Changes between Version 35 and Version 36 of HowTo/LoginToNodes


Ignore:
Timestamp:
08/16/12 17:52:26 (12 years ago)
Author:
nriga@bbn.com
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • HowTo/LoginToNodes

    v35 v36  
    170170
    171171=== Logging in to host behind firewalls ===
    172 Some hosts in GENI are behind a firewall. A notable example are the ProtoGENI hosts that are located in I2 PoPs (Wide Are ProtoGENI nodes), which are accessible through Internet's 2 IP network. In most cases where nodes are behind a firewall, there is one or more machines that are accessible from the public internet that can be used as "stepping stones", to access these machines. Currently in GENI the two most common cases of nodes that are behind a firewall are:
    173    * '''Wide Area ProtoGENI hosts in Internet 2 PoPs''' : Any node in Utah can be used as
     172Some hosts in GENI are behind a firewall. In most cases where nodes are behind a firewall, there is one or more machines that are accessible from the public internet that can be used as "stepping stones" to access these machines, i.e. you should login to them first and then login to the hosts that are behind the firewall. Currently in GENI the two most common cases of nodes that are behind a firewall are:
     173   * '''Wide Area ProtoGENI hosts in Internet 2 PoPs''' : Any node in Utah can be used as a "stepping stone". If you slice doesn't have a host in Utah, then you should add a VM in Utah that you will use for this purpose.
     174   * '''Mesoscale hosts in some campuses''': If you are using nodes in [wiki:TangoGeni Mesoscale] that are behind a firewall, you can use ops.pgeni.gpolab.bbn.com as a "stepping stone". You can login to ops.pgeni.gpolab.bbn.com using the your pgeni credentials file as your private key.
     175Once you have determined with host you will use as your stepping stone (pub_host from now on)  to get to the host behind the firewall(priv_host from now on), you have several options:
     176   1. '''Recommended''' Use the `-A` ssh option to enable forwarding of the authentication agent. So try :
     177    {{{
     178ssh -A <username>@<pub_host>
     179}}}
     180      Then from <pub_host> you can ssh to the private host without the need to upload your private key to <pub_host>.
     181    {{{
     182user@<pub_host>$> ssh <username>@<priva_host>
     183}}}
     184    2. If the above option does not work then you can try using [https://help.ubuntu.com/community/SSH/OpenSSH/PortForwarding ssh port forwarding] to get to your host. The main idea is that you will forward a local port on the client to go through the connection to <pub_host> and from there to ssh to <priv_host>. If you want to do this in command line then :
     185{{{
     186
     187}}}
     188    }}}