Hi, I just thought I'd report that I was finally able to get X11 forwarding to work. The final step was for us to disable SELinux. Once I did that (and turned off the firewall) X11 forwarding worked great. So now I'll work with IT for a workable solution that they are happy with.
Thank you very much for all the great advice and support! Best regards, -- Mun > Hi Reuti, > > Thank you kindly for your response. > I have provided comments below. > > > -----Original Message----- > > Hi, > > > > Am 12.05.2020 um 23:27 schrieb Mun Johl: > > > > > Hi, > > > > > > Just some additional testing results ... > > > > > > Our IT guy turned off the firewall on a Submit Host and Execution Host > > > for experimental purposes. That got me further but not all > > the way. Here is the verbose log from qrsh: > > > > > > waiting for interactive job to be scheduled ... > > > Your interactive job 460937 has been successfully scheduled. > > > Establishing /usr/bin/ssh -X session to host sim.domain.com ... > > > ssh_exchange_identification: Connection closed by remote host > > > /usr/bin/ssh -X exited with exit code 255 > > > reading exit code from shepherd ... 129 > > > > > > We aren't yet able to get around the ssh -X error. Any ideas? > > > > But a plain `ssh`to the nodes work? > > [Mun] Yes, I can ssh into the nodes. I can also 'ssh -X' into the nodes from > a terminal and open X11 apps. > > > In case a different hostname must be used, there is an option > > "HostbasedUsesNameFromPacketOnly" in "sshd_config". > > [Mun] I don't _think_ that is/should be required. > > > > But even if we could, we still need to figure out which ports of the > > > firewall need to be opened up. Every time we ran an > experiment, > > the port number that was used for SSH was different. I hope we don't have > > to open up too big a range of ports. > > > > Unfortunately the port is randomly chosen with any new connection. > > [Mun] Yes, unfortunate; I thought I read that somewhere. > > > But wouldn't it be possible to adjust the firewall to allow all ports only > > when connecting from the nodes in the cluster (are the > nodes > > in a VLAN behind a head node or all submit machines and nodes also > > connected to the Internet?) > > [Mun] The nodes are on their own subnet, so what you suggest might be > possible. I'll check with our IT guy about that since I'm not > very well versed with firewall configuration. > > > Also in SSH itself it is possible with the "match" option in "sshd_config" > > to allow only certain users from certain nodes. > > [Mun] Good to know; thank you. > > > Nevertheless: maybe adding "-v" to the `ssh` command will output additional > > info, also the messages of `sshd` might be in some log > > file. > > [Mun] We had tried that but unfortunately it was not much help to me. In > case it is useful to anyone on this reflector, here is the log: > > waiting for interactive job to be scheduled ... > Your interactive job 460968 has been successfully scheduled. > Establishing /usr/bin/ssh -X -vv session to host sim.domain.com ... > OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013 > debug1: Reading configuration data /etc/ssh/ssh_config > debug1: Applying options for * > debug2: ssh_connect: needpriv 0 > debug1: Connecting to sim.domain.com [10.203.224.81] port 43929. > debug1: Connection established. > debug1: identity file /home/mun/.ssh/identity type -1 > debug1: identity file /home/mun/.ssh/identity-cert type -1 > debug2: key_type_from_name: unknown key type '-----BEGIN' > debug2: key_type_from_name: unknown key type '-----END' > debug1: identity file /home/mun/.ssh/id_rsa type 1 > debug1: identity file /home/mun/.ssh/id_rsa-cert type -1 > debug1: identity file /home/mun/.ssh/id_dsa type -1 > debug1: identity file /home/mun/.ssh/id_dsa-cert type -1 > debug1: identity file /home/mun/.ssh/id_ecdsa type -1 > debug1: identity file /home/mun/.ssh/id_ecdsa-cert type -1 > ssh_exchange_identification: Connection closed by remote host > /usr/bin/ssh -X -vv -o UserKnownHostsFile=/dev/null -o > StrictHostKeyChecking=no exited with exit code 255 > reading exit code from shepherd ... 129 > > Best regards, > > -- > Mun _______________________________________________ users mailing list users@gridengine.org https://gridengine.org/mailman/listinfo/users