Skip to content

Adding docs on SSH tunnel to a service #276

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 15 commits into from
Oct 16, 2025
Merged

Adding docs on SSH tunnel to a service #276

Changes from 1 commit
Commits
Show all changes
15 commits
Select commit Hold shift + click to select a range
43ba03f
Adding docs on SSH tunnel to a service
fcruzcscs Oct 12, 2025
c9f56ac
Update docs/access/ssh.md
fcruzcscs Oct 16, 2025
b1df11d
Update docs/access/ssh.md
fcruzcscs Oct 16, 2025
cc5770e
Update docs/access/ssh.md
fcruzcscs Oct 16, 2025
8760f84
Update docs/access/ssh.md
fcruzcscs Oct 16, 2025
62f24cc
Update docs/access/ssh.md
fcruzcscs Oct 16, 2025
52d2944
Update docs/access/ssh.md
fcruzcscs Oct 16, 2025
792c824
Update docs/access/ssh.md
fcruzcscs Oct 16, 2025
a2ffa17
Update ssh.md
fcruzcscs Oct 16, 2025
d7bee84
Update docs/access/ssh.md
fcruzcscs Oct 16, 2025
061c160
Update docs/access/ssh.md
fcruzcscs Oct 16, 2025
7d11b06
Update docs/access/ssh.md
fcruzcscs Oct 16, 2025
1014229
Update docs/access/ssh.md
fcruzcscs Oct 16, 2025
e605fd1
Merge branch 'main' into patch-1
bcumming Oct 16, 2025
540bd8f
Apply suggestion from @msimberg
msimberg Oct 16, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
47 changes: 47 additions & 0 deletions docs/access/ssh.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -174,6 +174,53 @@ ssh -A [email protected]
ssh daint.cscs.ch
```

## SSH tunnel to a service on CSCS Alps (e.g., daint) via ela

If you have a server listening on a compute node in an Alps cluster and want to reach it from your laptop. Here is a quick solution: allocate a node, start your server bound to `localhost`, open an SSH tunnel that jumps through `ela` to the cluster (e.g. `daint`), then use `http://localhost:PORT` on your laptop.
This is how:

### Requirements
- SSH keys loaded in your agent (including MFA steps).
- Your CSCS username handy (replace `MYUSER` below).
- Know the compute node ID (e.g., `nid006554`) and the port of your running server.

### Allocate a node and run a server (or test server)
Tip: binding to `127.0.0.1` ensures the service is only reachable via your tunnel.

### Open the tunnel from your laptop
In a new local terminal:

```bash
MYUSER=cscsusername # your username at CSCS
NODE=nid006554 # obtained from salloc or srun
PORT=6006 # example port
CLUSTER=daint # cluster you want to reach

ssh -N -J ${MYUSER}@ela.cscs.ch,${MYUSER}@${CLUSTER}.alps.cscs.ch -L ${PORT}:localhost:${PORT} ${MYUSER}@${NODE}
```
- First run may ask to trust the node’s host key — type `yes`.
- The command blocks while the tunnel is open (that is expected).

### Connect locally
With the service running and the tunnel open, you can now reach your service locally:

- Browser: `http://localhost:PORT`
- Terminal: `curl localhost:PORT`

### Clean up
- Stop the server (Ctrl-C on the compute node shell).
- End the Slurm allocation:
```bash
scancel $SLURM_JOB_ID
```
- Close the tunnel (Ctrl-C in the tunnel terminal).

### Common troubleshooting (fast fixes)
- **Port already in use locally:** pick another `PORT` (e.g., 6007) in both server + tunnel.
- **Service not responding:** ensure the server binds to `127.0.0.1` and is running on the compute node; confirm `NODE` matches your allocation.
- **Auth prompts loop:** verify your SSH MFA to CSCS and the correct setup of the ssh agent.


[](){#ref-ssh-faq}
## Frequently encountered issues

Expand Down