| Index | Recent Threads | Unanswered Threads | Who's Active | Guidelines | Search |
 |
World Community Grid Forums
Category: Support
Forum: BOINC Agent Support
Thread: SSH tunneling for client |
| No member browsing this thread |
|
Thread Status: Active Total posts in this thread: 2
|
|
| Author |
|
|
Former Member
Cruncher Joined: May 22, 2018 Post Count: 0 Status: Offline |
Hi there!
How can I manage to run the client with SSH tunneling? I want to install the client on a linux machine (SLC4) which is not directly connected to the internet, but could be connected via a gateway server. Thanks & best regards! |
||
|
|
Former Member
Cruncher Joined: May 22, 2018 Post Count: 0 Status: Offline |
Hi,
assuming forwarding is enabled in your gateway server's sshd_config, running ssh -D localhost:12345 -l <user> <gateway server>on your target machine will start a SOCKS5 proxy server, listening on port 12345. If you then set localhost:12345 as BOINC's SOCKS proxy server, the BOINC client should connect to this port and reach the internet via the SSH tunnel. Instead of 12345, you can pick any free port you like, but keep in mind you need root privileges for ports below 1024. This tunnel is available to all processes running on your target machine, effectively opening up the whole internet to that machine. You could limit access to this port with SELinux, AppArmor, or the like. If that's not feasible or not secure enough, you're going to need to run some actual proxy server software on your gateway. If you then open a static SSH tunnel you can use the local endpoint as BOINC's proxy server. For example, with ssh -L localhost:12345:localhost:8080 -l <user> <gateway server>you'd be running a proxy server on port 8080 on your gateway, and use localhost:12345 in BOINC's proxy settings. Although it's not as easy, this method can be made more secure by limiting access in the proxy server's configuration. Hope this helps, - inf |
||
|
|
|