[Lerftest-ctrls] ssh tunnelling back to SLAC

Tue May 1 11:35:42 EDT 2018

All,

I inquired about a more direct allowance for ssh with tunneling and hit roadblocks with site policies for traffic in/out of our internal networks.  

However.. if it helps, some NFS shares are accessible from jlabl# and our lcls hosts (ex. /u/scratch/<username>).  May not save you a hop, but might prevent having to tunnel for copying files.  Let me know if this is of interest.  

Wesley

----- Original Message -----
> From: "Bruce Hill" <bhill at slac.stanford.edu>
> To: "Patrick James Pascual" <ppascual at slac.stanford.edu>, "Wesley Moore" <wmoore at jlab.org>, "lerftest-ctrls"
> <lerftest-ctrls at jlab.org>, "Sonya Hoobler" <sonya at slac.stanford.edu>, "Kristi L. Luchini" <luchini at slac.stanford.edu>,
> "Hugo Henrique Slepicka" <slepicka at slac.stanford.edu>, "Ernest L. Williams Jr." <ernesto at slac.stanford.edu>
> Sent: Tuesday, May 1, 2018 6:40:08 AM
> Subject: Re: [Lerftest-ctrls] ssh tunnelling back to SLAC

> Hi Patrick,
> 
> I was just about to give up and write back that I couldn't get this to work
> only to find that I'd mis-spelled jlabl1 in my tunnel setup. (needs 2 l's)
> 
> I fixed the tunnel and was able to clone the SLAC AFS base.git repo.
> I've built R3.15.5-1.branch for rhel6 in my work area, but had to disable
> the vxWorks and linuxRT target arches.   Tomorrow I'll get it built as a
> release.
> 
> Can you confirm that we'd each need our own tunnel ports if more than
> one of us tried to setup a tunnel?     I used port 3333 for mine.
> 
> Sonya, Kristi, Patrick, et al:
> Can you confirm if you'll need to build linuxRT ioc's on lclsapp1?
> 
> Normally you'd use cram and build on the SLAC dev network but it may
> be tricky to use cram via the ssh tunnel.   Has anyone tried that?
> 
> Cheers,
> - Bruce
> 
> 
> On 04/30/2018 03:38 PM, Pascual, Patrick James wrote:
>> I got the following to work from lclsapp1:
>>
>> ssh -fNT -L <local_port>:rhel6-64.slac.stanford.edu:22
>> <CUE_username>@jlabl1.jlab.org
>>
>> where <local_port> is not an in-use or privileged port (e.g., NOT 22).
>>
>> The above command says, "Establish an SSH tunnel in the background such that all
>> connections to localhost:<local_port> are forwarded to
>> rhel6-64.slac.stanford.edu:22 through jlabl1.jlab.org".
>>
>> Then you can do:
>>
>> git clone ssh://<SLAC_username>@localhost:<local_port>/path/to/git/repo
>>
>> This can be further streamlined by editing your .ssh/config file and adding the
>> appropriate Host/Port directives.
>>
>> Patrick J. Pascual
>> Controls Software/Systems Engineer, EED
>> Bldg 034, Rm 208A
>> 2575 Sand Hill Rd., MS50
>> Menlo Park, CA 94025
>> (650) 926-3539
>>
>> ________________________________________
>> From: Lerftest-ctrls <lerftest-ctrls-bounces at jlab.org> on behalf of Wesley Moore
>> <wmoore at jlab.org>
>> Sent: Monday, April 30, 2018 9:59:28 AM
>> To: lerftest-ctrls at jlab.org
>> Subject: [Lerftest-ctrls] ssh tunnelling back to SLAC
>>
>> Specifically asked by Bruce and Patrick:
>>
>> The JLAB equivalent of public linux hosts (like rhel6-64.slac.stanford.edu) are:
>>
>> RHEL6:
>>    jlabl1 - jlabl4
>>
>> RHEL7:
>>    jlabl5
>>
>> Using cue username/password, you should be able to tunnel from lcls* back out
>> through one of those.  I don't have an example, so please reply with one if it
>> works for you.
>>
>> Wesley
>> _______________________________________________
>> Lerftest-ctrls mailing list
>> Lerftest-ctrls at jlab.org
>> https://mailman.jlab.org/mailman/listinfo/lerftest-ctrls
>>
>> _______________________________________________
>> Mailing List: Lerftest-ctrls at jlab.org
>> List Info: https://mailman.jlab.org/mailman/listinfo/lerftest-ctrls
>> Wiki: https://wiki.jlab.org/lerf/index.php/Network
> 
> --
> Bruce Hill
> Member Technical Staff
> SLAC National Accelerator Lab
> 2575 Sand Hill Road M/S 10
> Menlo Park, CA  94025