Talk:Data Platform/Systems/Jupyter
Rendered with Parsoid
Latest comment: 15 days ago by JSherman (WMF) in topic adding a tunnel shortcut to ssh_config
adding a tunnel shortcut to ssh_config
I began editing to add this, but I wasn't sure if it would muddy the waters. Do you think such a shortcut would be helpful?
Once you have this access, first open a SSH tunnel to one of the analytics clients by running the following command in your computer's terminal:
$ ssh -N stat1008.eqiad.wmnet -L 8880:127.0.0.1:8880
If you prefer have a shortcut for tunneling, you may add the following to the ssh configuration used for production access:
Match host=!*.*,stat10*
SessionType none
HostName %h.eqiad.wmnet
LocalForward 8880 127.0.0.1:8880
Now you may open a SSH tunnel to one of the analytics clients by running the following command in your computer's terminal:
$ ssh stat1008
In either case, you can replace stat1008 with the name of another analytics client if you prefer. JSherman (WMF) (talk) 15:04, 1 November 2024 (UTC)
- Generally, I think this would be very useful to add to the page!
- Specifically, it's sometime necessary to open a plain SSH connection to the hosts since there are some commands (like `sudo`) that don't work in the Jupyter terminal. With this approach, it seems that it become impossible to do that. Do you know if there's any way to handle this in the SSH config?
- What I've done is use a similar technique in my SSH config to enable using e.g. `stat1008` as a shorthand and then separate set up a shell function (for Fish, in my case) to streamline opening a tunnel for Jupyter:
- Neil Shah-Quinn (WMF) (talk) 20:06, 1 November 2024 (UTC)
function jup # Fish only supports running a single external command as a background job # https://stackoverflow.com/questions/62864458/fish-shell-chaining-commands-to-be-run-as-a-background-job fish --command "sleep 3; open -a Firefox http://localhost:8880" & ssh -N $argv -L 8880:127.0.0.1:8880 end
- As written, the config I made still allows regular shell access via the full name:
- eg `ssh stat1008.eqiad.wmnet`
- but it won't have the tunnel. You could drop the SessionType line and have an interactive session with the tunnel.
- If you want to locally launch a browser and the tunnel at the same time, that may also be accomplished with ssh config so long as you have
PermitLocalCommand yesset in/etc/ssh/ssh_config - JSherman (WMF) (talk) 22:36, 1 November 2024 (UTC)
Match host=!*.*,stat10* SessionType none HostName %h.eqiad.wmnet LocalForward 8880 127.0.0.1:8880 LocalCommand open -a Firefox http://localhost:8880
- Neat! Thank you very much for sharing.
- I'd say go ahead and add your original snippet, and just add a footnote mentioning that you can still use the full address for plain SSH. Having a shortcut command is super useful, and it's even better when it doesn't require messing around with shell functions, while needing plain SSH is a fairly niche situation. Neil Shah-Quinn (WMF) (talk) 01:49, 2 November 2024 (UTC)