On Thu, Aug 25, 2016 at 09:15:26AM +0100, William Hay wrote:
> On Wed, Aug 24, 2016 at 09:07:44PM +0200, Alexander Hasselhuhn wrote:
> > Dear Reuti,
> >
> > thanks for the reply, indeed at the moment there is a login node, but we
> > have plans to remove it (by setting up a route through our gateway, which
> > makes some administrative tasks more smooth) and restricting access using
> > firewalls. I like your idea of restricting the address range instead of the
> > port range.
> >
> > Yours,
> > Alex
> >
> > On 08/24/2016 08:51 PM, Reuti wrote:
> > >Hi,
> > >
> > >Am 24.08.2016 um 19:33 schrieb Alexander Hasselhuhn:
> > >
> > >>does anyone know which ports I would have to insert into my firewall
> > >>config for qrsh to work? It seems qrsh opens a port on the submit host
> > >>and listens on it. The ports seem to change randomly for each execution
> > >>of qrsh.
> > >
> An alternative would be something like using a qrsh_command that invokes ssh
> -w to connect to the port in question.
>
> Something like:
> #!/bin/sh
> HOST=$3
> PORT=$2
> ssh -w ${HOST}:${PORT} ${HOST}
>
> Which would access the remote host via the regular sshd then connect to the
> destination host and port.
>
> You then need an rshd_command that upon receiving a connection executes the
> qrsh_starter:
> Something like:
> #!/bin/sh
> su "$(sed -n -e 's/^job_owner=//p' ${SGE_JOB_SPOOL_DIR}')" -c
> "${SGE_ROOT}/utilbin/${SGE_ARCH}/qrsh_starter ${SGE_JOB_SPOOL_DIR}" -
>
> The above is thoroughly untested and probably has syntax errors and security
> holes.
>
> Then all you need is some means of passwordless ssh authentication, a
> suitably nailed down sshd on the receiving host,
> port 22 open to the world and the dynamic port range accessible from the
> localhost.
>
> Williamooops, thought you were talking about the destination host for some reason. My trick won't work for the random port on the submit host. William
signature.asc
Description: Digital signature
_______________________________________________ users mailing list users@gridengine.org https://gridengine.org/mailman/listinfo/users
