wiki:UserGuide/RemoteAccess/SshTunnel

Site Navigation

  1. COSMOS Testbed Overview
    1. Concepts
    1. Testbed Workflow
    1. Availability and Resource Status
    1. Events and Conferences
  6. Getting Started
    1. Make an Account
    2. Create and Configure SSH Keys
    3. Make a Reservation
    4. Log in to your Reservation
    5. Control Resources with OMF
    6. Run a Hello World Experiment
    7. Get Help and Support
  7. COSMOS/ORBIT User Guide
    1. The COSMOS Portal
    2. Connecting to the Testbed
    3. Running Experiments
    4. Policies and Support
    5. Quick Links
    1. Policies
    1. Account Creation
    1. Camera Streaming
    1. Scheduling and Reservations
    1. Disk Images
    1. Frequently Asked Questions
    1. Resource Control with OMF
  15. COSMOS Portal
    1. Your First Visit
    2. Setting Up Your Account
    3. Reserving Testbed Time
    4. Monitoring Your Experiment
    5. Connecting via SSH
    6. Managing Disk Images
    7. Joining the Community
    8. Browsing Users and Groups
    9. Tips
  16. Account Management
    1. Edit Profile
    2. Change Password
    3. SSH Keys
  17. Portal Dashboard
    1. Profile Card
    2. Usage Statistics
    3. Community Forum
  18. Directory
    1. Users
    2. Groups
    3. Privacy Note
  19. Disk Images
    1. Browsing Images
    2. Image Details
    3. Searching and Sorting
    4. Managing Your Images
    5. Baseline Images
    6. Saving Custom Images
    7. Storage and Retention
  20. Community Forum
    1. Accessing the Forum
    2. Forum Categories
    3. How to Use the Forum
    4. Forum Etiquette
    5. Privacy and Access
  21. Getting Started with the COSMOS Portal
    1. Creating an Account
    2. Logging In
    3. What to Do After Logging In
  22. SSH Access to Testbed Nodes
    1. Access Model
    2. Console Servers
    3. Basic Connection
    4. SSH Config File
    5. SSH Tunneling
    6. File Transfer
    7. Troubleshooting
  23. Scheduler
    1. Calendar View
    2. Reservation Colors
    3. Creating a Reservation
    4. Competing for a Slot
    5. Modifying or Canceling Reservations
    6. My Reservations
    7. Resource Information
  24. Testbed Status
    1. Node Status Grid
    2. RF Matrix Control (SB4)
    3. Understanding Node States During Experiments
    1. Remote Access
    1. Chrome Remote Desktop Setup Page
  27. Installing Chrome Remote Desktop (CRD) on a Custom Image
    1. Measurement & Result Collection
    1. Storage
    1. Support
    1. Contributing to the Wiki
  32. Tutorials
    1. SDR and Wireless
    2. Wireless Digital Twins
    3. Optical Networking
    4. Wired Networking
    5. Edge Computing
    6. 4G/5G Systems
    7. Orchestration Platforms
  33. Architecture
    1. Data Flow
    1. Deployment Map
    1. Domains
    1. Naming Convention
    1. Networks
    1. Optical
  40. Resources, Services and APIs
    1. RF Control
    2. SDR Control
    3. Compute Control
    4. Network Control
    5. Optical Control
  41. Datasets
  42. Hardware Info
    1. Cameras
    1. Compute
    1. FR3 SDRs
    1. Network
    1. Nodes
    1. Optical
    1. RF Subsystems
    1. Antennas
    1. Full-Duplex Radio
    1. RF Front End
    1. Software Defined Radios (SDR)
  54. RF Policies & Compliance
    1. Outdoor Radio Frequency Allocation
    2. Program Experiment License
    3. Spectrum Monitoring
    4. Emergency Stop Procedures
    5. Network and Platform Security

Configuring SSH Tunnels

A common need is to connect to some resource on the testbed as if it were local. SSH provides this functionality.

Select the OS of your computer

Linux & MacOS

Here, we define the following arguments:

  • localuser: your username on your local machine
  • localmachine: the computer that you're sitting at
  • localport: a port on your local machine, accessed via localhost:localport
  • testbeduser: your COSMOS username
  • remotename: the resource you wish to connect to, for example, srv1-lg1.sb1.cosmos-lab.org
  • consolename: the dns name of the COSMOS console you're using

The following command will allow you to access remotename:remoteport by instead accessing localmachine:localport.

This access is tunneled through the console, consolename.cosmos-lab.org, via a ssh session running under your user account, testbeduser. 

localuser@localmachine:~$ ssh testbeduser@consolename.cosmos-lab.org \
-L localport:remotename:remoteport

Here's an example, tunneling two ports to two different machines. The "-N" flag only forwards the ports, without opening a remote shell. 

localuser@localmachine:~$ ssh testbeduser@sb1.cosmos-lab.org -N \
-L 9980:srv1-lg1:80 \
-L 9981:srv2-lg1:80

To make permanent:

On Linux or Mac, via the terminal, make or edit a file at ~/.ssh/config by default.

Make an entry like the following, replacing the specifics as needed 

Host console.sb1.cosmos-lab.org
  LocalForward 9001 srv1-lg1.sb1.cosmos-lab.org:80

Now, when you ssh to console.sb1.cosmos-lab.org, traffic that you send to localhost port 9001, will be proxied and sent to srv1-lg1.sb1.cosmos-lab.org port 80. We commonly use this to access webUIs and similar things running on a node.

Most SSH clients for other platforms have similar functionality. The important thing is to remember that the left side is your local port, and the right side is something that $HOST can talk to.

To forward an additional port, or the same port on another device, add more lines. 

LocalForward 9002 srv1-lg1.sb1.cosmos-lab.org:443
LocalForward 9003 srv1-lg1.sb1.cosmos-lab.org:80
LocalForward 9004 srv3-lg1.sb1.cosmos-lab.org:9090

Just ensure that the ports on the left don't conflict.


Windows

These instructions assume that you are using PuTTY as your SSH client and have configured your SSH session according to the SSH Tutorial instructions.

Configuring PuTTY SSH Tunneling
  1. Configure your session login information (or load it from a saved config) first.
  1. Navigate through the left side menu tree to "Connection" → "SSH" → "Auth".
  1. Enter the local port you want to forward in the "Source port" field and the remote resource name (or IP address) along with the remote port in the "Destination" field (Note the colon ':' between the two). Avoid using a local port that may conflict with locally running services. In this example, the local port 50000 is forwarded to port 22 on node1-1.
  1. Click "Add" to add the tunnel to the session.
  1. Repeat steps 2-3 for as many ports as you need to forward. Remember that each local port you use can only map to a single remote resource/port destination.
  1. If you click "Open", your session will start with the configured ports tunneled, but when you close the session you will have to configure the ports again. If you go back to the "Session" screen and save the settings, the port tunneling configuration will be saved for future use.

Last modified 6 years ago Last modified on Aug 21, 2020, 12:03:27 AM

Attachments (4)

Download all attachments as: .zip

Note: See TracWiki for help on using the wiki.