SshTunneling

SSH Port Forwarding Configuration

Most of the test systems are not exposed to the public interent directly and reside in a private network space. So one can't directly connect to these systems using a public hostname or IP address. One of the way to connect with such systems is using SSH Port Forwarding (a.k.a. SSH tunneling). In this technique a port on the local system is 'SSH tunneled' to a port on the remote system behind firewall using a public facing SSH server. Following is an example on how to connect to a test system behind firewall using Cheaha as an SSH server.

• First set up an SSH-tunnel using ssh command as shown below.

 # General syntax 
 $ ssh -L <local-port>:<remote-system-IP-or-Hostname>:<remote-system-port> blazerid@cheaha.uabgrid.uab.edu 

• Now you can connect to the <remote-system-IP-or-Hostname> using your local system's port number. For example, if you want to ssh to <remote-system-IP-or-Hostname> then type following ssh command.

 $ ssh blazerid@localhost -p <local-port>

Another way to set this up is using ssh configuration file rather than specifying these option on command-line. Following example shows '.ssh/config' file example where Cheaha head node is used as SSH server gateway and <remote-system-IP-or-Hostname> is a system behind firewall.

 # 'rnet' gateway - happens to be cheaha head node
 Host rnet
     User pavgi
     hostname cheaha.uabgrid.uab.edu
     # Port forwarding <remote-system-IP-or-Hostname>
     LocalForward localhost:<local-port> <remote-system-IP-or-Hostname>:22
 
 Host <remote-system-Hostname>
     User pavgi
     hostname localhost
     Port <local-port>

Now you need to connect with the 'rnet' gateway first and then connect to the <remote-system-IP-or-Hostname> system.

• Connect to Cheaha to setup SSH tunneling

 $ ssh blazerid@rnet 

• Connect to the <remote-system-IP-or-Hostname>

 $ ssh blazerid@<remote-system-Hostname>