Skip to content
Tags

, ,

SSH tunneling and file transfer through multiple servers

July 10, 2010

In bioinformatics, there some computationally intensive tasks such as the NGS assemblies I am currently working on. They are often performed on remote machines, and a direct SSH connection to the server is often not allowed due to some security policy.

In my particular case, I had to first connect to an institute’s server and then to their computing cluster. At first I established the connections manually, but that was tedious. And file transfer was a mess. So here is my first tutorial on how to make one’s life easier when facing this problem, mostly because I myself might need this information again one day.

Pain-free file transfer with lrzsz

The first obvious issue is how to transfer files between the local and remote machine. It is possible to use scp for this, but one would have to copy files from the remote to the intermediary and then to the local machine manually. Fortunately, there is an alternative:

  1. Install zssh on your local machine.
  2. Install lrzsz on the remote machine.
This enables you to send and receive files within an active SSH session. To transfer files from your local to the remote machine, use
$ <press control-space>
$ cd /path/to/local/directory
$ sz <file1> [<file2>, ...]

and vice versa
$ sz <file1> [<file2>, ...]
$ <press control-space>
$ cd /path/to/local/directory
$ rz

Note: you might need to use sz -e on BSD-systems, or lrz and lsz instead of just rz and sz. Especially on server distributions, one or the other flavor is already installed.

Password-less login: creating a key pair

To enable a password-less login over SSH, a key pair needs to be created. To do so, execute the following commands on the remote server. Do not use a passphrase.

$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/mschu/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/mschu/.ssh/id_rsa
Your public key has been saved in /home/mschu/.ssh/id_rsa.pub
$ cd ~/.ssh
$ cat id_rsa.pub >> authorized_keys
$ chmod 600 authorized_keys

After ssh-keygen, two files are created in your ~/.ssh directory: id_rsa (private key) and id_rsa.pub (public key). The public key is then appended to the list of authorized keys, and access to this file is restricted to only the current user. The following steps are:

  1. Copy both files to the ~/.ssh directory of your intermediary server, add the public key to authorized_keys as above.
  2. Copy the private key to your local machine as well.

A thought on security here: be sure that noone else has access to your private key, or else they would be able to login to the servers with your username.

1-command connection: adding a bash alias

At this point, you could log on to the remote server by first starting an SSH connection from your local to the intermediary and from there to the remote machine. If you want to be able to do this with a single command, add the following line to your bash aliases (e.g., ~/.bashrc)

alias remote="zssh -t mschu@intermediary 'ssh -t mschu@remote'"

where intermediary and remote should be the corresponding server names or IP addresses. Now, a connection to the remote server via another machine is established just by typing remote.

Advertisement

From → Blog

Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

«
Follow

Get every new post delivered to your Inbox.