Using the IDLab Bastion Proxy

General instructions

The IDLab Bastion Proxy is an SSH Server which is configured to only allow usage as a proxy via SSH tunnels.

The proxy can be reached on bastion.ilabt.imec.be with the following credentials:

  • Username: your imec Testbed Portal name, prefixed with fff. If your username is myusername, then the username on the IDLab Bastion Proxy is fffmyusername.
  • Private key: your “login certificate” - which you also use to authenticate against the GPULab CLI - contains an SSH Private Key. It is not possible to authenticate to the IDLab Bastion Proxy with a password.

Example usage on Linux

  • Run ssh -i my_login_cert.pem -D 8888 -N fffmyusername@bastion.ilabt.imec.be

    -D 8888 will create a SOCKS proxy on port 8888 of your machine

    -N instructs SSH to not create a remote shell, and thus to only use the SSH connection for the tunnel

  • In your browser, go to the network settings, and configure them to use the “SOCKS proxy” to be localhost:8888.

  • All internet traffic from your browser will now go through the IDLab Bastion Proxy. If your job’s portmapping info tells you: Port 8888 -> slave6a.wall2.ilabt.iminds.be:37072, then you’ll now be able to browse to http://slave6a.wall2.ilabt.iminds.be:37072 to reach port 8888 of your job.

Example usage on Windows

  • Convert your “login certificate” to a “PuTTY Private Key (.ppk-file)” with PuTTYgen

  • Double-click on your PuTTY private key to load it into Pageant: the PuTTY SSH Agent.

  • Configure your PuTTY SSH session as follows:

    • Session -> Host name is bastion.ilabt.imec.be
    • Session -> Data: set your fffmyusername as “Auto-login username”
    • Connection -> SSH: check Don’t start a shell or command at all
    • Connection -> SSH -> Tunnels: add a Dynamic tunnel with Source port 8888. Don’t forget to press the Add button!

  • In your browser, go to the network settings, and configure them to use the “SOCKS proxy” to be “localhost:8888”.

    Firefox:

    OS-wide/Chromium-based browsers:

  • All internet traffic from your browser will now go through the IDLab Bastion Proxy. If your job’s portmapping info tells you: Port 8888 -> slave6a.wall2.ilabt.iminds.be:37072, then you’ll now be able to browse to http://slave6a.wall2.ilabt.iminds.be:37072 to reach port 8888 of your job.

Logical CPU’s and Hyperthreading
Scheduling and job duration
Ghent University imec
© Copyright imec and Ghent University