To enable the feature a firewall change may also be required. Traffic from the machine that runs @arvados-controller@ to the compute nodes in the port range above 1024 must be allowed.
-After changing the configuration, @arvados-controller@ must be restarted for the change to take effect. When enabling, the change will only affect containers started from that point on. When disabling, access is removed immediately for any running containers, as well as any containers started subsequently.
+After changing the configuration, @arvados-controller@ must be restarted for the change to take effect. When enabling, shell access will be enabled for any running containers. When disabling, access is removed immediately for any running containers, as well as any containers started subsequently. Restarting @arvados-controller@ will kill any active connections.
Usage instructions for this feature are available in the "User guide":{{site.baseurl}}/user/debugging/container-shell-access.html.
h2(#syntax). Syntax
-The @arvados-client shell@ tool has a number of command line arguments:
+The @arvados-client shell@ tool has the following syntax:
<notextile>
<pre><code>~$ <span class="userinput">arvados-client shell -h</span>
</code></pre>
</notextile>
+The @arvados-client shell@ command calls the ssh binary on your system to make the connection. Everything after _[username@]container-uuid_ is passed through to your OpenSSH client. This means many other SSH features can be used, e.g. -g, -f -N, -n, ...
+
h2(#Examples). Examples
Connect to a running container, using the container request UUID:
And then, connecting to port 8888 locally:
<notextile>
-<pre><code>~$ <span class="userinput">nc localhost 8888</span>
-hello
+<pre><code>~$ <span class="userinput">echo hello | nc localhost 8888</span>
</code></pre>
</notextile>