Network Tunnel
sshuttle
1 creates a transparent tunnel to a remote network using SSH. This is similar in connectivity to a Virtual Private Network (VPN) 2 based technology. Sshuttle enables users to work as if their computer is located within the GSI network. Practically this allows to access all GSI internal service including the HPC infrastructure. The sshuttle
requires root access on your local computer in order to modify the system firewall to tunnel all traffic through an SSH connection.
Connect
Connect to a login node from the Internet. Start a tunnel to the GSI internal network with following command, where $user
is your GSI Linux username:
sshuttle --daemon --pidfile=/tmp/sshuttle.pid --dns --remote $user@lxpool.gsi.de 0/0
The /tmp/sshuttle.pid
stores the process ID of the sshuttle
instance for later use. This connection will route all your traffic including DNS requests transparently through an SSH connection into the GSI network. Using the sshuttle
command will prompt for the sudo
3 password and then for the SSH login password.
Disconnect
Use the process ID stored in /tmp/sshuttle.pid
to disconnect:
# stop the tunnel
kill $(cat /tmp/sshuttle.pid)
Alternatively you can run pkill sshuttle
4, which will kill all active sshuttle
instances running.
Configuration
It is recommended to us a configuration-file 5 to store all connection options for repeated logins. The following examples illustrates a configuration to connect to the lxlogin.gsi.de
nodes from the Internet:
# Create a configuration file
cat > lxlogin.conf <<EOF
140.181.0.0/16
10.0.0.0/8
--remote
lxlogin.gsi.de
--dns
--disable-ipv6
--daemon
--pidfile
/tmp/sshuttle.pid
--exclude
140.181.60.0/24
EOF
Arguments read from a file must be one per line, as shown above. Pass the name of the configuration file preceded by the @
character to the Sshuttle command:
# ...and pass the configuration file as argument to Sshuttle
sshuttle @lxlogin.conf
Footnotes
Sshuttle, GitHub
https://github.com/apenwarr/sshuttle↩︎Virtual Private Network, Wikipedia
https://en.wikipedia.org/wiki/Virtual_private_network↩︎Sudo Manual Pages
https://www.sudo.ws/man.html↩︎pkill
Manual Page
https://manpages.org/pkill↩︎Configuration File, Sshuttle Documentation
https://sshuttle.readthedocs.io/en/stable/manpage.html#configuration-file↩︎