[prev in list] [next in list] [prev in thread] [next in thread] 

List:       npaci-rocks-discussion
Subject:    [Rocks-Discuss] Re: ssh tunnel from a rocks cluster to a computer	behind another server
From:       Dragseth Roy Einar <roy.dragseth () uit ! no>
Date:       2015-01-31 10:52:38
Message-ID: fbe94a98fa6f429a82805b7bbef03fda () EX11 ! ad ! uit ! no
[Download RAW message or body]

If you just want to speed up file copying from clusterA to clients on campus B you \
can set up ssh on clusterA to use serverB as a proxy with ssh's ProxyCommand.   This \
will not violate the security policy on campusA(*).

Put something like this into ~/.ssh/config on clusterA

Host clientBbyproxy
      ProxyCommand ssh -q username@serverB nc clientB 22

With this in place you can do ssh/scp/sftp from clusterA seemingly directly to \
clientB (by using the alias clientBbyproxy).  This will not burden the VPN \
concentrator on campusA, but the serverB becomes a bottleneck if many do this at the \
same time with lots of data.

Explanation:  When you run ssh clientBbyproxy, what you really do is ssh to serverB \
and run nc there to forward traffic to clientB port 22.  (nc is netcat which should \
be available on any standard linux environment). 

You might have to do some work to get your ssh-key management set up the right way to \
avoid having to type passwords on every connection.  Do not use passwordless keys, \
ssh-agent is your friend!

(*)  Do NOT attempt to bypass security measures set up by the admins on the networks \
you are allowed to access!  VPNs and the likes are there for a reason, you might not \
agree with them or like them, but violating the rules will just get you into trouble.

-----Original Message-----
From: npaci-rocks-discussion-bounces@sdsc.edu \
                [mailto:npaci-rocks-discussion-bounces@sdsc.edu] On Behalf Of Shahar \
                Shani-Kadmiel
Sent: 28 January 2015 13:37
To: Discussion of Rocks Clusters
Subject: [Rocks-Discuss] ssh tunnel from a rocks cluster to a computer behind another \
server

Hi,
This is the situation:
I admin a rocks cluster behind a private network in campus ‘A' which requires a \
SSL-VPN connection (with a password and a key token) in order to connect to when off \
campus. I constantly run computations on the cluster which produce large data. I am \
at campus ‘B' most of the time and that is where I need my data. I find myself \
having to login via VPN and then having to ssh or ftp over to the cluster in order to \
download the data (which is constantly being updated). In campus ‘B' there is a \
server I can connect to from anywhere, specifically from the cluster in campus ‘A'. \
Once connected to the server on campus ‘B', I can ssh/ftp to any computer in campus \
‘B'.

I want to create a ssh tunnel from cluster@A via server@B to computer@B

I would like to know how to do that unless you can think of a better/easier way to \
push the data from cluster@A to computer@B.

Much appreciated,
Shahar


[prev in list] [next in list] [prev in thread] [next in thread]