[HTCondor-users] htcondor interactions with software firewalls

[Matthew T West <m.t.west@xxxxxxxxxxxx>]

Hi All,

Some more SysAdmin questions from me...

I'd like to forbid users from ssh'ing directly onto execution points whether with a password or ssh-key.

• Which port does ssh_to_job use to make a remote connection to the execution point where the job is running? Is it 9618 or the default ssh 22?
  
• Is there any extra configuration necessary to make sure ssh_to_job works beyond the default setup? Particularly if I limit traffic to just a few open ports.

In order for the various file transfer plugins to work, can I just have the relevant ports open on the access point or do I need to make sure the execution points also have firewalld rules configured for https, ftp, or what-have-you as well?

For an single htcondor pool, should one be able to directly ssh to the central manager or should it be only accessible through an AP?

I realize all of these questions have a *hint* of "it depends".

Cheers,
Matt

-- 
Matthew T. West
DevOps & HPC SysAdmin
University of Exeter, Research IT
www.exeter.ac.uk/research/researchcomputing/support/researchit
57 Laver Building, North Park Road, Exeter, EX4 4QE, United Kingdom