SSH tunnelling: Difference between revisions

Jump to navigation Jump to search

SSH tunnelling (view source)

Revision as of 17:25, 23 October 2018

335 bytes removed ,  6 years ago
"Example for a job" was not relevant to the section it was in, and redundant with the earlier example. Removed.
(link to SSH Keys page)
("Example for a job" was not relevant to the section it was in, and redundant with the earlier example. Removed.)
Line 31: Line 31:
consider these two situations below.
consider these two situations below.


In order to use SSH tunnelling, you should be familiar with [[SSH Keys|SSH key pairs]].
While not strictly required to use SSH tunnelling, you may wish to be familiar with [[SSH Keys|SSH key pairs]].


= Contacting a license server from a compute node = <!--T:7-->
= Contacting a license server from a compute node = <!--T:7-->
Line 131: Line 131:
<!--T:26-->
<!--T:26-->
SSH tunnelling can also be used in the context of Compute Canada to allow a user's computer to connect to a compute node on a cluster through an encrypted tunnel that is routed via the login node of this cluster. This technique allows graphical output of applications like a [[Jupyter | Jupyter Notebook]] or [[Visualization|visualization software]] to be displayed transparently on the user's local workstation even while they are running on a cluster's compute node. When connecting to a database server where the connection is only possible through the head node, SSH tunnelling can be used to bind an external port to the database server.
SSH tunnelling can also be used in the context of Compute Canada to allow a user's computer to connect to a compute node on a cluster through an encrypted tunnel that is routed via the login node of this cluster. This technique allows graphical output of applications like a [[Jupyter | Jupyter Notebook]] or [[Visualization|visualization software]] to be displayed transparently on the user's local workstation even while they are running on a cluster's compute node. When connecting to a database server where the connection is only possible through the head node, SSH tunnelling can be used to bind an external port to the database server.
== Example for a job == <!--T:27-->
<pre>
# License
export LM_PROJECT=
export CDLMD_LICENSE_FILE=1999@localhost
<!--T:28-->
# Start the SSH tunnel
ssh -n -N -L 1999:flex.cd-adapco.com:1999 gra-login1 &
SSH1=$!
ssh -n -N -L 2099:flex.cd-adapco.com:2099 gra-login1 &
SSH2=$!
<!--T:29-->
# Launch the code
<whatever>
<!--T:30-->
# Stop the SSH tunnel
kill -9 $SSH1
kill -9 $SSH2
</pre>


<!--T:32-->
<!--T:32-->
There is NAT on both Graham and Cedar allowing users to access the internet from the compute nodes. On Graham however, access is blocked by default at the firewall. Contact [[Technical support|technical support]] if you need to have a specific port opened, supplying also the IP address or range of addresses which should be allowed to use that port.
There is Network Address Translation (NAT) on both Graham and Cedar allowing users to access the internet from the compute nodes. On Graham however, access is blocked by default at the firewall. Contact [[Technical support|technical support]] if you need to have a specific port opened, supplying also the IP address or range of addresses which should be allowed to use that port.


== From Linux or MacOS X == <!--T:51-->
== From Linux or MacOS X == <!--T:51-->


<!--T:52-->
<!--T:52-->
Rdickson
Bureaucrats, cc_docs_admin, cc_staff
2,879

edits

Retrieved from "https://docs.alliancecan.ca/wiki/Special:MobileDiff/58990"

Navigation menu