Skip to content

Commit 43ba03f

Browse files
fcruzcscsfcruzcscs
authored
Adding docs on SSH tunnel to a service
1 parent 7cbd102 commit 43ba03f

File tree

1 file changed

+47
-0
lines changed

1 file changed

+47
-0
lines changed

docs/access/ssh.md

Lines changed: 47 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -174,6 +174,53 @@ ssh -A [email protected]
174174
ssh daint.cscs.ch
175175
```
176176

177+
## SSH tunnel to a service on CSCS Alps (e.g., daint) via ela
178+
179+
If you have a server listening on a compute node in an Alps cluster and want to reach it from your laptop. Here is a quick solution: allocate a node, start your server bound to `localhost`, open an SSH tunnel that jumps through `ela` to the cluster (e.g. `daint`), then use `http://localhost:PORT` on your laptop.
180+
This is how:
181+
182+
### Requirements
183+
- SSH keys loaded in your agent (including MFA steps).
184+
- Your CSCS username handy (replace `MYUSER` below).
185+
- Know the compute node ID (e.g., `nid006554`) and the port of your running server.
186+
187+
### Allocate a node and run a server (or test server)
188+
Tip: binding to `127.0.0.1` ensures the service is only reachable via your tunnel.
189+
190+
### Open the tunnel from your laptop
191+
In a new local terminal:
192+
193+
```bash
194+
MYUSER=cscsusername # your username at CSCS
195+
NODE=nid006554 # obtained from salloc or srun
196+
PORT=6006 # example port
197+
CLUSTER=daint # cluster you want to reach
198+
199+
ssh -N -J ${MYUSER}@ela.cscs.ch,${MYUSER}@${CLUSTER}.alps.cscs.ch -L ${PORT}:localhost:${PORT} ${MYUSER}@${NODE}
200+
```
201+
- First run may ask to trust the node’s host key — type `yes`.
202+
- The command blocks while the tunnel is open (that is expected).
203+
204+
### Connect locally
205+
With the service running and the tunnel open, you can now reach your service locally:
206+
207+
- Browser: `http://localhost:PORT`
208+
- Terminal: `curl localhost:PORT`
209+
210+
### Clean up
211+
- Stop the server (Ctrl-C on the compute node shell).
212+
- End the Slurm allocation:
213+
```bash
214+
scancel $SLURM_JOB_ID
215+
```
216+
- Close the tunnel (Ctrl-C in the tunnel terminal).
217+
218+
### Common troubleshooting (fast fixes)
219+
- **Port already in use locally:** pick another `PORT` (e.g., 6007) in both server + tunnel.
220+
- **Service not responding:** ensure the server binds to `127.0.0.1` and is running on the compute node; confirm `NODE` matches your allocation.
221+
- **Auth prompts loop:** verify your SSH MFA to CSCS and the correct setup of the ssh agent.
222+
223+
177224
[](){#ref-ssh-faq}
178225
## Frequently encountered issues
179226

0 commit comments

Comments
 (0)