there are 2 places I used netcat.
1) ssh policy on login node only allows us to connect to ssh tunnels
from localhost. using ncat there fools ssh into thinking we are
connecting on localhost. I think it's dumb that we have to do this, but
our sys admins refuse to make the change. The ssh option is called
GatewayPorts.
2) there is a different network protocol used on the compute nodes of
our cray, the mom node understands that protocol and acts like a bridge
to the login node. we create the tunnel from mom to login with netcat.
there are other ways to forward the connections beside netcat, but it's
easy to build, install, and use, and it's fast.
On 03/20/2015 02:26 PM, Vanmoer, Mark W wrote:
Hi Burlen,
Are you using ncat to setup those connections because of a policy
(like no outside network connections allowed) or for a technical reason?
Mark
*From:*Burlen Loring [mailto:[email protected]]
*Sent:* Thursday, March 19, 2015 4:48 PM
*To:* Vanmoer, Mark W; David E DeMarle
*Cc:* [email protected]
*Subject:* Re: [Paraview] server configuration with two factor
authentication?
Hi Mark,
Yes to both. The way this could work on a simple cluster is: from the
user's system which is assumed to be remote, the pvsc creates an ssh
tunnel inside the xterm and calls the launch script on the compute
system login node. the launch script submits the batch job. pvserver,
when run in the batch script, connects back to the ssh tunnel on the
login node. "client host" is the login node host name. "server port"
is specified by the user in the pvsc.
There's a slight complication with some Cray systems that means we
need to involve a special node called the "mom" node in the tunnel.
This will be clear if you see a complete example, for instance the
following 3 scripts are used with NERSC's Cray Edison:pvsc
<https://github.com/burlen/pvserver-configs/blob/master/pvsc/edison-unix.pvsc>,
launch script
<https://github.com/burlen/pvserver-configs/blob/master/servers/edison/4.3.1/start_pvserver.sh>,
batch script
<https://github.com/burlen/pvserver-configs/blob/master/servers/edison/4.3.1/start_pvserver.qsub>.
Burlen
On 03/19/2015 02:24 PM, Vanmoer, Mark W wrote:
This great, thanks for sharing, guys. Using xterm would have never
occurred to me.
Are you setting the pvserver –client-host somehow? My old pvsc
from Forge sent over the client’s hostname to the script. I tried
that on Blue Waters and it works, but do I not need to actually do
that? Also, are either of you setting –server-port in the launch
script?
*From:*David E DeMarle [mailto:[email protected]]
*Sent:* Thursday, March 19, 2015 1:28 PM
*To:* Burlen Loring
*Cc:* Vanmoer, Mark W; [email protected]
<mailto:[email protected]>
*Subject:* Re: [Paraview] server configuration with two factor
authentication?
I liked this bit too as the windows version 'xterm -e ssh &'.
<Command exec="cmd.exe" delay="10">
<Arguments>
<Argument value="/C"/>
<Argument value="start"/>
<Argument value="cmd.exe"/>
<Argument value="/C"/>
<Argument value="$SSH_EXEquot;/>
Since windows isn't my first language, that took more hunting than
I'ld like to admit. :)
David E DeMarle
Kitware, Inc.
R&D Engineer
21 Corporate Drive
Clifton Park, NY 12065-8662
Phone: 518-881-4909
On Thu, Mar 19, 2015 at 2:18 PM, Burlen Loring
<[email protected] <mailto:[email protected]>> wrote:
""C:\Program Files (x86)\PuTTY\plink.exe""
so that's the secret to paths with spaces! nice, thanks for sharing
that!
On 03/19/2015 09:22 AM, David E DeMarle wrote:
Howdy Mark,
Adding to what Burlen said.
You can grab pvsc examples for ORNL, ANL and NERSC via
paraview->File->Connect… Fetch servers.
//File->Conenct…FetchServers->Edit Sources replace with
pvsc http://www.paraview.org/files/pvscWindows Kitware
Inc. on windows.
Mac requires XQuartz, windows requires putty.
Let me know when you get it working, with your permission
I'ld love to add NCSA (and everywhere else) there so that
users get it by default.
David E DeMarle
Kitware, Inc.
R&D Engineer
21 Corporate Drive
Clifton Park, NY 12065-8662
Phone: 518-881-4909 <tel:518-881-4909>
On Thu, Mar 19, 2015 at 11:56 AM, Burlen Loring
<[email protected] <mailto:[email protected]>>
wrote:
Hi Mark,
This works without anything special if you launch in
an xterm. We did this at NICS which requires both ssh
authentication and rsa secure id token. Here is an
example
<https://github.com/burlen/pvserver-configs/blob/master/pvsc/edison-unix.pvsc>
Burlen
On 03/19/2015 06:50 AM, Vanmoer, Mark W wrote:
Hi, is there a way to set up the server XML so
that it works with two factor authentication, as
in a token generator? This is for the Blue Waters
machine at NCSA. What I mean is, something like
how VisIt acts, which when doing the connection
will prompt for the password and token.
In the past, on machines without two factor auth,
I’ve used
http://www.paraview.org/Wiki/ParaView:Server_Configuration#Case_Eleven:_Launch_pvserver_on_a_cluster_using_PBS_-_use_reverse_connection_to_client
but that requires having ssh keys set up.
Thanks,
Mark
_______________________________________________
Powered bywww.kitware.com <http://www.kitware.com>
Visit other Kitware open-source projects
athttp://www.kitware.com/opensource/opensource.html
Please keep messages on-topic and check the ParaView Wiki
at:http://paraview.org/Wiki/ParaView
Search the list archives
at:http://markmail.org/search/?q=ParaView
Follow this link to subscribe/unsubscribe:
http://public.kitware.com/mailman/listinfo/paraview
_______________________________________________
Powered by www.kitware.com <http://www.kitware.com>
Visit other Kitware open-source projects at
http://www.kitware.com/opensource/opensource.html
Please keep messages on-topic and check the ParaView
Wiki at: http://paraview.org/Wiki/ParaView
<http://paraview.org/Wiki/ParaView>
Search the list archives at:
http://markmail.org/search/?q=ParaView
Follow this link to subscribe/unsubscribe:
http://public.kitware.com/mailman/listinfo/paraview
_______________________________________________
Powered by www.kitware.com
Visit other Kitware open-source projects at
http://www.kitware.com/opensource/opensource.html
Please keep messages on-topic and check the ParaView Wiki at:
http://paraview.org/Wiki/ParaView
Search the list archives at: http://markmail.org/search/?q=ParaView
Follow this link to subscribe/unsubscribe:
http://public.kitware.com/mailman/listinfo/paraview
