Open SSH session to container (for customer)

SONM customer may get access to container on supplier's PC with SSH, even if both supplier and customer are behind NAT.

To make this possible, you should:

  • edit SONM Node config;
  • set your RSA public key in task definition before running your task.
  • KYC3 (IDENTIFIED) to run custom tasks and/or get SSH access to container.

SONM Node settings

SONM Node should run with your user privileges (ssh-agent shoulld have access to your RSA key). The easiest way to do this is to run SONM Node in your user session.

  1. Stop SONM Node system service:

sudo service sonm-node stop

  1. Copy SONM Node config to your home folder:

cp /etc/sonm/node-default.yaml ~/node.yaml

  1. Edit node.yaml (nano ~/node.yaml).

Add this section:

  # Endpoint where the local SSH server will be exposed.
  endpoint: localhost:2222
  # NAT punching settings.
  npp: *npp

You may see config file example at our GitHub: node.yaml

  1. Run SONM Node with your user privileges:

sonmnode --config=$HOME/node.yaml

  1. You may check if everything is OK with this command (in new terminal session):

sonmcli token balance

If you getting error Node termination: failed to open ssh agent socket: dial unix: missing address, activate ssh-agent with: ssh-add $HOME/.ssh/id_rsa && eval $(ssh-agent -s)

Task settings

Add your SSH key fingerprint to task.yaml (to 'container' section) before starting task. This way:

  # Image name to start on worker.
  # Required.
  # Public SSH key providing which opens a capability to login into the
  # container using SSH.
  # Optional.
  ssh_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDE8axoFpym0R6A6BdgnpKhHB//h0iCiNUuFqwk0jSONvvLseoVpVE5l45tehlxSbaJrTQkgNoGGpEljJXxLQFkyQMZMga+x8uzCxrG39DkPz6sCjefix3x23IlPsU6/LDs/9g6XTLHLhTnmbU4F8qZ7cxa1ikB0IQ+tifUrhvrmXW2QICA0VmUu1Skhxf0BBKPdM0ksFkRaKGa0PmZHlS6h/8MLwI7NLWC/vp+yj7LAbNcOfaDTJGoDUIPHmGyOEA8fTqTrgZqFtLUT2jgYyDH0lL5H4z1Nd5Zy5Ste0pcqXUoomo2fxD4Utz64wtDCYOueTUMeIVmDS441s5dGTQ9"

You may see task.yaml example at our GitHub: task.yaml

Open SSH session to container with running task

ssh <DealID>.<TaskID>@localhost -p 2222


ssh [email protected] -p 2222

Port for SSH connection should be the same as in ~/node.yaml.