Versions Compared

Old Version 3

changes.mady.by.user Unknown User (blee)

Saved on

compared with

New Version 4

changes.mady.by.user Unknown User (blee)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The forwarding tunnels are initiated using the "remote forward" invocation of ssh (-R option), so that the connections flow across the firewalls in the same sense or direction as an interactive ssh session initiated by a user at SLAC. On glast02, a public/private ssh key-pair has been created for the ISOC group account 'glastops', and the glastops public key added to the authorized_keys2 file of a corresponding 'glastops' account on ods-foo. Similarly, glastops@ods-foo has a public-private key pair, with the public key installed in glastops@lat-dmz01:~/.ssh/authorized_keys2.

On both glast02 and ods-foo, a SysV-style boot-time script is installed in /etc/init.d to invoke the individual autossh-wrapped ssh client instances for each forwarded service. The glast02 version is presented here as an example:

No Format

#
# lattunnel     This starts and stops SSH tunnels for the LICOS mobile rack
#
# chkconfig: 345 90 10
# description: lattunnel is a boot-time script that automatically brings up \
#              an SSH tunnel to the LICOS mobile rack through which FASTCopy or \
#              MySQL transfers can occur.  It uses the "autossh" \
#              utility to maintain the tunnelled connection.
#

# set the PATH
PATH=/sbin:/bin:/usr/bin:/usr/sbin:/u/gl/glastops/Prod/bin
export PATH

# start up the tunnels
start(){
    su -s /bin/bash -c "autossh -f -M 40001 -2 -q -n -N -x -R 40000:glast02:40000 ods-foo" glastops
    su -s /bin/bash -c "autossh -f -M 3308  -2 -q -n -N -x -R 3306:glast03:3306 ods-foo" glastops
    su -s /bin/bash -c "autossh -f -M 20023 -2 -q -n -N -x -R 20022:centaurusa:22 ods-foo" glastops
}

# stop the tunnels
stop(){
    killall autossh
}

# restart the tunnels
restart(){
    stop
    start
}

# show some sort of status
status(){
    ps -efwww | grep -v grep | grep autossh
}

# see how we were called
case "$1" in
    start)
        start
        ;;

    stop)
        stop
        ;;

    restart|reload)
        restart
        ;;

    status)
        status
        ;;

    *)
        echo $"Usage: %0 {start|stop|status|restart|reload}"
        exit 1
esac

The following table describes the forwarding configuration for the various applications. A graphical depiction is also available in either PDF or Visio format.

Application

Destination

ods-foo port

lat-dmz01 port

FASTCopy

glast02:40000

40000

40000

MySQL

glast03:3306

3306

3307

CVS

centaurusa:22

20022

20022