Skip to content

SSHTunnelProxy

Jump to bottom
Rob Nagler edited this page Jan 24, 2022 · 2 revisions

Connect to Sirepo or JupyterHub via SSH

If a Sirepo server is behind a firewall, which you can get to via SSH, you'll need to do a few things.

~/.ssh/config

You'll need to setup ssh config on the initial ssh client and all intermediate jump hosts as so:

Host jump.host
    LocalForward 8000 localhost:8000

Then on the jump.host, you'll tunnel through to the inside.host:

Host inside.host
    LocalForward 8000 localhost:443

You may need to choose a different port than 8000.

/etc/hosts

On the initial ssh client (e.g. your laptop), you'll need to change the localhost line in /etc/hosts to be the same name as the remote host so that the cert matches:

127.0.0.1	localhost localhost.localdomain inside.host

Chrome NET::ERR_CERT_INVALID

If you have trouble accessing the site in Chrome, because the certificate is self-signed, you'll need to type thisisunsafe on the page that is displaying NET::ERR_CERT_INVALID.

IPv6 issue: bind: Cannot assign requested address

If you get this, it probably is trying to connect via IPv6 (e.g. Amazon Web Services). You can test with:

ssh -4 <host>

Easier to remember, you can this to ssh config:

AddressFamily inet
Clone this wiki locally