<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
there are 2 places I used netcat.<br>
<br>
1) ssh policy on login node only allows us to connect to ssh tunnels
from localhost. using ncat there fools ssh into thinking we are
connecting on localhost. I think it's dumb that we have to do this,
but our sys admins refuse to make the change. The ssh option is
called GatewayPorts.<br>
<br>
2) there is a different network protocol used on the compute nodes
of our cray, the mom node understands that protocol and acts like a
bridge to the login node. we create the tunnel from mom to login
with netcat.<br>
<br>
there are other ways to forward the connections beside netcat, but
it's easy to build, install, and use, and it's fast.<br>
<br>
<div class="moz-cite-prefix">On 03/20/2015 02:26 PM, Vanmoer, Mark W
wrote:<br>
</div>
<blockquote
cite="mid:7F781841FF1E044388AFA42B70703A7A8A145851@CITESMBX6.ad.uillinois.edu"
type="cite">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";
color:black;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;}
span.EmailStyle19
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:#1F497D;}
span.EmailStyle20
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Hi
Burlen,<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Are
you using ncat to setup those connections because of a
policy (like no outside network connections allowed) or for
a technical reason?<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Mark<o:p></o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">From:</span></b><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">
Burlen Loring [<a class="moz-txt-link-freetext" href="mailto:burlen.loring@gmail.com">mailto:burlen.loring@gmail.com</a>]
<br>
<b>Sent:</b> Thursday, March 19, 2015 4:48 PM<br>
<b>To:</b> Vanmoer, Mark W; David E DeMarle<br>
<b>Cc:</b> <a class="moz-txt-link-abbreviated" href="mailto:paraview@paraview.org">paraview@paraview.org</a><br>
<b>Subject:</b> Re: [Paraview] server configuration with
two factor authentication?<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:12.0pt">Hi Mark,<br>
<br>
Yes to both. The way this could work on a simple cluster is:
from the user's system which is assumed to be remote, the pvsc
creates an ssh tunnel inside the xterm and calls the launch
script on the compute system login node. the launch script
submits the batch job. pvserver, when run in the batch script,
connects back to the ssh tunnel on the login node. "client
host" is the login node host name. "server port" is specified
by the user in the pvsc.<br>
<br>
There's a slight complication with some Cray systems that
means we need to involve a special node called the "mom" node
in the tunnel.<br>
<br>
This will be clear if you see a complete example, for instance
the following 3 scripts are used with NERSC's Cray Edison:<a
moz-do-not-send="true"
href="https://github.com/burlen/pvserver-configs/blob/master/pvsc/edison-unix.pvsc">
pvsc</a>,
<a moz-do-not-send="true"
href="https://github.com/burlen/pvserver-configs/blob/master/servers/edison/4.3.1/start_pvserver.sh">launch
script</a>, <a moz-do-not-send="true"
href="https://github.com/burlen/pvserver-configs/blob/master/servers/edison/4.3.1/start_pvserver.qsub">batch
script</a>.<br>
<br>
Burlen<o:p></o:p></p>
<div>
<p class="MsoNormal">On 03/19/2015 02:24 PM, Vanmoer, Mark W
wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">This
great, thanks for sharing, guys. Using xterm would have
never occurred to me.</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Are
you setting the pvserver –client-host somehow? My old pvsc
from Forge sent over the client’s hostname to the script.
I tried that on Blue Waters and it works, but do I not
need to actually do that? Also, are either of you setting
–server-port in the launch script?</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><b><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif">
David E DeMarle [<a moz-do-not-send="true"
href="mailto:dave.demarle@kitware.com">mailto:dave.demarle@kitware.com</a>]
<br>
<b>Sent:</b> Thursday, March 19, 2015 1:28 PM<br>
<b>To:</b> Burlen Loring<br>
<b>Cc:</b> Vanmoer, Mark W; <a moz-do-not-send="true"
href="mailto:paraview@paraview.org">paraview@paraview.org</a><br>
<b>Subject:</b> Re: [Paraview] server configuration with
two factor authentication?</span><o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<div>
<p class="MsoNormal">I liked this bit too as the windows
version 'xterm -e ssh &'.<br>
<br>
<Command exec="cmd.exe" delay="10"><br>
<Arguments><br>
<Argument value="/C"/><br>
<Argument value="start"/><br>
<Argument value="cmd.exe"/><br>
<Argument value="/C"/><br>
<Argument value="$SSH_EXEquot;/><br>
<br>
Since windows isn't my first language, that took more
hunting than I'ld like to admit. :)<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><br clear="all">
<o:p></o:p></p>
<div>
<div>
<p class="MsoNormal">David E DeMarle<br>
Kitware, Inc.<br>
R&D Engineer<br>
21 Corporate Drive<br>
Clifton Park, NY 12065-8662<br>
Phone: 518-881-4909<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"> <o:p></o:p></p>
<div>
<p class="MsoNormal">On Thu, Mar 19, 2015 at 2:18 PM,
Burlen Loring <<a moz-do-not-send="true"
href="mailto:burlen.loring@gmail.com" target="_blank">burlen.loring@gmail.com</a>>
wrote:<o:p></o:p></p>
<blockquote style="border:none;border-left:solid #CCCCCC
1.0pt;padding:0in 0in 0in
6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt">
<div>
<pre>""C:\Program Files (x86)\PuTTY\plink.exe""<o:p></o:p></pre>
<pre> <o:p></o:p></pre>
<pre>so that's the secret to paths with spaces! nice, thanks for sharing that!<o:p></o:p></pre>
<div>
<div>
<div>
<p class="MsoNormal">On 03/19/2015 09:22 AM,
David E DeMarle wrote:<o:p></o:p></p>
</div>
<blockquote
style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p class="MsoNormal">Howdy Mark, <o:p></o:p></p>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">Adding to what Burlen
said.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">You can grab pvsc
examples for ORNL, ANL and NERSC via<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">paraview->File->Connect…
Fetch servers.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">//File->Conenct…FetchServers->Edit
Sources replace with pvsc
<a moz-do-not-send="true"
href="http://www.paraview.org/files/pvscWindows"
target="_blank">http://www.paraview.org/files/pvscWindows</a>
Kitware Inc. on windows.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">Mac requires XQuartz,
windows requires putty.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">Let me know when you
get it working, with your permission I'ld
love to add NCSA (and everywhere else)
there so that users get it by default.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><br clear="all">
<o:p></o:p></p>
<div>
<div>
<p class="MsoNormal">David E DeMarle<br>
Kitware, Inc.<br>
R&D Engineer<br>
21 Corporate Drive<br>
Clifton Park, NY 12065-8662<br>
Phone: <a moz-do-not-send="true"
href="tel:518-881-4909"
target="_blank">518-881-4909</a><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"> <o:p></o:p></p>
<div>
<p class="MsoNormal">On Thu, Mar 19, 2015
at 11:56 AM, Burlen Loring <<a
moz-do-not-send="true"
href="mailto:burlen.loring@gmail.com"
target="_blank">burlen.loring@gmail.com</a>>
wrote:<o:p></o:p></p>
<blockquote
style="border:none;border-left:solid
#CCCCCC 1.0pt;padding:0in 0in 0in
6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt">
<div>
<p class="MsoNormal">Hi Mark,<br>
<br>
This works without anything special
if you launch in an xterm. We did
this at NICS which requires both ssh
authentication and rsa secure id
token. Here is an
<a moz-do-not-send="true"
href="https://github.com/burlen/pvserver-configs/blob/master/pvsc/edison-unix.pvsc"
target="_blank">
example</a> <br>
<br>
Burlen <o:p></o:p></p>
<div>
<div>
<p class="MsoNormal"
style="margin-bottom:12.0pt"> <o:p></o:p></p>
<div>
<p class="MsoNormal">On
03/19/2015 06:50 AM, Vanmoer,
Mark W wrote:<o:p></o:p></p>
</div>
</div>
</div>
<blockquote
style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<div>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Hi,
is there a way to set up the
server XML so that it works
with two factor
authentication, as in a
token generator? This is for
the Blue Waters machine at
NCSA. What I mean is,
something like how VisIt
acts, which when doing the
connection will prompt for
the password and token.<o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">In
the past, on machines
without two factor auth,
I’ve used
<o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><a
moz-do-not-send="true"
href="http://www.paraview.org/Wiki/ParaView:Server_Configuration#Case_Eleven:_Launch_pvserver_on_a_cluster_using_PBS_-_use_reverse_connection_to_client"
target="_blank">http://www.paraview.org/Wiki/ParaView:Server_Configuration#Case_Eleven:_Launch_pvserver_on_a_cluster_using_PBS_-_use_reverse_connection_to_client</a><o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">but
that requires having ssh
keys set up.
<o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Thanks,<o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Mark<o:p></o:p></p>
</div>
<p class="MsoNormal"
style="margin-bottom:12.0pt"> <o:p></o:p></p>
</div>
</div>
<pre>_______________________________________________<o:p></o:p></pre>
<pre>Powered by <a moz-do-not-send="true" href="http://www.kitware.com" target="_blank">www.kitware.com</a><o:p></o:p></pre>
<pre> <o:p></o:p></pre>
<pre>Visit other Kitware open-source projects at <a moz-do-not-send="true" href="http://www.kitware.com/opensource/opensource.html" target="_blank">http://www.kitware.com/opensource/opensource.html</a><o:p></o:p></pre>
<pre> <o:p></o:p></pre>
<pre>Please keep messages on-topic and check the ParaView Wiki at: <a moz-do-not-send="true" href="http://paraview.org/Wiki/ParaView" target="_blank">http://paraview.org/Wiki/ParaView</a><o:p></o:p></pre>
<pre> <o:p></o:p></pre>
<pre>Search the list archives at: <a moz-do-not-send="true" href="http://markmail.org/search/?q=ParaView" target="_blank">http://markmail.org/search/?q=ParaView</a><o:p></o:p></pre>
<pre> <o:p></o:p></pre>
<pre>Follow this link to subscribe/unsubscribe:<o:p></o:p></pre>
<pre><a moz-do-not-send="true" href="http://public.kitware.com/mailman/listinfo/paraview" target="_blank">http://public.kitware.com/mailman/listinfo/paraview</a><o:p></o:p></pre>
</blockquote>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
<p class="MsoNormal"
style="margin-bottom:12.0pt"><br>
_______________________________________________<br>
Powered by <a moz-do-not-send="true"
href="http://www.kitware.com"
target="_blank">www.kitware.com</a><br>
<br>
Visit other Kitware open-source
projects at <a moz-do-not-send="true"
href="http://www.kitware.com/opensource/opensource.html" target="_blank">
http://www.kitware.com/opensource/opensource.html</a><br>
<br>
Please keep messages on-topic and
check the ParaView Wiki at: <a
moz-do-not-send="true"
href="http://paraview.org/Wiki/ParaView"
target="_blank">
http://paraview.org/Wiki/ParaView</a><br>
<br>
Search the list archives at: <a
moz-do-not-send="true"
href="http://markmail.org/search/?q=ParaView"
target="_blank">
http://markmail.org/search/?q=ParaView</a><br>
<br>
Follow this link to
subscribe/unsubscribe:<br>
<a moz-do-not-send="true"
href="http://public.kitware.com/mailman/listinfo/paraview"
target="_blank">http://public.kitware.com/mailman/listinfo/paraview</a><o:p></o:p></p>
</blockquote>
</div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
</div>
</blockquote>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
</div>
</div>
</blockquote>
</div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
</blockquote>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</blockquote>
<br>
</body>
</html>