[[Include(WikiToC)]] ==== SSH Tunneling A common need is to connect to some resource on the testbed as if it were local. SSH provides this functionality. Go to the [wiki:tutorials/ssh_tunnel Configuring SSH Tunnels tutorial] to learn how to configure these. ==== Common SSH issues ===== If you deleted the "@internal1" key from your profile As long as you have at least one public key configured in your profile, use your SSH client to connect to {{{gw.orbit-lab.org}}} and run the following commands there. You do not need to make a reservation in the scheduler for this. {{{ rm ~/.ssh/id_rsa rm ~/.ssh/id_rsa.pub ssh-keygen -t rsa -C "@internal1" }}} Press 'Enter' at every prompt so that the default filename (id_rsa) and no password is used. Then type the following command: {{{ cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys }}} The internal key should now be restored. ===== Common ssh options for nodes We'd like to do a few things for convenience: 1. log into nodes as root by default 1. allow forwarding of X11 applications 1. Suppress annoying host key warnings First, log into any console, or gw.orbit-lab.org After logging in, create or modify the file at {{{~/.ssh/config}}} Add the following to the file {{{ Host sdr?-md* sdr?-s?-lg* srv?-co* srv?-lg* node?-* node??-* User root UserKnownHostsFile /dev/null StrictHostKeyChecking no ForwardX11 yes }}} * Host: The Host line matches common naming conventions for nodes within the testbed * User: root is set to match the common default for baseline * !UserKnownHostsFile: is set to /dev/null to prevent saving new host keys for nodes * !StrictHostKeyChecking: disables the warning message. SSH complains when host keys for a dns name change. This is a useful security feature, but is inconvenient within the testbed, where the operating system on a trusted machine changes frequently. Do not set it as a wildcard default for public endpoints, or you will be vulnerable to spoofing or man in the middle attacks. * ForwardX11: allows the forwarding of graphical applications running the X11 protocol from a node back to your machine