Controlling a remote node with SSH Tunneling
To control a concat
mcnode running on a remote machine, you can configure
automatically create a secure “tunnel” to the remote machine using SSH. This document assumes that
mcclient installed. If not, see the install instructions.
All you need is a configuration file to let
mcclient know how to reach your node and log in. If
you used Mediachain Deploy to create your server, the credentials file that you
downloaded at the end of the Deploy process can be used directly to set up the tunnel.
Let’s say you’ve saved the credentials file for a node with the IP address
~/mediachain/mediachain_node_220.127.116.11.json. Just pass in that path with the
flag when you run
$ mcclient --sshConfig ~/mediachain/mediachain_node_18.104.22.168.json id Peer ID: QmQD6ZkWFQWsAt3hA71V9zjCyphQ7q62sWAYwPrUMXTnaN Publisher ID: 4XTTMBoNJsmDEhKYRypFbcUwxvny5w57syL6KDbhUFX7yCnjp Info:
Creating an SSH configuration file manually
To tunnel to a server that you’ve set up yourself without Mediachain Deploy, you can create a simple JSON file containing an object with these fields:
host: the IP address or hostname of the remote server
username: the username of the user running the
privateKeyis given, it should be the full contents of your SSH private key file as a JSON string, not a file path. Be careful about newlines, which need to be encoded as
\nin the JSON string. If you have the excellent jq installed, you can use this one-liner to get the correct formatting:
cat ~/.ssh/id_rsa | jq -Rs .
If your remote
mcnode has its API server bound to a non-standard port, you can use the
dstPort field, e.g.
dstPort: 6789. If you do use a non-standard
dstPort, it’s a good
idea to also set
localPort: 9002, which will bind the tunnel to the default local port of 9002,
mcclient can find the tunnel at the default location.
Manually creating a tunnel with SSH
It’s also possible to use the
ssh tool to create the tunnel, instead of letting
it for you. To do so, open a new terminal and enter this command, replacing
<username> with the
remote username and
<ip-or-hostname> with the address of your remote server:
ssh -nNT -L 9002:localhost:9002 <username>@<ip-or-hostname>
After successfully logging in, there won’t be any output; that’s normal! Just open a new terminal
mcclient as if
mcnode were running on your local machine.