Document how to use a SSH tunnel to access the cluster #31
Description
Steps:
- Start a tunnel with:
ssh -L 1234:queue.sanbi.ac.za:22 pvh@gate.sanbi.ac.za cat -- Copy files via the tunnel with:
scp -P 1234 myfile.txt pvh@localhost:Gotchas:
- It might say the authenticity of the host is not known and ask you if you want to connect:
The authenticity of host '[localhost]:1234 ([127.0.0.1]:1234)' can't be established.
ECDSA key fingerprint is SHA256:FVnauAph+p2HOgfipGQBOi1KTq4JFcivYqvW7l2Pb/g.
Are you sure you want to continue connecting (yes/no/[fingerprint])?The fingerprint for queue is SHA256:FVnauAph+p2HOgfipGQBOi1KTq4JFcivYqvW7l2Pb/g - this should be mentioned in the docs and updated if the queue fingerprint changes. The user should check this fingerprint and answer yes if it is correct.
- If you have previously used a tunnel to another host you could get an error like:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:FVnauAph+p2HOgfipGQBOi1KTq4JFcivYqvW7l2Pb/g.
Please contact your system administrator.
Add correct host key in /home/pvh/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /home/pvh/.ssh/known_hosts:731
remove with:
ssh-keygen -f "/home/pvh/.ssh/known_hosts" -R "[localhost]:1234"
ECDSA host key for [localhost]:1234 has changed and you have requested strict checking.
Host key verification failed.
lost connectionThe user should check the fingerprint listed and if it is correct run the ssh-keygen command noted.
Additional learning:
- Copying to SANBI / from SANBI
- Copying directories with
-r - Password-less ssh