SSH tunnelling: Difference between revisions

SSH tunnelling (view source)

Revision as of 18:43, 26 April 2018

66 bytes added , 6 years ago

→‎Contacting a license server from a compute node

Rdickson

Bureaucrats, cc_docs_admin, cc_staff

2,879

edits

@@ Line 25: / Line 25: @@
 = Contacting a license server from a compute node =
-With SSH tunneling, a port on the compute node where a job is running
-can forward all requests to the approriate port on the license server
-by using a gateway server with internet access.  Ports, in this
-context, are numbers which distinguish different kinds of
-communications.  Because SSH tunneling involves specific ports, it is
-also called 'port forwarding'.  In most cases, getting SSH tunneling
-to work in batch jobs requires just two or three extra commands in
-your job script.
 {{Panel
@@ Line 39: / Line 30: @@
 |panelstyle=SideCallout
 |content=
-A port is a number used to distinguish different streams of communication from one another. You can think of it as loosely analogous to a radio frequency or a channel. Many port numbers are reserved, by rule or by convention, for certain types of traffic. See [https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers List of TCP and UDP port numbers] for more.
+A port is a number used to distinguish different streams of communication
+from one another. You can think of it as loosely analogous to a radio frequency
+or a channel. Many port numbers are reserved, by rule or by convention, for
+certain types of traffic. See
+[https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers List of TCP and UDP port numbers] for more.
 }}
-To know how to setup up SSH tunneling, the following bits of
+Certain commercially-licensed programs must connect to a license server machine
-information are required:
+somewhere on the internet via a predetermined port. If the compute node where
+the program is running has no access to the internet, then a ''gateway server''
+which does have access must be used to forward communications, on that port,
+from the compute node to the license server. To enable this one must set up
+an ''SSH tunnel''. Such an arrangement is also called ''port forwarding''.
+In most cases, creating an SSH tunnel in a batch job requires just two or
+three commands in your job script. You will need the following information:
 # The IP address, or the name, of the license server. Let's call this LICSERVER.
 # The port number of the license service. Let's call this LICPORT.
-The maintainers of the license server will have this information.
+You should obtain this information from whoever maintains the license server.
-That server should allow connections from the login nodes; for
+That server also must allow connections from the login nodes; for
 Niagara, outgoing IP addresses will range from 142.150.188.71 to
 .150.188.77.
-With this information, one can now setup the SSH tunneling.  For
+With this information, one can now setup the SSH tunnel.  For
 Graham, an alternative resolution is to request a firewall exception
 for the license server LICSERVER and its specific port LICPORT.