I'm working on a project that requires me to run my code on a remote Unix server, that is not available to connect to directly (you first have to log in to the "gate" node and then to this server).
What's really bad is that they disabled key authentication, so each time I need to ssh into it, I have to type in my password twice. It's really annoying and I wonder what's the best way to transfer my local modifications of source files to this server, compile and run them without having to provide those passwords so many times.
I have no sudo access to any of those servers (neither to this "gate", nor to this target server). Any ideas on how to make the whole process more efficient?
EDIT: Martin Prikryl provided a great answer below, but it's suitable for Windows and I'm on a Mac :) I guess it might be a good thing to have it documented here also for *NIX systems.
You are looking for SSH tunneling.
WinSCP SFTP client supports one-hop SSH tunneling natively.
See the Tunnel page on WinSCP Advanced Site Settings dialog.
I assume that after you transfer the file, you need to open SSH terminal to compile the file.
You may be able to make use of WinSCP Console window for that step.
Alternatively, if you need/want to use a real SSH terminal client, make use of an existing SSH tunnel, created by WinSCP, and connect with PuTTY (or any other SSH client) over it.
In the Local tunnel port of WinSCP Tunnel page, select a fixed port number (instead of the default Autoselect). In PuTTY enter "localhost" to Host Name and the selected port in Port.
(I'm the author of WinSCP)
Related
I am fairly new to ssh and still learning it. Recently I have made a tunnel connection with an ssh host and managed to successfully transfer data/files from my machine to the server with the command: scp file.extension user#hostIP:/directory/directory.
While this was successful, I am kinda struggling to reverse it, sending data/files from the server to the client. How would one go about completing that? Do I need to make some changes to ssh_config or just CLI commands are enough?
You need to change the order:
scp user#hostIP:/directory/directory file.extension
that's accomplishing the invert operation, off course, assuming that the address is correct, the file exists and you have the necessary privileges.
I'm in a computer science program at my university (Ryerson) and I'm learning perl programming.
The way we're learning is by hosting perl scripts on our university's server and doing stuff with them.
I'm away from the university and the university's server is very strict about which IP's can use the www2 subdomain (which is the subdomain that runs perl scripts). And the IP I'm working from gets me the error:
Forbidden
You don't have permission to access /~w3dixon/cgi-bin/lab4.cgi on this server.
Apache/2.2.22 (Debian) Server at www2.scs.ryerson.ca Port 80
Here's the link, if you want to try to access the script yourself.
So I'm being blocked. Normally I'd contact the sys admin and get them to unblock me, but a working perl script is due tonight. (I also tried using a VPN, it was blocked as well).
My solution was to SSH with terminal on my mac and/or Putty on my PC into Ryerson's server and use the unix command 'lynx' to run my scripts (since they aren't blocking their own IPs).
I was having some success, until I tried to use the perl get method from an html form (I copy pasted a script from https://www.tutorialspoint.com/perl/perl_cgi.htm just to get started, to see if syntactically correct code would work properly with my lynx strategy).
So when I was working on my script using a terminal at the university (with google chrome), my scripts worked fine.
Ryerson (my university), doesn't have a remote access program set up (other than ssh), but is there a way to access my webpage through their servers on a GUI browser installed on my machine?
An SSH tunnel is most likely the most feasible and easiest way to do what you want. Set up the tunnel like this:
ssh -L8080:www2.scs.ryerson.ca:80 username#www2.scs.ryerson.ca
If the www2 server is not the host you SSH to, simply replace the second instance of it in the command with the SSH server.
I use port 8080 here, as that alleviates you from needing root privileges.
Now, on your local workstation, in your browser, browse to:
http://localhost:8080
By terminal I am able to SSH multiple times to connect to the server:
(client--->gateway--->server1---->server2---)
But now to do it through JSch library of Java, how to go about it?
First tried portforwarding, but on terminal I am not doing that (not setting -R -L parameters in ssh).
Then I came across question How to SSH to a server behind another SSH server using JSch?, but I don't understand how to create tcp tunnel!
Port-forwarding is the best way to go.
You do not do port forwarding in the terminal, as you connect to the second section manually by typing the ssh command. While you can automate that using JSch, it is not really a reliable way to try to simulate a human being. If you want to replace the first ssh (terminal) step with JSch, for the same reason you do not want to use ssh for the second step. The accepted answer in the question you link to also discourages you from trying that. While when everything goes ok, it might work. But once any problem steps in, your will have troubles dealing with it automatically. For example, you can hardly automate host key verification for the second server.
The SSH tunnel is port forwarding. But maybe the mentioned ProxySSH (which does not seem to exists anymore) did internally without opening a local port, but used the "port forwarding" channel directly by the second session. But that's a way too complicated to implement. Stick with simple port forwarding.
For a complete example, see:
JSch multiple tunnels/jumphosts
I have a problem setting up a ipython cluster on a Windows server and connecting to this ipcluster using a ssh connection. I tried following the tutorial on https://ipython.org/ipython/doc/dev/parallel/parallel_process.html#ssh, but I have problems to understand what the options mean exactly and what parameters are to use exactly...
Could anyone help a total noob to set up an ipcluster? (Let's say the remote machine has ip 192.168.0.1 and the local machine has 192.168.0.2)
If you scroll roughly to the middle of the page https://ipython.org/ipython-doc/dev/parallel/parallel_process.html#ssh you will find this:
Current limitations of the SSH mode of ipcluster are:
Untested and unsupported on Windows. Would require a working ssh on Windows. Also, we are using shell scripts to setup and execute
commands on remote hosts.
That means, there is no easy way to build an ipcluster with ssh connection on windows (if it works at all).
Do you really need to connect the machines with an ssh connection? I guess it's possible with a ssh client on each windows machine, but if you are in a trusted local network you can also decide not to use the loopback interface and just expose the ports...
Sure you can start controller and engine separately! For further examples about ports (if you have problems with firewalls) see also How to setup ssh tunnel for ipython cluster (ipcluster)
I want to create a service that will allow me to display documents and media (think PDF and JPEG) that are stored in the filesystem of a remote server to which I connect by ssh. X11 forwarding doesn't cut it because it's too slow. Instead I want to design a protocol that will copy files from the remote system on demand, then display them.
My question is twofold:
How do I acquire a port on the remote machine? Since I may have multiple connections going, I cannot simply use a single well-known port—I will have to allocate a port dynamically.
Once I have my port, how do I communicate it to the display applications on the remote machine? SSH X11 forwarding communicates by setting the DISPLAY environment variable, and agent forwarding communicates by setting the SSH_AUTH_SOCK environment variable. Perhaps I can do something creative with a remote command?
I welcome any ideas.
Do you really need a remote port? If you can ssh into the remote machine, why not run a command and send data back over the ssh command, like rsync, Mercurial, Git, and so on do. SSH can provide an 8-bit clean connection, so it's just like having a socket connection.
To be clear, what i am suggesting is:
SSH from origin to the destination
In the SSH session, run a command on the destination that writes data to its standard output
The standard output is sent over the SSH connection from destination to origin
Collect the data that emerges from the standard output of SSH on the origin machine
There is then no need to open a particular port on either the origin or the destination.
Indeed, if what you really want is "a protocol that will copy files from the remote system on demand", how about SCP, SFTP, or rsync over SSH?