TurboVNC -via multiple intermediate gateways
9 views
Skip to first unread message
Some body
Feb 1, 2021, 2:04:06 PM2/1/21
to TurboVNC User Discussion/Support
Hi there,
I have an issue where my turbovnc client and server are separated by a bastion and a login node and haven't figured out a way to use the command line's -via flag multiple times. For ssh my connection steps look like this,
ssh (local laptop)-> bastion -> login node -> hpc node.
The only way I've made this work with turbo vnc is to be on the hpc vpn, and then the command
/opt/TurboVNC/bin/vncviewer hpc.node.ip
works fine. The downside is that I can no longer use the internet of my laptop for anything else while on the hpc vpn.
With the virtualgl client there's a multiple "hop" method https://github.com/VirtualGL/virtualgl/issues/115 but I haven't managed to make this work using turbovnc.
Any assistance is greatly appreciated!
DRC
Feb 1, 2021, 4:36:54 PM2/1/21
to turbovn...@googlegroups.com
I assume from your description that the login node can directly access
VNC servers running on the HPC nodes, so SSH is only required between
your client machine and the bastion machine and between the bastion
machine and the login node. I also assume that neither the login node
nor the bastion node has any services that listen on the TCP ports
normally reserved for VNC (5900-5999.) In that case, you can set up the
multi-level SSH tunnel manually. If you know that the VNC server is
running on host "hpc1" and listening on Display :1, for instance, then
you can do something like:
client$ ssh -L5901:localhost:5901 bastion
bastion$ ssh -L5901:hpc1:5901 login_node
The first command sets up an SSH connection between the client and the
bastion node and forwards traffic meant for Port 5901 on the client to
Port 5901 on the bastion node. The second command sets up another SSH
connection between the bastion node and the login node and forwards
traffic meant for Port 5901 on the bastion node to Port 5901 on hpc1.
Then, in another window on the client, you can do:
/opt/TurboVNC/bin/vncviewer localhost:1
The multi-level SSH tunnel has to be set up in this way because you
can't re-use the server end of an SSH tunnel outside of the SSH session.
VNC servers running on the HPC nodes, so SSH is only required between
your client machine and the bastion machine and between the bastion
machine and the login node. I also assume that neither the login node
nor the bastion node has any services that listen on the TCP ports
normally reserved for VNC (5900-5999.) In that case, you can set up the
multi-level SSH tunnel manually. If you know that the VNC server is
running on host "hpc1" and listening on Display :1, for instance, then
you can do something like:
client$ ssh -L5901:localhost:5901 bastion
bastion$ ssh -L5901:hpc1:5901 login_node
The first command sets up an SSH connection between the client and the
bastion node and forwards traffic meant for Port 5901 on the client to
Port 5901 on the bastion node. The second command sets up another SSH
connection between the bastion node and the login node and forwards
traffic meant for Port 5901 on the bastion node to Port 5901 on hpc1.
Then, in another window on the client, you can do:
/opt/TurboVNC/bin/vncviewer localhost:1
The multi-level SSH tunnel has to be set up in this way because you
can't re-use the server end of an SSH tunnel outside of the SSH session.
somebody
Feb 3, 2021, 10:31:46 AM2/3/21
to turbovn...@googlegroups.com
Thank you thats an excellent idea!
Cheers
--
You received this message because you are subscribed to a topic in the Google Groups "TurboVNC User Discussion/Support" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/turbovnc-users/9XF80-k84l4/unsubscribe.
To unsubscribe from this group and all its topics, send an email to turbovnc-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/turbovnc-users/73f85892-e1fb-714b-8638-d257385b1d00%40virtualgl.org.
Reply all
Reply to author
Forward
0 new messages