rsnt_translations
57,772
edits
SSH tunnelling: Difference between revisions
Jump to navigation
Jump to search
no edit summary
No edit summary |
No edit summary |
||
| Line 5: | Line 5: | ||
''Parent page: [[SSH]]'' | ''Parent page: [[SSH]]'' | ||
=What is SSH | =What is SSH tunnelling?= <!--T:1--> | ||
<!--T:2--> | <!--T:2--> | ||
| Line 12: | Line 12: | ||
<!--T:3--> | <!--T:3--> | ||
In the context of Compute Canada, SSH | In the context of Compute Canada, SSH tunnelling is necessary in certain cases, | ||
because compute nodes on [[Niagara]] and [[Graham]] do not have direct access to | because compute nodes on [[Niagara]] and [[Graham]] do not have direct access to | ||
the internet, nor can the compute nodes be contacted directly from the internet. | the internet, nor can the compute nodes be contacted directly from the internet. | ||
| Line 22: | Line 22: | ||
* Running commercial software on a compute node that needs to contact a license server over the internet; | * Running commercial software on a compute node that needs to contact a license server over the internet; | ||
* Running [[Visualization|visualization software]] on a compute node that needs to be contacted by client software on a user's local computer; | * Running [[Visualization|visualization software]] on a compute node that needs to be contacted by client software on a user's local computer; | ||
* Running a [[Jupyter | Jupyter Notebook]] on a compute node that needs to be contacted by the web browser on a user's local computer | * Running a [[Jupyter | Jupyter Notebook]] on a compute node that needs to be contacted by the web browser on a user's local computer; | ||
* Connecting to the Cedar database server from somewhere other than the Cedar head node, e.g., your desktop | * Connecting to the Cedar database server from somewhere other than the Cedar head node, e.g., your desktop. | ||
<!--T:6--> | <!--T:6--> | ||
| Line 72: | Line 72: | ||
<!--T:13--> | <!--T:13--> | ||
With this information, one can now setup the SSH tunnel. For | With this information, one can now setup the SSH tunnel. For | ||
Graham, an alternative | Graham, an alternative solution is to request a firewall exception | ||
for license server LICSERVER and its specific port LICPORT. | for license server LICSERVER and its specific port LICPORT. | ||
| Line 111: | Line 111: | ||
<!--T:21--> | <!--T:21--> | ||
The following job script sets up an SSH tunnel to contact licenseserver.institution.ca at port 9999 | The following job script sets up an SSH tunnel to contact licenseserver.institution.ca at port 9999. | ||
<!--T:22--> | <!--T:22--> | ||
| Line 135: | Line 135: | ||
<!--T:32--> | <!--T:32--> | ||
There is Network Address Translation (NAT) on both Graham and Cedar allowing users to access the internet from the compute nodes. On Graham however, access is blocked by default at the firewall. Contact [[Technical support|technical support]] if you need to have a specific port opened, supplying | There is Network Address Translation (NAT) on both Graham and Cedar allowing users to access the internet from the compute nodes. On Graham however, access is blocked by default at the firewall. Contact [[Technical support|technical support]] if you need to have a specific port opened, supplying the IP address or range of addresses which should be allowed to use that port. | ||
== From Linux or MacOS X == <!--T:51--> | == From Linux or MacOS X == <!--T:51--> | ||
| Line 182: | Line 182: | ||
<!--T:44--> | <!--T:44--> | ||
Modify the URL you were given in Session 1 by replacing the host name with <code>localhost</code>. | Modify the URL you were given in Session 1 by replacing the host name with <code>localhost</code>. | ||
Again using an example from [[Jupyter#Starting_Jupyter_Notebook|Jupyter | Again using an example from [[Jupyter#Starting_Jupyter_Notebook|Jupyter Notebook]], this would be the URL to paste into a browser: | ||
<pre> | <pre> | ||
http://localhost:8888/?token=7ed7059fad64446f837567e32af8d20efa72e72476eb72ca | http://localhost:8888/?token=7ed7059fad64446f837567e32af8d20efa72e72476eb72ca | ||
| Line 190: | Line 190: | ||
<!--T:55--> | <!--T:55--> | ||
An SSH tunnel can be created from your desktop to database | An SSH tunnel can be created from your desktop to database servers PostgreSQL or MySQL using the following commands respectively: | ||
<!--T:47--> | <!--T:47--> | ||
| Line 199: | Line 199: | ||
<!--T:48--> | <!--T:48--> | ||
These commands connect your | These commands connect port number PORT on your local host to PostgreSQL or MySQL database servers respectively. The port number you choose (PORT) should not be bigger than 32768 (2^15). In this example, "someuser" is your Compute Canada username. The difference between this connection and an ordinary SSH connection is that you can now use another terminal to connect to the database server directly from your desktop. On your desktop, run one of these commands for PostgreSQL or MySQL as appropriate: | ||
<!--T:49--> | <!--T:49--> | ||
| Line 208: | Line 208: | ||
<!--T:50--> | <!--T:50--> | ||
MySQL requires a password | MySQL requires a password; it is stored in your ".my.cnf" located in your home directory on Cedar. | ||
The database connection will remain open as long as the SSH connection remains open. | The database connection will remain open as long as the SSH connection remains open. | ||
</translate> | </translate> | ||