ipython icon indicating copy to clipboard operation
ipython copied to clipboard
verified publisher icon ipython

Tunneling to remote kernel on a server with two-factor authentication

Open suyashbire1 opened this issue 8 years ago • 10 comments

I'm following the guide in https://github.com/ipython/ipython/wiki/Cookbook:-Connecting-to-a-remote-kernel-via-ssh to connect to a remote jupyter kernel.

However, my server has two-factor authentication. So I get stuck at the step: jupyter console --existing ./kernel-1234.json --ssh server. I can set up the tunnels manually and proceed from there without the --ssh server flag.

So, I was wondering if it would be possible to make provisions for two-factor authentication while tunneling with the --ssh flag? It would involve prompting users for tokens when ssh connections are made.

suyashbire1 avatar Dec 01 '17 10:12 suyashbire1

Thanks for question,

this part of the codebase is not used a lot, so we would need to dig-in to figure out where to add such mechanism. It's probably no easy to find, and we'll likely need someone do volonteer some time.

We'll try to give some hints on where to look .

Carreau avatar Dec 10 '17 19:12 Carreau

I would like to try to do this. Any hints where to look in the first place?

dmanikowski-reef avatar Jan 05 '18 13:01 dmanikowski-reef

The code to set up the ssh connection is in the package jupyter_client - see here:

https://github.com/jupyter/jupyter_client/blob/78951c37b7b7f99069cab1a7350ad341d9869a98/jupyter_client/consoleapp.py#L198

takluyver avatar Jan 08 '18 11:01 takluyver

Thanks for the tip! As I am looking into the code... Shouldn't this change be implemented in pyzmq codebase? I mean like here - https://github.com/zeromq/pyzmq/blob/master/zmq/ssh/tunnel.py?

dmanikowski-reef avatar Jan 08 '18 12:01 dmanikowski-reef

Quite possibly. I haven't looked at the code in enough detail to know where the 2FA code belongs. @minrk can advise on what's in scope for pyzmq.

takluyver avatar Jan 08 '18 12:01 takluyver

@minrk suggests that the tunneling should be moved to jupyter_client as this feature is mostly used in IPython: https://github.com/zeromq/pyzmq/issues/1127#issuecomment-356014678

I am willing to do it. Any objections? Any advices?

dmanikowski-reef avatar Jan 08 '18 18:01 dmanikowski-reef

No objections from me. Min's a maintainer on both projects, so I trust his judgement about where the code belongs.

Maybe make one PR copying the existing tunnelling functionality into j_c, and then a separate PR with the changes, so it's easy to see what you're changing.

takluyver avatar Jan 08 '18 18:01 takluyver

It was made largely for use here, so this is probably the most logical place for it, to me. pyzmq's a pretty slow-moving project, so it will probably be easier to get the update to folks here.

minrk avatar Jan 08 '18 20:01 minrk

Hi all,

Many years later... better later than never? 😂

For anyone that might be interested, I built a python package that integrates with Jupyter (via a custom Kernel Provisioner) for launching and connecting to Jupyter kernels on remote systems via SSH. Kernels can be spawn directly from the JupyterLab UI or from the command line. It allows for configurability including SSH host jumps.

Python package: https://pypi.org/project/sshpyk/ Docs and GitHub: https://github.com/casangi/sshpyk/ (I donated my work to Common Astronomy Software Applications)

Hope this can help someone, cheers

caenrigen avatar Oct 10 '25 17:10 caenrigen

Feel free to advertise it on discourse, zulip and to add the corresponsing Jupyter Trove classifiers https://pypi.org/classifiers/ and look for https://pypi.org/project/remote_ikernel/ users to convert them to your project.

Carreau avatar Oct 11 '25 06:10 Carreau