[gridengine users] Port range when using ssh for qrsh

Reuti reuti at staff.uni-marburg.de
Thu Oct 26 21:49:01 UTC 2017


Hi,

Am 26.10.2017 um 23:31 schrieb Christopher Heiny:

> Hi folks,
> 
> We're using OGS 2011.11p1.  qrsh has been configured to use ssh for
> connections.  This worked fine when we were running with no firewall,
> but the InfoSec team recently specified that all unused ports must be
> firewalled (actually, a rather sensible thing to do).

This depends on the cluster setup. The headnode which is connected to the outside world needs a firewall on this interface for sure. But inside the cluster, either in this interface of the headnode or the nodes themselves, there is usually no need for a firewall. MPI would have a similar problem (while there you can define a range of used ports for some implementations).

Are you issuing `qrsh` on the headnode of the cluster? As a direct connection from the node to the machine where the command was issued is necessary, often it's not a local machine outside of the cluster.


> Unfortunately, it looks like qrsh chooses the ssh port at random.

Yes.

-- Reuti


>  While InfoSec will allow a range of ports to be opened for qrsh,
> opening 1024..65535 definitely won't fly.  Is there a way to tell
> GridEngine to use a certain range of ports for qrsh connections?  I
> suspect not, but perhaps I've missed something.
> 
> 					Thanks,
> 						Chris
> _______________________________________________
> users mailing list
> users at gridengine.org
> https://gridengine.org/mailman/listinfo/users
> 





More information about the users mailing list