Difference: SshTunnel (14 vs. 15)

Revision 1509 Apr 2015 - Main.DavidStokes

 
META TOPICPARENT name="CemITSystem"

How to tunnel port through SSH (e.g. for using VNC remotely)

Why?

If you are at another institution or at home and wish to use/monitor NYSBC computer like the cluster or automated EM operation.

VNC server

start the vnc server on the remote computer

  • "old" cluster (16 nodes x 4 cores) 192.168.5.236
  • "new" cluster (32 nodes x 12 cores) 192.168.5.231
  • JEOL3200 computer running SerialEM
  • JEOL1230 computer running leginon
  • Robot computer running iRobot 192.168.5.172
  • Helios Support PC: 192.168.5.183

Linux
  • the Linux server will create a "virtual" Desktop that will only be seen by vnc clients
  • vnc should be installed by default on most linux systems 
    vncserver -geometry 1280x1024 :10
  • geometry determines the size of the virtual desktop that will be created
  • :10 determine the port that will be used (5900 + the number you enter - in this case 5910)
  • First time you run, you will be prompted to enter a password. You will need to remember this later when you open the connection with a vnc viewer
  • you can select a different window manager by editing the file .vnc/xstartup
    • icewm is a nice one. twm is annoying but uses minimal resources. kde is a memory hog, don't use it
    • to use icewm, comment out the line "twm &" by adding a # at the start
    • add the line "/usr/apps/icewm/bin/icewm &"

Windows
  • the Windows server will display the standard Desktop
  • download TightVNC? and install
  • click on VNCServer application
  • specify password that you can remember
  • you can specify the port number under the Properties->Server page
    • click "Display" and enter 10 or click or click on "Ports" and enter 5910
  • you can specify password on the Properties -> Server page
  • you can allow multiple people to connect to the server on Properties -> Administration page
    • choose "Automatic shared sessions"

ssh into nysbc from remote site

  • NYSBC Portal address: portal.nysbc.org
Windows
  • download and use Putty
  • in configuration page, edit the SSH->Tunnels
    • "Source port" = 5910
    • "Destination" = 192.168.5.236:5910 (where 192.168.5.236 is the cluster computer in this example, but could be 192.168.5.172 for the robot computer or local IP address of whatever computer you wish to connect to))
      • seems that you need to use the IP address of the "Destination" computer, cannot use common alias, like agamemnon or athena
    • click "Add" and you should see - L5910 192.168.5.236:5910 - appear in the box
  • in configuration page "Session" tab
    • enter portal.nysbc.org (207.239.59.21), this is the NYSBC portal computer that will forward the port
      • you must have login privileges on this machine
  • It is recommended that you name and save this session so you don't have to enter this next time
  • Click "Open" to establish ssh connection (login)
Linux
  • from command line type 
        ssh -L 5910:192.168.5.236:5910 portal.nysbc.org
-or-
        ssh -L 5910:192.168.5.236:5910 207.239.59.21
  • 192.168.5.236 is the IP address of the cluster, replace with IP address of desired computer

Run VNCVIEWER from remote site

Windows
  • "VNC server" = localhost:10
  • or "VNC server" = 127.0.0.1:10
    • you are pretending that the vncserver is running on you local machine on port 5910, but ssh is instead tunneling this port to the remote machine as setup above
+++Linux
  • In another shell (NOT the one where you are logged in to the remote computer) type: 
       vncviewer :10
  • you better make sure that you do not have vncserver running on port 5910 of your local machine!

Web server

  • In order to access NYSBC internal websites (leginon dataserver, robot cameras, etc) on a remote machine, need to forward web port 80
  • example: to browse athena (leginon server):

Establish ssh tunnel (to athena in this example)

Windows - download and use Putty
  • in configuration page, edit the SSH->Tunnels
    • "Source port" = 8080
    • "Destination" = 192.168.5.233:80 (this is IP address of athena: the Leginon Server)
      • have to explicitly use IP address of athena, alias does not get translated by ssh
    • click "Add" and you should see - L8080 192.168.5.233:80 - appear in the box
  • in configuration page "Session" tab
    • enter portal.nysbc.org (IP address of the portal computer is 207.239.59.21)
      • you must have login privileges on this machine
  • It is recommended that you name and save this session so you don't have to enter this next time
  • Click "Open" to establish ssh connection (login)

Linux
  • from command line type 
   ssh -L 8080:192.168.5.233:80 username@207.239.59.21
- or -
   ssh -L 8080:192.168.5.233:80 username@portal.nysbc.org
  • Above command forwards athena port 80 data to the remote machine's port 8080
  • have to use explicit IP address for athena on command line
Changed:
<
<

open browser on local machine and connect to remote server (Windows or Linux)

>
>

open browser on local machine and connect to leginon server (Windows or Linux)

 

example 2: to view robot cameras: 

   ssh -L 8080:192.168.5.160:80 -L 8081:192.168.5.166:80 username@portal.nysbc.org
-or-
   ssh -L 8080:192.168.5.160:80 -L 8081:192.168.5.166:80 username@207.239.59.21

  • Set ALLOWTOPICVIEW =

-- DavidStokes - 21 Apr 2010

Added:
>
>
View topic  |  History: r15 < r14 < r13 < r12  |  More topic actions...
 
Copyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding this intranet, Send feedback