YOUR_USERNAME_ON_HPG
   HostName hpg.rc.ufl.edu
   Port 2222
   ControlPath ~/.ssh/cm-%r@%l-%h:%p
   ControlMaster auto
   ControlPersist 12h
   KeepAlive yes

 Host pubweb
   User PUBAPPS_PROJECT_USER
   HostName pubweb.ufhpc
   ProxyJump hpg

Note that the above 'hpg' configuration includes a few advanced features from the linked documents e.g. using ssh keys, ssh multiplexing. The simplest configuration would only have the 'User' and the 'HostName' entries 

 Host hpg
   User YOUR_USERNAME_ON_HPG
   HostName hpg.rc.ufl.edu

Once you have the above configuration you could, for example transfer data from your local or attached storage with rsync like 'rsync -a directory_with_data pubweb:'. See rsync and scp documentation for more details.

Retrieved from "https://help.rc.ufl.edu/mediawiki/index.php?title=SSH_Tunnel&oldid=28457"