SSH tunnels


Loïc Estève

Inria

Why should you care?

Is it supposed to be fun?

Hmmm not really …

OK then, is it supposed to be useful at least?

Definitely nice to have in its bag of tricks

Basics

ssh -N -L local_port:remote_host:remote_port user@ssh_host

More details through explainshell.com

Use case

aiglon: my desktop @ Inria

SSH tunnel command:

ssh -N -L 12345:localhost:12345 lesteve@aiglon
  • Jupyter notebook server running on my desktop and I want to use it from home (jupyter lab --port 12345 --no-browser + SSH tunnel http://localhost:12345)

Cluster use cases

ssh -N -L 12345:cluster_login_node:12345 lesteve@cluster_login_node
  • Way better if you want to make your cluster sys-admin happy: interactive job (qlogin for SGE / oarsub -I for OAR), assume your job runs on cluster_compute_node:
# on cluster_compute_node
jupyter lab --port 12345 --no-browser --ip=`hostname`
# on your local machine
ssh -N -L 12345:cluster_compute_node:12345 lesteve@cluster_login_node

Getting more fancy

https://missions.inria.fr not accessible from the outside but accessible from my desktop

HTTPS is port 443

ssh -N -L 8000:missions.inria.fr:443 lesteve@aiglon

Solution: dynamic port forwarding

ssh -D 5000 lesteve@aiglon

Set your browser proxy to SOCKS localhost:5000

I googled "HTTPS SSH tunnel" and got something working in 5 minutes

When was the last time you learned something interesting

while doing an admin task?

Summary

SSH tunnel is a useful trick

If someone knows how I can make the naive HTTPS attempt work, I am interested!