Hi Tim, Adye, TJ (Tim) wrote: > Hi Fabrizio, > > Yes, this is very interesting. We have been investigating the use of the > xrootd proxy as another way to access data remotely from SLAC. Using ssh > seems to have the advantage of not requiring any extra infrastructure, > but only works for xrdcp (at the moment) and requires specific user > setup. Anything else? Have you made any performance comparisons? > Well, the only setup which is needed is to specify the value of two variables in the env of XrdClient (not the shell's one!) , which can be done via command line. The tunnel itself can be established by another user, and one should be sufficient for many connections. I am making performance comparisons right now, as well as debugging under high load. Fabrizio > Thanks, > Tim. > >> -----Original Message----- >> From: [log in to unmask] On Behalf Of >> Fabrizio Furano >> Sent: 30 October 2006 14:54 >> To: Jean-Yves Nief; Brew, CAJ (Chris) >> Cc: Xrootd Mailing List; Andrew Hanushevsky; Peter Elmer >> Subject: Ssh tunnels for XrdClient >> >> Hi JY and Chris, >> >> I remember that, at some point (if I remember correctly) >> you have been >> interested in the possibility of communicating with an xrootd server >> through ssh tunnels. Since this was one of the latest commits, if you >> want to give a try to it, it's there (in the head). >> Basically it's an implementation of the SOCKS4 protocol in >> XrdClient. >> What follows is an example of how to use it. >> >> I suppose that I want to access the file >> >> root://kanolb-a.slac.stanford.edu//store/SP/R14/000993/run4/14 >> .4.0c/SP_000993_002423.02E.root >> >> into my laptop in Padova. We know that the kanga cluster at >> slac is not >> accessible from outside (at least not from here). Here is a trivial >> example of how to do it using a SOCKS4 ssh tunnel and xrdcp. >> >> Step 1: Tunnel localhost-->noric02 mapping the local port >> 8080 through >> SOCKS4 >> >> fabrizio@dhcp-61 15:20:32 ~>ssh -D 8080 >> [log in to unmask] >> >> Step 2: in another window... >> >> fabrizio@dhcp-61>xrdcp -d 2 -DISocks4Port 8080 >> -DSSocks4Server 127.0.0.1 >> root://kanolb-a.slac.stanford.edu//store/SP/R14/000993/run4/14 >> .4.0c/SP_000993_002423.02E.root >> ~fabrizio/ >> >> and the copy should be ok. >> ... if you want to shut it up, remove the "-d 2" parameter. >> Well, from Europe you will note that the data xfer rate is very low. >> This will hopefully change in December, when we finish >> implementing the >> multistream stuff. >> >> Please note that the parameter Socks4Server does not understand names >> yet, but IP addresses only. >> Another thing that made me crazy. Typically the ssh-tunnelled >> port (8080 >> in the example) is only available from localhost. To override >> this and >> make it visible also from other hosts, you have to use the >> "-g" switch >> (for older ssh) or specify */8080 (in the more recent >> releases of ssh). >> >> Any comment? >> Fabrizio >> >>