[GE users] SSH Integrations -tight-ssh

rayson rayrayson at gmail.com
Tue Sep 22 20:22:52 BST 2009


On Tue, Sep 22, 2009 at 2:47 PM, mhanby <mhanby at uab.edu> wrote:
> The way I understand it, in order to get accurate accounting, we need to either compile -tight-ssh or use rsh for job control, and setting up tight integration PEs?

Yes and no. When people on this list say "rsh", we are referring to
SGE's tight remote shell, which does not require any rshd running as a
daemon. And in the latest version (SGE 6.2), there is also an updated
remote job execution mechanism, which has pty support.

What kind of features are you looking for in tight-ssh that is missing
in the vanilla SGE rsh??

Rayson



>
> Thanks for looking into this.
>
> Mike
>
> -----Original Message-----
> From: rayson [mailto:rayrayson at gmail.com]
> Sent: Tuesday, September 22, 2009 10:10 AM
> To: users at gridengine.sunsource.net
> Subject: Re: [GE users] SSH Integrations -tight-ssh
>
> Hmm, I have not built the SSH tight integration for a long time. I
> think I will try with the versions that you are using during the
> coming weekend.
>
> (BTW, I hope it is not urgent -- otherwise just let me know)
>
> Rayson
>
>
>
> On 9/22/09, mhanby <mhanby at uab.edu> wrote:
>> If I run the following without patching sshd.c, openssh will compile fine
>> ./aimk -no-dump -no-jni -no-java -tight-ssh
>>
>> If I compile with the patched sshd.c it fails with this error:
>>
>> gcc -o sshd sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o sshpty.o sshlogin.o servconf.o serverloop.o auth.o auth1.o auth2.o auth-options.o session.o auth-chall.o auth2-chall.o groupaccess.o auth-skey.o auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o auth2-none.o auth2-passwd.o auth2-pubkey.o monitor_mm.o monitor.o monitor_wrap.o kexdhs.o kexgexs.o auth-krb5.o auth2-gss.o gss-serv.o gss-serv-krb5.o loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o audit.o audit-bsm.o -L. -Lopenbsd-compat/ -L/home/mhanby/software/ge6.2u3-source/rocks5.2-BUILD/sge-V62u3/gridengine/source/usr/lib   -L/home/mhanby/software/ge6.2u3-source/rocks5.2-BUILD/sge-V62u3/gridengine/source/usr/lib/ -L. -rdynamic -Wl,-rpath,\$ORIGIN/../../lib/lx26-amd64 -lssh -lopenbsd-compat   -lcrypto -lutil -lz -lnsl  -L../../../LINUXAMD64_26 -L../../../3rdparty/remote/LINUXAMD64_26/ -lsgeremote -luti -lcommlists -llck -lrmon  -ljemalloc -lm -lpthread  -lcrypt -lresolv -lresolv
>> ../../../3rdparty/remote/LINUXAMD64_26//libsgeremote.a(err_trace.o): In function `shepherd_error':
>> err_trace.c:(.text+0x1050): undefined reference to `g_new_interactive_job_support'
>> collect2: ld returned 1 exit status
>> make: *** [sshd] Error 1
>> not done
>>
>> These are the full list of aimk commands that lead up to the building of -tight-ssh
>>
>> ./aimk -only-depend -no-dump
>> scripts/zerodepend
>> ./aimk -no-dump depend
>> ./aimk -no-dump -no-jni -no-java
>> ./aimk -no-dump -no-jni -no-java -tight-ssh
>>
>> And here's the patch file
>> --- sshd.c      2009-01-27 23:31:23.000000000 -0600
>> +++ sshd-sge.c  2009-09-21 11:19:50.000000000 -0500
>> @@ -695,7 +695,11 @@
>>        RAND_seed(rnd, sizeof(rnd));
>>
>>        /* Drop privileges */
>> +#ifdef SGESSH_INTEGRATION
>> +       sgessh_do_setusercontext(authctxt->pw);
>> +#else
>>        do_setusercontext(authctxt->pw);
>> +#endif
>>
>>  skip:
>>        /* It is safe now to apply the key state */
>> @@ -1257,6 +1261,9 @@
>>  #endif
>>        __progname = ssh_get_progname(av[0]);
>>        init_rng();
>> +#ifdef SGESSH_INTEGRATION
>> +       sgessh_readconfig();
>> +#endif
>>
>>        /* Save argv. Duplicate so setproctitle emulation doesn't clobber it */
>>        saved_argc = ac;
>>
>> I'm using the same version of openssh as exists on the system, OpenSSH_4.3p2, OpenSSL 0.9.8e
>>
>> thanks for any insight,
>>
>> Mike
>>
>> -----Original Message-----
>> From: rayson [mailto:rayrayson at gmail.com]
>> Sent: Monday, September 21, 2009 10:03 AM
>> To: users at gridengine.sunsource.net
>> Subject: Re: [GE users] SSH Integrations -tight-ssh
>>
>> On 9/21/09, mhanby <mhanby at uab.edu> wrote:
>> > I've been reading through the examples, instructions, etc... on the web regarding building tight integration with SSH.
>> >
>> > I see some old posts that reference patching sshd.c (and in some examples other openssh source files).
>> >
>> > Is this still necessary with 6.2u3? Or does -tight-ssh do the patching on the fly (or not need it)? If it is necessary to patch the source files for openssh, where do I obtain the diff files?
>>
>> There are 2 tight SGE-SSH integrations:
>>
>> "Secure SGE Using Kerberos5, SSH and Accessing AFS"
>>
>> and
>>
>> "SGE-openSSH Tight Integration"
>>
>> You can find the details of both at:
>>
>> http://gridengine.sunsource.net/workshop10-12.09.07/proceedings.html
>>
>> The 2nd one requires building with "-tight-ssh", and as of now you
>> still need to patch sshd.c in the OpenSSH source code.
>>
>> Rayson
>>
>>
>>
>>
>> >
>> > I'm building it as follows:
>> >
>> > 1. Extract openssh-5.2p1.tar.gz to 3rdparty and rename the directory to 3rdparty/openssh
>> > 2. Build Grid Engine:
>> > ./aimk -only-depend -no-dump
>> > scripts/zerodepend
>> > ./aimk -no-dump depend
>> > ./aimk -no-dump -no-jni -no-java
>> > ./aimk -no-dump -no-jni -no-java -tight-ssh
>> > ./aimk -no-dump -man
>> >
>> > Following the build, I see the ssh binaries have been built, so -tight-ssh is successful in that regard.
>> >
>> > Thanks, Mike
>> >
>> > ------------------------------------------------------
>> > http://gridengine.sunsource.net/ds/viewMessage.do?dsForumId=38&dsMessageId=218211
>> >
>> > To unsubscribe from this discussion, e-mail: [users-unsubscribe at gridengine.sunsource.net].
>> >
>>
>> ------------------------------------------------------
>> http://gridengine.sunsource.net/ds/viewMessage.do?dsForumId=38&dsMessageId=218215
>>
>> To unsubscribe from this discussion, e-mail: [users-unsubscribe at gridengine.sunsource.net].
>>
>> ------------------------------------------------------
>> http://gridengine.sunsource.net/ds/viewMessage.do?dsForumId=38&dsMessageId=218380
>>
>> To unsubscribe from this discussion, e-mail: [users-unsubscribe at gridengine.sunsource.net].
>>
>
> ------------------------------------------------------
> http://gridengine.sunsource.net/ds/viewMessage.do?dsForumId=38&dsMessageId=218397
>
> To unsubscribe from this discussion, e-mail: [users-unsubscribe at gridengine.sunsource.net].
>
> ------------------------------------------------------
> http://gridengine.sunsource.net/ds/viewMessage.do?dsForumId=38&dsMessageId=218447
>
> To unsubscribe from this discussion, e-mail: [users-unsubscribe at gridengine.sunsource.net].
>

------------------------------------------------------
http://gridengine.sunsource.net/ds/viewMessage.do?dsForumId=38&dsMessageId=218451

To unsubscribe from this discussion, e-mail: [users-unsubscribe at gridengine.sunsource.net].



More information about the gridengine-users mailing list