SSH tunnelling: Difference between revisions
No edit summary |
No edit summary |
||
| Line 1: | Line 1: | ||
{{Draft}} | {{Draft}} | ||
SSH tunnelling is a method which in the context of Compute Canada allows a user's computer to connect to a compute node on a cluster through an encrypted tunnel that is routed via the login node of this cluster. This technique allows graphical output of applications like a [[Jupyter | Jupyter notebook]] or [[Visualization|visualization software]] to be displayed transparently on the user's local workstation even while they are running on a compute node of a cluster. | SSH tunnelling is a method which in the context of Compute Canada allows a user's computer to connect to a compute node on a cluster through an encrypted tunnel that is routed via the login node of this cluster. This technique allows graphical output of applications like a [[Jupyter | Jupyter notebook]] or [[Visualization|visualization software]] to be displayed transparently on the user's local workstation even while they are running on a compute node of a cluster. | ||
== Example for a job == | |||
<pre> | |||
# License | |||
export LM_PROJECT= | |||
export CDLMD_LICENSE_FILE=1999@localhost | |||
# Start the SSH tunnel | |||
ssh -n -N -L 1999:flex.cd-adapco.com:1999 gra-login1 & | |||
SSH1=$! | |||
ssh -n -N -L 2099:flex.cd-adapco.com:2099 gra-login1 & | |||
SSH2=$! | |||
# Launch the code | |||
<whatever> | |||
# Stop the SSH tunnel | |||
kill -9 $SSH1 | |||
kill -9 $SSH2 | |||
</pre> | |||
== From Linux or MacOS X == | == From Linux or MacOS X == | ||
Revision as of 16:30, 15 January 2018
This is not a complete article: This is a draft, a work in progress that is intended to be published into an article, which may or may not be ready for inclusion in the main wiki. It should not necessarily be considered factual or authoritative.
SSH tunnelling is a method which in the context of Compute Canada allows a user's computer to connect to a compute node on a cluster through an encrypted tunnel that is routed via the login node of this cluster. This technique allows graphical output of applications like a Jupyter notebook or visualization software to be displayed transparently on the user's local workstation even while they are running on a compute node of a cluster.
Example for a job
# License export LM_PROJECT= export CDLMD_LICENSE_FILE=1999@localhost # Start the SSH tunnel ssh -n -N -L 1999:flex.cd-adapco.com:1999 gra-login1 & SSH1=$! ssh -n -N -L 2099:flex.cd-adapco.com:2099 gra-login1 & SSH2=$! # Launch the code <whatever> # Stop the SSH tunnel kill -9 $SSH1 kill -9 $SSH2
From Linux or MacOS X
On a Linux or MacOS X system, we recommend using the sshuttle Python package.
On your computer, open a new terminal window and run the following sshuttle command to create the tunnel.
[name@my_computer $] sshuttle --dns -Nr userid@machine_name
Then, copy and paste the provided URL into your browser. In the above example, this would be
http://cdr544.int.cedar.computecanada.ca:8888/?token=7ed7059fad64446f837567e32af8d20efa72e72476eb72ca
From Windows
An SSH tunnel can be created from Windows using MobaXTerm as follows.
Open two sessions in MobaXTerm.
- Session 1 should be a connection to a cluster. Follow the instructions in section Starting Jupyter Notebook.
- Session 2 should be a local terminal in which we will set up the SSH tunnel. Run the following command, substituting the node name from the URL you received in Session 1. Follow the instructions in section Starting Jupyter Notebook.
[name@my_computer ]$ ssh -L 8888:cdr544.int.cedar.computecanada.ca:8888 someuser@cedar.computecanada.ca
This command performs local port forwarding (-L). It forwards local port 8888 to cdr544.int.cedar.computecanada.ca:8888, which is the host name given when Jupyter Notebook was started.
Open your browser and go to
http://localhost:8888/?token=7ed7059fad64446f837567e32af8d20efa72e72476eb72ca
Replace the token in this example with the one given to you in Session 1. You can also type http://localhost:8888 and there will be a prompt asking you for the token, which you can then copy and paste.