mdsplus icon indicating copy to clipboard operation
mdsplus copied to clipboard

Published 20 hours ago verified publisher icon MDSplus

mds.Connection issue on OSX Big Sur with Anaconda 3.7

Open nicolavianello opened this issue 3 years ago • 6 comments

MDSplus installed on OSX Big Sur (MDSplus 7-96-17 stable release Dec 15 2020) with python module installed via conda on Anaconda 3.7. Mdsplus tunnelling on remote server opened on local host (port 1600) via

ssh [email protected] -L 1600:mdsplus.server.remote:8000

iPython shell open and obtain following error

[1]: import MDSplus as mds
[2]: c=mds.Connection('localhost:1600')
~/anaconda3/lib/python3.7/site-packages/MDSplus/connection.py in __init__(self, hostspec)
    140       self.socket=_ConnectToMds(_ver.tobytes(hostspec))
    141       if self.socket == -1:
--> 142         raise MdsIpException("Error connecting to %s" % (hostspec,))
    143       self.hostspec=hostspec
    144       self.lock=_RLock()
   MdsIpException: %MDSPLUS-E-Unknown, Error connecting to localhost:1600

The port is open an reachable on local host

 nmap -p 1600 localhost        
 Starting Nmap 7.91 ( https://nmap.org ) at 2021-04-13 09:42 CEST 
 Nmap scan report for localhost (127.0.0.1)
 Host is up (0.00027s latency).
 Other addresses for localhost (not scanned): ::1
PORT     STATE SERVICE
1600/tcp open  issd
Nmap done: 1 IP address (1 host up) scanned in 0.07 seconds

Any clue?

nicolavianello avatar Apr 13 '21 08:04 nicolavianello

Hm, you connect through an ssh tunnel but using the default protocol (port 8000 on mdsplus.server.remote). This means that for authentication on mdsplus.server.remote by default it will use you current user name. i.e. the user name of that OSX. is it possible, that server blocks unknown users and you username of the OSX does not match you site user name. not sure if you can manipulate you username other than using the ssh protocol. "ssh://[email protected]". If you have ssh access to mdsplus.server.remote you could use ssh_config to setup server.remote as jumphost.

~/.ssh/config

Host server.remote
  User youhere
  HostName server.remote
 
Host mdsplus.server.jump
  User youthere
  HostName mdsplus.server.remote
  ProxyJump  server.remote

use 'ssh-copy-id' and 'ssh-agent add' to enable password less access.

zack-vii avatar Apr 13 '21 11:04 zack-vii

This syntax is known to work:

@.***" -Josh

On 4/13/21 7:52 AM, Timo Schroeder wrote:

Hm, you connect through an ssh tunnel but using the default protocol (port 8000 on mdsplus.server.remote). This means that for authentication on mdsplus.server.remote by default it will use you current user name. i.e. the user name of that OSX. is it possible, that server blocks unknown users and you username of the OSX does not match you site user name. not sure if you can manipulate you username other than using the ssh protocol. @.***". If you have ssh access to mdsplus.server.remote you could use ssh_config to setup server.remote as jumphost.

~/.ssh/config

|Host server.remote HostName server.remote Host mdsplus.server.jump HostName mdsplus.server.remote ProxyJump server.remote |

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/MDSplus/mdsplus/issues/2281#issuecomment-818674919, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABY5AZPQYYLLK5EYU22PIATTIQV6PANCNFSM4223RQGQ.

-- Joshua Stillerman Research Engineer MIT Plasma Science and Fusion Center 617.253.8176 @.*** @.***>

joshStillerman avatar Apr 13 '21 12:04 joshStillerman

Thanks for the answer just for my clarification are you suggesting to use the following syntax on the tunnelling command?

ssh [email protected] -L 1600:ssh://[email protected]:8000

Forgot to mention that server.remote is different from mdsplus.server.remote. Actually when I tried the command above I received the following message

channel_setup_fwd_listener_tcpip: cannot listen to port: 22
Could not request local forwarding.

I may be missing something for sure sorry for asking

nicolavianello avatar Apr 13 '21 12:04 nicolavianello

No. ssh [email protected] -L 1600:mdsplus.server.remote:8000 will forward the port 8000 of the mdsplus server named mdsplus.server.remote thru the jumpserver server.remote to the local port 1600. so doing a tdi:

MdsConnect("localhost:1600")

will simulate a

MdsConnect("mdsplus.server.remote:8000")

which would not be possible without the ssh tunnel as you dont seem to have direct access to mdsplus.server.remote.

However, this will use the local user name for authentication with the primitive /etc/mdsip.hosts mapping list located on the mdsplus.server.remote.

If you have access to mdsplus.server.remote you can edit you .ssh/config as mentioned earlier and connect with

MdsConnect("ssh://mdsplus.server.jump")

the different usernames are handled by the config file. and

ssh-copy-id server.remote
ssh-copy-id mdsplus.server.jump

will remove the requirement to type in the password during MdsConnect.

if you dont have a key yet use

ssh-keygen

If you are using a passphrase (recommended) you can cache you key using ssh-agent and ssh-add (google helps).

zack-vii avatar Apr 13 '21 17:04 zack-vii

If you dont have ssh access to mdsplus.server.remote (not even from server.remote) You need to change you user name or relay your connection with a protocol script in your PATH Check here: https://www.mdsplus.org/index.php/Documentation:TreeAccess#remote_access https://www.mdsplus.org/index.php/Documentation:Reference:MDSIP#custom_plugin

zack-vii avatar Apr 13 '21 17:04 zack-vii

I update the mdsplus.org docs so those links are easier to find https://www.mdsplus.org/index.php/Documentation:Tutorial:RemoteAccess

zack-vii avatar Apr 13 '21 17:04 zack-vii