[GE users] Using SGE with SSH on RHEL 5.5 - SElinux troubles

reuti reuti at staff.uni-marburg.de
Thu Nov 4 19:32:58 GMT 2010

    [ The following text is in the "utf-8" character set. ]
    [ Your display is set for the "ISO-8859-10" character set.  ]
    [ Some characters may be displayed incorrectly. ]


Am 04.11.2010 um 17:25 schrieb cmoyroud:

> Hello,
> I'm trying to use SSH for qrsh in SGE on a cluster with RHEL 5.5 machines (using http://gridengine.sunsource.net/howto/qrsh_qlogin_ssh.html ), and SElinux is giving me troubles. Putting SElinux into 'permissive' mode instead of 'enforce' mode is working fine, which means there's something in the SElinux configuration that needs to be changed.

yes, switching it off was often a way to bypass SELinux problems.

> What I've tried so far:
> - Authorizing ports 1024 to 65535 to be used for SSH with semanage port -a -t ssh_port_t -p tcp 1024-65535'
> - Authorizing SSH to run through inetd with 'setsebool -P run_ssh_inetd on'
> Still no luck :(
> As soon as the SSH connection is established successfully (authentication and all), the connection is closed ("Read from remote host crx5380: Connection reset by peer").
> Has anyone managed to get SGE to work with SSH on an SElinux-enabled system?

We don't use it, but one idea: even when started by inetd, you have only one sshd running at a time I think. With SGE you will have one per job, and it's not bound to (x)inetd. In addition it won't be a kid of (x)inetd too, but of the sge_shepherd.

-- Reuti

> Thanks in advance!
> Best regards,
> Clément
> ------------------------------------------------------
> http://gridengine.sunsource.net/ds/viewMessage.do?dsForumId=38&dsMessageId=292712
> To unsubscribe from this discussion, e-mail: [users-unsubscribe at gridengine.sunsource.net].


To unsubscribe from this discussion, e-mail: [users-unsubscribe at gridengine.sunsource.net].

More information about the gridengine-users mailing list