ssh tunneling on windows
Introduction
To open an ssh tunnel from a windows machine to the front-end nodes via
the BNL QCDOC ssh gateways (ssh.qcdoc.bnl.gov or ssh.qcdoc.bnl.local
within BNL) you need to create an outgoing and an incoming tunnel.
These instructions describe how to do this using a winSSH client.
Creating a tunnel
From your main ssh window click Quick Connect:
Enter the Host Name and User Name in the pop-up window
(the Port Number should be 22). The Host Name is the gateway machine. If you are connecting to BNL use
ssh.qcdoc.bnl.gov. For JLab use login.jlab.org. Then click
Connect.
You will be prompted for password and once you get connected you will be
asked (on another pop-up) to enter a profile name, kind of a
shortcut for the connection. Choose a profile name, like bnl-tunnel or
jlab-tunnel and click OK.
Having logged into the gateway host go back to the main ssh window, click
Profiles and
Edit Profiles ... on the pull down menu:
On the pop-up window, first check "Request tunnels only (disable
terminal)" and click on Tunneling. Click the
Add.. button to add an
outgoing tunnel:
or, for JLab:
The Display Name could be anything of your choice. The Destination
Host is the front-end node. The Listen Port is a port greater than
1024. You must use the same Port for both the Outgoing and the Incoming
tunnels. Click OK when done to create the outgoing tunnel.
You then need to create an Incoming tunnel. Click on Incoming and then
Add... to add an incoming tunnel:
or for JLab:
The Display Name is a name of your choice. Listen Port must be the same
Port you used on the Outgoing tunnel. The Destination Host is the gateway
host. Click OK when done to create the incoming tunnel.
Click OK at the bottom right
of the profiles window to save the changes.
Having saved the changes, close the existing connection and restart by
selecting the appropriate connection from the Profiles (this
is what we called earlier bnl-tunnel or jlab-tunnel). You will be prompted
for your password on the gateway host. You now have a tunnel to the
front-end host.
Connecting to the front-end host
Having configured an ssh tunnel profile, you first need to start
the tunnel. From the Profiles window, select the bnl-tunnel or jlab-tunnel
profile. You will be prompted for your password on the ssh
gateway. This will open the tunnel via the ssh gateway to the front-end
host.
Having the tunnel started, you can now connect to the front-end node
directly. Click on Quick Connect on the main ssh secure shell window. The
Host Name on the pop-up will now be localhost and the port number
will be 1234 or 2345 (as was set in the tunnel configuration).
When you click Connect you will be prompted for your
password on the front-end node and will be connected.
NOTE 1: You may enter a profile
name for the connection to the front-end host.
NOTE 2: If you close the tunnel connection, you will
also loose the connection to the front-end host.
NOTE 3: You can open as many
connections to the front-end host as you wish by simply clicking
on the "New Terminal Window" on the top of the front-end ssh
window. You won't even be prompted
for password.
NOTE 4: You can transfer files directly from your
window machine to the front-end host (drag and
drop) by clicking on the "New File Transfer Window" on the
top of the front-end ssh window.
VNC client over ssh on Windows
- Download and install on your windows machine a VNC client (VNC Viewer)
from RealVNC: http://www.realvnc.com/
- Start the VNC server on the front-end node:
qcdochostb:>vncserver
:7 -fp /usr/lib/X11/fonts
New 'X' desktop is qcdochostb:7
Starting applications specified in /home/user/.vnc/xstartup
Log file is /home/user/.vnc/qcdochostb:7.log
- Create and start an ssh tunnel as described above. The Host Names on
the Incoming and Outgoing tunnel are the same as above. The Port Number,
however, should be 590X, where X is port that
is used by the vnc server (7 in the above example). For example, this is
what the outgoing tunnel should look like:
- Start the VNC client on the windows machine. The Server should be
localhost followed by colon(:) and the port number:
After clicking OK, you will be prompted for your
VNC password that you entered on the front-end host when you
started the VNC server for the first time.
- A VNC session will start.
One of ten national laboratories overseen and primarily
funded by the Office of Science of the U.S. Department of Energy (DOE), Brookhaven
National Laboratory conducts research in the physical, biomedical, and environmental
sciences, as well as in energy technologies and national security. Brookhaven Lab also
builds and operates major scientific facilities available to university, industry and
government researchers. Brookhaven is operated and managed for DOE’s Office of Science by
Brookhaven Science Associates, a limited-liability company founded by Stony Brook University,
the largest academic user of Laboratory facilities, and Battelle, a nonprofit, applied science
and technology organization.