Getting ssh internet access for firewalled systems, such as HPC systems

git_clone_ssh_through_reverse_tunnel.md

Getting github access on a firewalled system

This approach, based on [0] and [1] lets me reverse-tunnel through the local machine, to get github (and other) access on protected machines, such as HPC compute systems.

I put these lines in my local ~/.ssh/config file

Host somehpcsocks
  ProxyCommand ssh -D 2020 localhost nc -q 1 localhost 22

Host HPCSystem
  HostName hpcsystem.com
  ForwardAgent yes
  ProxyCommand ssh -W %h:%p somehpcsocks

and these here in the HPC system's ~/.ssh/config file

Host * 
    User                    git
    ProxyCommand            nc -x localhost:2020 %h %p

Now all ssh connections are tunneled through my local machine, enabling me to e.g.

git clone git@github.com:spack/spack.git

[0] https://rse.shef.ac.uk/blog/2019-01-31-ssh-forwarding/

[1] http://cms-sw.github.io/tutorial-proxy.html

[2] I also looked at this here, but ended up using a non git-specific solution https://gist.github.com/evantoli/f8c23a37eb3558ab8765

in order to use spack, we can also set the proxy for curl:
export ALL_PROXY=socks5h://localhost:2020
this, in conjunction with
RemoteForward 2020 localhost:2020
in the local config file allows https access (e.g. for git, if the ssh set-up does not work).

On another machine, the reverse tunnel approach did not work, but I could directly do forward ssh from the HPC system to other machines (for some reason I still don't quite understand).

This allowed me to get at least https access:

ssh user@someOutsideServerWithInternetAccess -D 2022 -N &
export ALL_PROXY=socks5h://localhost:2022

Of course, this only works after doing a ssh-copy-id from the HPC system to someOutsideServerWithInternetAccess.