Hi, Am 26.10.2017 um 23:31 schrieb Christopher Heiny:
> Hi folks, > > We're using OGS 2011.11p1. qrsh has been configured to use ssh for > connections. This worked fine when we were running with no firewall, > but the InfoSec team recently specified that all unused ports must be > firewalled (actually, a rather sensible thing to do). This depends on the cluster setup. The headnode which is connected to the outside world needs a firewall on this interface for sure. But inside the cluster, either in this interface of the headnode or the nodes themselves, there is usually no need for a firewall. MPI would have a similar problem (while there you can define a range of used ports for some implementations). Are you issuing `qrsh` on the headnode of the cluster? As a direct connection from the node to the machine where the command was issued is necessary, often it's not a local machine outside of the cluster. > Unfortunately, it looks like qrsh chooses the ssh port at random. Yes. -- Reuti > While InfoSec will allow a range of ports to be opened for qrsh, > opening 1024..65535 definitely won't fly. Is there a way to tell > GridEngine to use a certain range of ports for qrsh connections? I > suspect not, but perhaps I've missed something. > > Thanks, > Chris > _______________________________________________ > users mailing list > users@gridengine.org > https://gridengine.org/mailman/listinfo/users > _______________________________________________ users mailing list users@gridengine.org https://gridengine.org/mailman/listinfo/users