LISTSERV 16.5 - XROOTD-L Archives

hello Fabrizio,

             yes I was interested of ssh tunnel  usage through the 
redirector.
but ssh tunnelling to a Xrootd data server has already been used 
successfully so far by an experiment (for some remote interactive 
analysis in ROOT where performances are not an issue in their case).
so it would be good to also use that in the ROOT framework. But I guess 
that recompiling the XTNetFile library would not be enough in that case 
as there are these extra options to give in the case of the xrd copy you 
give below.
thanks,
JY


Fabrizio Furano wrote:
> Hi JY and Chris,
>
>  I remember that, at some point (if I remember correctly) you have 
> been interested in the possibility of communicating with an xrootd 
> server through ssh tunnels. Since this was one of the latest commits, 
> if you want to give a try to it, it's there (in the head).
>  Basically it's an implementation of the SOCKS4 protocol in XrdClient. 
> What follows is an example of how to use it.
>
> I suppose that I want to access the file
>
> root://kanolb-a.slac.stanford.edu//store/SP/R14/000993/run4/14.4.0c/SP_000993_002423.02E.root 
>
>
> into my laptop in Padova. We know that the kanga cluster at slac is 
> not accessible from outside (at least not from here). Here is a 
> trivial example of how to do it using a SOCKS4 ssh tunnel and xrdcp.
>
> Step 1: Tunnel localhost-->noric02 mapping the local port 8080 through 
> SOCKS4
>
> fabrizio@dhcp-61 15:20:32 ~>ssh -D 8080 [log in to unmask]
>
> Step 2: in another window...
>
> fabrizio@dhcp-61>xrdcp -d 2 -DISocks4Port 8080 -DSSocks4Server 
> 127.0.0.1 
> root://kanolb-a.slac.stanford.edu//store/SP/R14/000993/run4/14.4.0c/SP_000993_002423.02E.root 
>  ~fabrizio/
>
> and the copy should be ok.
> ... if you want to shut it up, remove the "-d 2" parameter.
> Well, from Europe you will note that the data xfer rate is very low. 
> This will hopefully change in December, when we finish implementing 
> the multistream stuff.
>
> Please note that the parameter Socks4Server does not understand names 
> yet, but IP addresses only.
> Another thing that made me crazy. Typically the ssh-tunnelled port 
> (8080 in the example) is only available from localhost. To override 
> this and make it visible also from other hosts, you have to use the 
> "-g" switch (for older ssh) or specify */8080 (in the more recent 
> releases of ssh).
>
> Any comment?
> Fabrizio
>