[prev in list] [next in list] [prev in thread] [next in thread]
List: npaci-rocks-discussion
Subject: [Rocks-Discuss] Re: ssh tunnel from a rocks cluster to a computer behind another server
From: Dragseth Roy Einar <roy.dragseth () uit ! no>
Date: 2015-01-31 10:52:38
Message-ID: fbe94a98fa6f429a82805b7bbef03fda () EX11 ! ad ! uit ! no
[Download RAW message or body]
If you just want to speed up file copying from clusterA to clients on campus B you \
can set up ssh on clusterA to use serverB as a proxy with ssh's ProxyCommand. This \
will not violate the security policy on campusA(*).
Put something like this into ~/.ssh/config on clusterA
Host clientBbyproxy
ProxyCommand ssh -q username@serverB nc clientB 22
With this in place you can do ssh/scp/sftp from clusterA seemingly directly to \
clientB (by using the alias clientBbyproxy). This will not burden the VPN \
concentrator on campusA, but the serverB becomes a bottleneck if many do this at the \
same time with lots of data.
Explanation: When you run ssh clientBbyproxy, what you really do is ssh to serverB \
and run nc there to forward traffic to clientB port 22. (nc is netcat which should \
be available on any standard linux environment).
You might have to do some work to get your ssh-key management set up the right way to \
avoid having to type passwords on every connection. Do not use passwordless keys, \
ssh-agent is your friend!
(*) Do NOT attempt to bypass security measures set up by the admins on the networks \
you are allowed to access! VPNs and the likes are there for a reason, you might not \
agree with them or like them, but violating the rules will just get you into trouble.
-----Original Message-----
From: npaci-rocks-discussion-bounces@sdsc.edu \
[mailto:npaci-rocks-discussion-bounces@sdsc.edu] On Behalf Of Shahar \
Shani-Kadmiel
Sent: 28 January 2015 13:37
To: Discussion of Rocks Clusters
Subject: [Rocks-Discuss] ssh tunnel from a rocks cluster to a computer behind another \
server
Hi,
This is the situation:
I admin a rocks cluster behind a private network in campus ‘A' which requires a \
SSL-VPN connection (with a password and a key token) in order to connect to when off \
campus. I constantly run computations on the cluster which produce large data. I am \
at campus ‘B' most of the time and that is where I need my data. I find myself \
having to login via VPN and then having to ssh or ftp over to the cluster in order to \
download the data (which is constantly being updated). In campus ‘B' there is a \
server I can connect to from anywhere, specifically from the cluster in campus ‘A'. \
Once connected to the server on campus ‘B', I can ssh/ftp to any computer in campus \
‘B'.
I want to create a ssh tunnel from cluster@A via server@B to computer@B
I would like to know how to do that unless you can think of a better/easier way to \
push the data from cluster@A to computer@B.
Much appreciated,
Shahar
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic