How to setup and use a SSH tunnel

One method to access the Aerospace network to access remote services is to use a VPN connection. Another method is to use an SSH tunnel to forward local ports to a remote computer within the Aerospace network. This methods requires access to an SSH server within the Aerospace network.

Assume you want to run IDL software on a remote (home) Linux system. You install the IDL software; however, you need a license from the Aerospace license server (flex.aero.und.edu). The license server is behind the Aerospace firewall so you can not access it directly. Using the Aerospace VPN is the most straight forward solution; however, you can also use SSH to tunnel the necessary ports. The Aerospace IDL license server uses two ports (1700 and 1701). These ports are not standard and the IDL license file needs to define the vendor daemon process port to use (in our case 1701).

You can use the -L option to SSH to forward both port 1700 and 1701. For example,

ssh -L 1700:flex.aero.und.edu:1700 -L 1701:flex.aero.und.edu:1701 username@aitken.atmos.und.edu

You need to replace username with you username on Aitken. Enter the password when requested. After you connected, open another terminal and type idl. Should get a license.

A shorter method is to use a ssh config file. For example, this can be used. Save it to ~/.ssh with the name config. To start the connection by typing ssh username@AerospaceTunnel (where username is your username on aitken.atmos.und.edu) in a terminal. You can also use the -N to run the process in the background if you wish. Now make sure the LM_LICENSE_FILE=1700@localhost (i.e. export LM_LICENSE_FILE=1700@localhost or define it in /etc/profile (assuming Bash shell)). Test by typing idl to see that you get a floating license from the flex.aero.und.edu license server.

Note: For the license server to use specific port instead of a random port, the license files needs to state not only if port to listen on but what port to use to serve the license. See "Using the License Manager".. The license file needs the following line: DAEMON idl_lmgrd PORT=1701