Run sshd under jupyter
Project description
jupyter-sshd
Run sshd under Jupyter.
Primarily for use with remote JupyterHubs, so users can access them via ssh. Enables everything
one would normally do with ssh - copy files, run interactive commands, use the proprietary
VSCode Remote Development functionality, etc!
Usage
For this document, we will assume you are running inside a containerized JupyterHub enviornment
(such as kubernetes or docker). jupyter-sshd itself does not require containerizatio - this is
simply to make instructions easier.
Server pre-requisities
The following packages must be present in the container environment:
- openssh. You can install this from
conda-forgeor fromaptas you desire. jupyter-sshditself must be pre-installed in the container - you can not dynamically install it with!pipafter you start the container.
Client pre-requisites
websocat must be installed on the client machine.
brew install websocat works on Mac OS, and pre-built binaries are available
for all other operating systems.
Create a JupyterHub Token
We will need to create a JupyterHub token for authentication.
-
Go to the JupyterHub control panel. You can access it via
File -> Hub control panelin JupyterLab, or directly going tohttps://<your-hub-url>/hub/home. -
In the top bar, select Token.
-
Create a new Token, and keep it safe. Treat this like you would treat a password to your JupyterHub instance! It is recommended you set an expiry date for this.
Start your server
jupyter-sshd only works after you start your JupyterHub server. So, start your server!
Setup your ~/.ssh/config
We will set up our ssh config file to tell ssh how to connect to our JupyterHub. Add
an entry that looks like this to the end of your ~/.ssh/config file (create it if it
does not exist).
Host <YOUR-JUPYTERHUB-DOMAIN>
ProxyCommand=websocat --binary -H='Authorization: token <YOUR-JUPYTERHUB-TOKEN>' asyncstdio: wss://%h/user/<YOUR-JUPYTERHUB-USERNAME>/sshd/
replace:
<YOUR-JUPYTERHUB-DOMAIN>with your hub domain (for example,hub.openveda.cloud)<YOUR-JUPYTERHUB-TOKEN>with the token you generated earlier<YOUR-JUPYTERHUB-USERNAME>with your jupyterhub username
Here's an example:
Host hub.openveda.cloud
ProxyCommand=websocat --binary -H='Authorization: token a56ff59c93f64fb587f46b06af9422ee' asyncstdio: wss://%h/user/yuvipanda/sshd/
We're almost there!
Setup ssh keys on your JupyterHub
There are still two levels of authentication - your JupyterHub token, as well as some ssh keys. You need to put some ssh public keys
in ~/.ssh/authorized_keys after you start your JupyterHub server, and have the private keys available in your ssh client machine.
The simplest way to do this is to rely on your GitHub public keys!
-
After you start your JupyterHub server, open a terminal in JupyterLab
-
Run the following commands:
mkdir -p ~/.ssh curl -L https://github.com/<YOUR-GITHUB-USERNAME>.keys > ~/.ssh/authorized_keys chmod 0600 ~/.ssh/authorized_keys
replacing
<YOUR-GITHUB-USERNAME>with your github username.
With that, we are ready to go!
ssh into your JupyterHub!
After all this is setup, you're now able to ssh in! Try:
ssh <YOUR-JUPYTERHUB-DOMAIN>
and it should just work! You can also use this with the proprietary Visual Studio code Remote SSH feature,
use sftp to copy files over (although it will be slow), create tunnels, etc!
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for jupyter_sshd_proxy-0.1.0-py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | e660f4ce3d6a1b00d2d56a9d3298fe2b31c9461e76cce592739e0b0f7cd82961 |
|
| MD5 | 77bb95d75e7d48f8dbf7a0ed4e0668a2 |
|
| BLAKE2b-256 | 280332a1336b7c1e1cc0895e2d058253deedfa3e4bffbf1f81a8ab674cd4e5ba |
