I use a tiny executable called SocketRelay for the same purpose. We borrowed it from VisIt. On Mar 20, 2015 5:42 PM, "Burlen Loring" <[email protected]> wrote:
> there are 2 places I used netcat. > > 1) ssh policy on login node only allows us to connect to ssh tunnels from > localhost. using ncat there fools ssh into thinking we are connecting on > localhost. I think it's dumb that we have to do this, but our sys admins > refuse to make the change. The ssh option is called GatewayPorts. > > 2) there is a different network protocol used on the compute nodes of our > cray, the mom node understands that protocol and acts like a bridge to the > login node. we create the tunnel from mom to login with netcat. > > there are other ways to forward the connections beside netcat, but it's > easy to build, install, and use, and it's fast. > > On 03/20/2015 02:26 PM, Vanmoer, Mark W wrote: > > Hi Burlen, > > > > Are you using ncat to setup those connections because of a policy (like no > outside network connections allowed) or for a technical reason? > > > > Mark > > *From:* Burlen Loring [mailto:[email protected] > <[email protected]>] > *Sent:* Thursday, March 19, 2015 4:48 PM > *To:* Vanmoer, Mark W; David E DeMarle > *Cc:* [email protected] > *Subject:* Re: [Paraview] server configuration with two factor > authentication? > > > > Hi Mark, > > Yes to both. The way this could work on a simple cluster is: from the > user's system which is assumed to be remote, the pvsc creates an ssh tunnel > inside the xterm and calls the launch script on the compute system login > node. the launch script submits the batch job. pvserver, when run in the > batch script, connects back to the ssh tunnel on the login node. "client > host" is the login node host name. "server port" is specified by the user > in the pvsc. > > There's a slight complication with some Cray systems that means we need to > involve a special node called the "mom" node in the tunnel. > > This will be clear if you see a complete example, for instance the > following 3 scripts are used with NERSC's Cray Edison: pvsc > <https://github.com/burlen/pvserver-configs/blob/master/pvsc/edison-unix.pvsc>, > launch script > <https://github.com/burlen/pvserver-configs/blob/master/servers/edison/4.3.1/start_pvserver.sh>, > batch script > <https://github.com/burlen/pvserver-configs/blob/master/servers/edison/4.3.1/start_pvserver.qsub> > . > > Burlen > > On 03/19/2015 02:24 PM, Vanmoer, Mark W wrote: > > This great, thanks for sharing, guys. Using xterm would have never > occurred to me. > > > > Are you setting the pvserver –client-host somehow? My old pvsc from Forge > sent over the client’s hostname to the script. I tried that on Blue Waters > and it works, but do I not need to actually do that? Also, are either of > you setting –server-port in the launch script? > > > > > > *From:* David E DeMarle [mailto:[email protected] > <[email protected]>] > *Sent:* Thursday, March 19, 2015 1:28 PM > *To:* Burlen Loring > *Cc:* Vanmoer, Mark W; [email protected] > *Subject:* Re: [Paraview] server configuration with two factor > authentication? > > > > I liked this bit too as the windows version 'xterm -e ssh &'. > > <Command exec="cmd.exe" delay="10"> > <Arguments> > <Argument value="/C"/> > <Argument value="start"/> > <Argument value="cmd.exe"/> > <Argument value="/C"/> > <Argument value="$SSH_EXEquot;/> > > Since windows isn't my first language, that took more hunting than I'ld > like to admit. :) > > > David E DeMarle > Kitware, Inc. > R&D Engineer > 21 Corporate Drive > Clifton Park, NY 12065-8662 > Phone: 518-881-4909 > > > > On Thu, Mar 19, 2015 at 2:18 PM, Burlen Loring <[email protected]> > wrote: > > ""C:\Program Files (x86)\PuTTY\plink.exe"" > > > > so that's the secret to paths with spaces! nice, thanks for sharing that! > > On 03/19/2015 09:22 AM, David E DeMarle wrote: > > Howdy Mark, > > > > Adding to what Burlen said. > > > > You can grab pvsc examples for ORNL, ANL and NERSC via > > paraview->File->Connect… Fetch servers. > > //File->Conenct…FetchServers->Edit Sources replace with pvsc > http://www.paraview.org/files/pvscWindows Kitware Inc. on windows. > > Mac requires XQuartz, windows requires putty. > > > > Let me know when you get it working, with your permission I'ld love to add > NCSA (and everywhere else) there so that users get it by default. > > > > > > > David E DeMarle > Kitware, Inc. > R&D Engineer > 21 Corporate Drive > Clifton Park, NY 12065-8662 > Phone: 518-881-4909 > > > > On Thu, Mar 19, 2015 at 11:56 AM, Burlen Loring <[email protected]> > wrote: > > Hi Mark, > > This works without anything special if you launch in an xterm. We did this > at NICS which requires both ssh authentication and rsa secure id token. > Here is an example > <https://github.com/burlen/pvserver-configs/blob/master/pvsc/edison-unix.pvsc> > > Burlen > > > > On 03/19/2015 06:50 AM, Vanmoer, Mark W wrote: > > Hi, is there a way to set up the server XML so that it works with two > factor authentication, as in a token generator? This is for the Blue Waters > machine at NCSA. What I mean is, something like how VisIt acts, which when > doing the connection will prompt for the password and token. > > > > In the past, on machines without two factor auth, I’ve used > > > > > http://www.paraview.org/Wiki/ParaView:Server_Configuration#Case_Eleven:_Launch_pvserver_on_a_cluster_using_PBS_-_use_reverse_connection_to_client > > > > but that requires having ssh keys set up. > > > > Thanks, > > Mark > > > > _______________________________________________ > > Powered by www.kitware.com > > > > Visit other Kitware open-source projects at > http://www.kitware.com/opensource/opensource.html > > > > Please keep messages on-topic and check the ParaView Wiki at: > http://paraview.org/Wiki/ParaView > > > > Search the list archives at: http://markmail.org/search/?q=ParaView > > > > Follow this link to subscribe/unsubscribe: > > http://public.kitware.com/mailman/listinfo/paraview > > > > > _______________________________________________ > Powered by www.kitware.com > > Visit other Kitware open-source projects at > http://www.kitware.com/opensource/opensource.html > > Please keep messages on-topic and check the ParaView Wiki at: > http://paraview.org/Wiki/ParaView > > Search the list archives at: http://markmail.org/search/?q=ParaView > > Follow this link to subscribe/unsubscribe: > http://public.kitware.com/mailman/listinfo/paraview > > > > > > > > > > >
_______________________________________________ Powered by www.kitware.com Visit other Kitware open-source projects at http://www.kitware.com/opensource/opensource.html Please keep messages on-topic and check the ParaView Wiki at: http://paraview.org/Wiki/ParaView Search the list archives at: http://markmail.org/search/?q=ParaView Follow this link to subscribe/unsubscribe: http://public.kitware.com/mailman/listinfo/paraview
