3

The simple answer is

ssh username@hostname

Enter your password and you are set. My problem is that I wish to connect to a computer in my university. There are several machines which everyone can access but before doing so we have to go through the login machine. So say the name of the login machine is login.school.edu

Then I would do

ssh login.school.edu

From there then I would ssh to one of the several machine names

ssh ld00

They have 112 machines, so I can do ld00 through ld112. The reason I'm asking this is because I want to run the Mathematica Kernel in one of these machines but in the Kernel configuration it asks for the hostname. The hostname cannot be the login machine because this machine does not have Mathematica installed and this machine wasn't meant for computations. Any way I can bypass this?

Update:

So it seems that those machines are not public in the internet. Now that I'm in the deparment I connected to the network and now I can do a simple

ssh username@hostname

The administrator of the machines did say something interesting:

I do not know what SSH implementation is currently part of MacOS. Under OpenSSH (used on Linux machines) it is theoretically possible to make creative use of the ProxyCommand directive to make it appear as if those hosts are directly available to SSH. I cannot tell you how to do this, however; I've only seen mention of it.

So, does anyone know how to do this so that I can connect to the kernel from outside the school?

Community
  • 1
jmlopez
  • 6,470
  • 4
  • 28
  • 48
  • 3
    Math failed: ld00 to ld112 , there are 113 machines. –  May 03 '12 at 06:53
  • @ShivanRaptor, lol, yes ... – jmlopez May 03 '12 at 06:55
  • Any reason why you didn't ask this over at [Mathematica.se]? – rcollyer May 03 '12 at 15:01
  • @rcollyer, I thought about it, but even thought I want to use this information to apply it to Mathematica this seems to be more general. I have been wanting to use this also with python and other scripts. – jmlopez May 03 '12 at 16:16
  • While more general, the answer will be environment specific (and yes, I'm counting MMA as an environment). – rcollyer May 03 '12 at 16:28
  • @rcollyer, my bad, know any way to migrate it? – jmlopez May 03 '12 at 18:04
  • Already flagged. You can flag it, too, if you wish. That will help push the flag up the "flagpole" a bit. – rcollyer May 03 '12 at 18:05
  • Are the machines otherwise available from outside (public IP, hostname externally available, no or negligible firewalling)? That is, do you need only the double ssh, or do you also need to tunnel all other traffic? – celtschk May 03 '12 at 19:31
  • @celtschk, So I emailed the administrators and he says that those machines are not on the public Internet and therefore it is impossible to reach them directly. But he says that it is theoretically possible to make creative use of the ProxyCommand directive to make it appear as if those hosts are directly available to SSH. – jmlopez May 03 '12 at 20:43
  • @jmlopez: Unfortunately it's not enough to have ssh chaining correctly (that one I could have solved), but current Mathematica versions use a quite complex setup of MathLink connections which, since the computers are not publicly available, all have to be tunnelled through ssh; unfortunately only one of the connections is configured in the remote kernel dialog, and I have no idea how to get Mathematica to tunnel the others. So you'll have to wait for someone with more knowledge to answer. – celtschk May 03 '12 at 20:58
  • ssh -V should give you the version info. Mine is OpenSSH_5.6p1, OpenSSL 0.9.8r 8 Feb 2011 (OSX Lion) – rm -rf May 03 '12 at 21:12

1 Answers1

3

From your update, your situation is very similar to mine, where I can connect to hostA through the internet, but to hostB only via hostA. Here is the pared down settings from my ~/.ssh/config that you can adapt to your machines:

Host hostA
    HostName hostA.school.edu
    User rm
    ForwardX11 yes
    ForwardX11Trusted yes       
    ControlMaster auto
    ControlPath ~/.ssh/control:%h:%p:%r

Host hostB
    Hostname hostB.school.edu
    User rm
    ProxyCommand ssh -T -a hostA nc %h %p

Here, using ControlMaster and ControlPath lets you tunnel all subsequent connections to hostA via an existing connection. So this means that you need to have only 1 open connection (need password, if not using keys) and you needn't enter your password again as long as that session is alive (extremely convenient and useful in general!).

The second, using ProxyCommand allows you to login to the second through the first. So if you have one open connection to hostA, you can then simply ssh hostB on your local machine and the connection will automatically be routed through hostA. Now if you didn't set up ControlMaster and ControlPath, you'll have to enter 2 passwords — one for hostA and another for hostB.

rm -rf
  • 88,781
  • 21
  • 293
  • 472
  • Thanks, this works very nicely with ssh. Now I can connect directly with just one command. One more problem though, and this about the Kernel configuration. When I'm in school I can put the hostname and it works. But now that I'm away it doesn't work. Is there a way to let Mathematica know of the .ssh/config file? – jmlopez May 04 '12 at 01:36
  • hmm... not sure I follow fully. You said your mma installation is on the ldXYZ machines, right? So shouldn't you just set that as the hostname in your mma kernel configuration file? – rm -rf May 04 '12 at 01:45
  • Yes, all the ldXYZ machines have mma. If I log in them and type hostname then I get the full hostname which you need when you want to configure another kernel. See this: http://www.wolfram.com/broadcast/screencasts/howtoconnecttoaremotekernel/?w=776&h=632 . I followed those instructions when connected directly to the network and it works fine. But now that I'm away I cannot seem to make it work. You answer works with ssh now, but I'm not sure com.wolfram.WolframSSH.WolframSSH knows how to do this. – jmlopez May 04 '12 at 01:50
  • @jmlopez In Preferences > Parallel > Remote Kernels > Add Host, I see an option to enter a custom command. Now you can use the -F flag in ssh to specify a config file. You can specify the location to your config file to make sure that mma knows about it. I don't have a remote mma kernel to actually check this out, but I'm pretty sure it should work. Could you please try it and if it does, I'll update my answer with the info – rm -rf May 04 '12 at 02:58
  • I'm having problems, We can also put a custom command in Evaluation > Kernel Configuration Options > Add then after setting Remote Machine then we can put a custom command. But, I don't quite understand the " and ` so I don't know where to put the F flag. – jmlopez May 04 '12 at 03:45
  • @jmlopez In the preferences pane I mentioned earlier, change the default ssh -x -f -l `3` ... to ssh -x -f -F /path/to/config -l `3` .... You can find more info on what the ``2etc. mean by clicking on the>>` just above the box which takes you to the documentation. In short, 1 is the hostname, 3 is your username, etc. – rm -rf May 04 '12 at 16:16
  • let us continue this discussion in chat – jmlopez May 04 '12 at 16:52