Skip to content

An SSH tunneling via multiple hops

In some cases, you want to access dev nodes directly from your local machine (technically, you have to get through the gateway, but you don't have to ssh to a dev node manually with tunneling). There are two ways to do that.

Using ProxyJump

Because we need to hop twice (your local machine -> gateway -> dev node), we need an ssh config file under .ssh directory of your local machine (the file name should be config). The following is an example config file which defines intel18 and k80 dev node. With this file, you can connect a dev node from your local machine with ssh intel18 or ssh k80.

config example

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
Host gateway
    HostName gateway.hpcc.msu.edu
    User here_you_put_your_net_id

Host intel18
    HostName dev-intel18
    User here_you_put_your_net_id
    ProxyJump gateway

Host k80
    HostName dev-intel16-k80
    User here_you_put_your_net_id
    ProxyJump gateway

Now you can just type the name of host to connect.

img!

Tip: With SSH Key-Based Authentication you don't have to type your password when you login.

Using port forwarding

Instead of using ProxyJump, you can use port forwarding. For this method, you need to open two terminals on your local machine.

1st terminal (left in the picture): type

1
ssh -L 1234:dev-intel18:22 <your_net_id>@gateway.hpcc.msu.edu

You can change 1234 to any number larger than 1024 (1234 here is a port number you are using). You can change dev-intel18 to any dev-node name, but 22 (port number of dev node) should be remained. For example, 

1
ssh -L 4321:dev-intel16:22 <your_net_id>@gateway.hpcc.msu.edu

is also working.

2nd terminal (right in the picture): type

1
ssh -p 1234 <your_net_id>@localhost

If it is the first time, it would request connection confirmation. type yes. Then you will arrive at the dev-node on the 2nd terminal.

img!