Hi Reuti, Thank you kindly for your response. I have provided comments below.
> -----Original Message----- > Hi, > > Am 12.05.2020 um 23:27 schrieb Mun Johl: > > > Hi, > > > > Just some additional testing results ... > > > > Our IT guy turned off the firewall on a Submit Host and Execution Host for > > experimental purposes. That got me further but not all > the way. Here is the verbose log from qrsh: > > > > waiting for interactive job to be scheduled ... > > Your interactive job 460937 has been successfully scheduled. > > Establishing /usr/bin/ssh -X session to host sim.domain.com ... > > ssh_exchange_identification: Connection closed by remote host > > /usr/bin/ssh -X exited with exit code 255 > > reading exit code from shepherd ... 129 > > > > We aren't yet able to get around the ssh -X error. Any ideas? > > But a plain `ssh`to the nodes work? [Mun] Yes, I can ssh into the nodes. I can also 'ssh -X' into the nodes from a terminal and open X11 apps. > In case a different hostname must be used, there is an option > "HostbasedUsesNameFromPacketOnly" in "sshd_config". [Mun] I don't _think_ that is/should be required. > > But even if we could, we still need to figure out which ports of the > > firewall need to be opened up. Every time we ran an experiment, > the port number that was used for SSH was different. I hope we don't have to > open up too big a range of ports. > > Unfortunately the port is randomly chosen with any new connection. [Mun] Yes, unfortunate; I thought I read that somewhere. > But wouldn't it be possible to adjust the firewall to allow all ports only > when connecting from the nodes in the cluster (are the nodes > in a VLAN behind a head node or all submit machines and nodes also connected > to the Internet?) [Mun] The nodes are on their own subnet, so what you suggest might be possible. I'll check with our IT guy about that since I'm not very well versed with firewall configuration. > Also in SSH itself it is possible with the "match" option in "sshd_config" to > allow only certain users from certain nodes. [Mun] Good to know; thank you. > Nevertheless: maybe adding "-v" to the `ssh` command will output additional > info, also the messages of `sshd` might be in some log > file. [Mun] We had tried that but unfortunately it was not much help to me. In case it is useful to anyone on this reflector, here is the log: waiting for interactive job to be scheduled ... Your interactive job 460968 has been successfully scheduled. Establishing /usr/bin/ssh -X -vv session to host sim.domain.com ... OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug2: ssh_connect: needpriv 0 debug1: Connecting to sim.domain.com [10.203.224.81] port 43929. debug1: Connection established. debug1: identity file /home/mun/.ssh/identity type -1 debug1: identity file /home/mun/.ssh/identity-cert type -1 debug2: key_type_from_name: unknown key type '-----BEGIN' debug2: key_type_from_name: unknown key type '-----END' debug1: identity file /home/mun/.ssh/id_rsa type 1 debug1: identity file /home/mun/.ssh/id_rsa-cert type -1 debug1: identity file /home/mun/.ssh/id_dsa type -1 debug1: identity file /home/mun/.ssh/id_dsa-cert type -1 debug1: identity file /home/mun/.ssh/id_ecdsa type -1 debug1: identity file /home/mun/.ssh/id_ecdsa-cert type -1 ssh_exchange_identification: Connection closed by remote host /usr/bin/ssh -X -vv -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no exited with exit code 255 reading exit code from shepherd ... 129 Best regards, -- Mun _______________________________________________ users mailing list users@gridengine.org https://gridengine.org/mailman/listinfo/users
