Page MenuHomePhabricator
Create Task
Maniphest T284028

Setup experimental ssh interface to PAWS
Closed, DeclinedPublic
Actions

Description

jupyterhub-ssh is an experimental project that provides traditional ssh access to servers running on a JupyterHub. Once setup, you can go to PAWS token page, generate a token, and login to PAWS with your SUL username. This will launch a Jupyter server for you via the JupyterHub API, and provide ssh access there. You can do things you can normally do via ssh - edit files, use the terminal, tmux / screen, etc. We will not enable SFTP though.

This requires a public floating IP with port 22 open, pointing to an unprivileged port on a small VM (eventually container?). No special permissions are needed on the JupyterHub side. This is really just a ssh <-> websocket proxy (I seem to be just writing proxies all my life), so should require minimal resources

Event Timeline

yuvipanda created this task.May 31 2021, 8:28 PM
yuvipanda updated the task description. (Show Details)May 31 2021, 8:33 PM
Chicocvenancio subscribed.May 31 2021, 8:53 PM
Bstorm subscribed.Jul 21 2021, 11:04 PM
Bstorm added a comment.Jul 21 2021, 11:13 PM

I have concerns about the exploitability of an experimental service in this space. I wonder if there is a way to test this (and attack it) a few ways without giving wide access to it initially. Like maybe firewall the VM to only allow connections from another project VM initially.

bd808 subscribed.Jul 21 2021, 11:57 PM

Isn't the use of ssh one of the inessential complexities that PAWS was meant to remove from Toolforge? What is the real benefit of being able to ssh into docker container for a PAWS user?

rook subscribed.Apr 14 2023, 3:13 PM

This feature would blur the line between Toolforge and PAWS, thus confusing when we should suggest that someone move from PAWS to Toolforge. Something that I am typically reticent to do. As mentioned by @bd808 a user who is seeking an ssh connection to do work is likely better suited by Toolforge, and is best assisted by being directed to Toolforge.

rook closed this task as Declined.Apr 14 2023, 3:13 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits