[Beowulf] A careful exploit?

Jörg Saßmannshausen sassy-work at sassy.formativ.net
Thu Jun 13 13:49:43 PDT 2019


Dear all,

why port 23? Was that a typo and you mean port 22 (ssh)?

All the best

Jörg

Am Donnerstag, 13. Juni 2019, 11:09:21 BST schrieb Robert G. Brown:
> On Thu, 13 Jun 2019, Jonathan Engwall wrote:
> > It was an actual machine I could ping but I could not connect. It was
> > there
> > at start up.
> 
> If it is an actual machine, hang a console on it and see what is
> happening.  If you can ping it, its network is up.  But to be able to
> connect to it, you have to have a bunch of stuff configured to allow
> connection.  These problems all live at a higher level than the physical
> transport levels.
> 
> Personally, I'd start by killing selinux, as it is notorious for
> nearly randomly deciding that this or that connection is not secure and
> blocking it with no (EXTERNAL) warning -- it would show up in logs.  If
> you prefer, master selinux and figure out how to configure it for the
> specific ports you are trying to connect to.  Then I'd check the
> firewall.  Are you trying to ssh in?  Make sure that port 23 is open and
> not firewalled off in the default installation image.  Then check
> services.  Are you trying to ssh in?  Well, is sshd installed and
> running?  If it isn't, you have to install it, configure it, make sure
> the firewall passes it, and make sure selinux isn't going to come in and
> override the firewall and refuse to pass it after all.  And so on, for
> any port(s) you wish to access.  Most linuxes these days install in a
> default "secure" mode with no open ports and firewalled up pretty tight,
> assuming that the installer is a normal human who has no idea how to
> offer services or secure them, but if you run a cluster you really need
> to be at least on the road to being an abnormal person who does.
> 
> If you're trying to build a cluster that automagically installs with all
> of this stuff up, well, then you'll need to read the manual(s) or
> whatever documentation they provide to see what you didn't preconfigure
> on the install host.
> 
> Hopefully you're getting the idea that debugging networking problems
> requires a) a pretty good knowledge of networking from the wire on up to
> the network application; b) a pretty good knowledge of systems
> administration and how to set up, start, manage, debug applications,
> read logs (know where the logs are to read, for starters) etc; c) a very
> patient and systematic approach.  As Chris says, start at the wire up,
> if it is wired, look at the wireless router tables of connected hosts if
> it is wireless, etc.  See if it pings.  If it pings, see what's
> wrong with the ports/services you're trying to connect to.  Read logs.
> Try experiments.  Compare a working host to the one that isn't working.
> Read the logs some more.
> 
> It's all in there, if you know how to get it out.
> 
> And again, if you really want our help, repost a DETAILED DESCRIPTION OF
> WHAT IS WRONG.  I'd wager 90% or more of the people on this list could
> debug your problem from a sufficiently detailed description alone, but
> so far we know next to nothing about what you are trying to do, what
> your network looks like, what version of Linux (or other operating
> system!) you are using, what tools you're talking about.  I don't even
> know if you are really trying to build or work with a cluster or are
> just trying to figure out why ssh doesn't work out of the box on hosts
> in an office.
> 
> Details, please!
> 
>      rgb
> 
> > On Tue, Jun 11, 2019, 9:49 PM Chris Samuel <chris at csamuel.org> wrote:
> >       On 11/6/19 8:18 pm, Robert G. Brown wrote:
> >       > * Are these real hosts, each with their own network interface
> >       
> >       (wired or
> >       
> >       > wireless), or are these virtual hosts?
> >       
> >       In addendum to RGB's excellent advice and questions I would add
> >       to this
> >       question the network engineers maxim of "start at layer 1 and
> >       work up".
> >       
> >       In other words, first check your physical connectivity and then
> >       head up
> >       the layers.
> >       
> >       Best of luck!
> >       Chris
> >       --
> >       ? Chris Samuel? :?http://www.csamuel.org/? :?Berkeley, CA, USA
> >       _______________________________________________
> >       Beowulf mailing list, Beowulf at beowulf.org sponsored by Penguin
> >       Computing
> >       To change your subscription (digest mode or unsubscribe) visit
> >       https://beowulf.org/cgi-bin/mailman/listinfo/beowulf
> 
> Robert G. Brown	                       http://www.phy.duke.edu/~rgb/
> Duke University Dept. of Physics, Box 90305
> Durham, N.C. 27708-0305
> Phone: 1-919-660-2567  Fax: 919-660-2525     email:rgb at phy.duke.edu
> 
> 
> _______________________________________________
> Beowulf mailing list, Beowulf at beowulf.org sponsored by Penguin Computing
> To change your subscription (digest mode or unsubscribe) visit
> https://beowulf.org/cgi-bin/mailman/listinfo/beowulf



More information about the Beowulf mailing list