[gridengine users] Port range when using ssh for qrsh
reuti at staff.uni-marburg.de
Thu Oct 26 21:49:01 UTC 2017
Am 26.10.2017 um 23:31 schrieb Christopher Heiny:
> Hi folks,
> We're using OGS 2011.11p1. qrsh has been configured to use ssh for
> connections. This worked fine when we were running with no firewall,
> but the InfoSec team recently specified that all unused ports must be
> firewalled (actually, a rather sensible thing to do).
This depends on the cluster setup. The headnode which is connected to the outside world needs a firewall on this interface for sure. But inside the cluster, either in this interface of the headnode or the nodes themselves, there is usually no need for a firewall. MPI would have a similar problem (while there you can define a range of used ports for some implementations).
Are you issuing `qrsh` on the headnode of the cluster? As a direct connection from the node to the machine where the command was issued is necessary, often it's not a local machine outside of the cluster.
> Unfortunately, it looks like qrsh chooses the ssh port at random.
> While InfoSec will allow a range of ports to be opened for qrsh,
> opening 1024..65535 definitely won't fly. Is there a way to tell
> GridEngine to use a certain range of ports for qrsh connections? I
> suspect not, but perhaps I've missed something.
> users mailing list
> users at gridengine.org
More information about the users