[Beowulf] A careful exploit?

Robert G. Brown rgb at phy.duke.edu
Thu Jun 13 08:09:21 PDT 2019


On Thu, 13 Jun 2019, Jonathan Engwall wrote:

> It was an actual machine I could ping but I could not connect. It was there
> at start up.

If it is an actual machine, hang a console on it and see what is
happening.  If you can ping it, its network is up.  But to be able to
connect to it, you have to have a bunch of stuff configured to allow
connection.  These problems all live at a higher level than the physical
transport levels.

Personally, I'd start by killing selinux, as it is notorious for
nearly randomly deciding that this or that connection is not secure and
blocking it with no (EXTERNAL) warning -- it would show up in logs.  If
you prefer, master selinux and figure out how to configure it for the
specific ports you are trying to connect to.  Then I'd check the
firewall.  Are you trying to ssh in?  Make sure that port 23 is open and
not firewalled off in the default installation image.  Then check
services.  Are you trying to ssh in?  Well, is sshd installed and
running?  If it isn't, you have to install it, configure it, make sure
the firewall passes it, and make sure selinux isn't going to come in and
override the firewall and refuse to pass it after all.  And so on, for
any port(s) you wish to access.  Most linuxes these days install in a
default "secure" mode with no open ports and firewalled up pretty tight,
assuming that the installer is a normal human who has no idea how to
offer services or secure them, but if you run a cluster you really need
to be at least on the road to being an abnormal person who does.

If you're trying to build a cluster that automagically installs with all
of this stuff up, well, then you'll need to read the manual(s) or
whatever documentation they provide to see what you didn't preconfigure
on the install host.

Hopefully you're getting the idea that debugging networking problems
requires a) a pretty good knowledge of networking from the wire on up to
the network application; b) a pretty good knowledge of systems
administration and how to set up, start, manage, debug applications,
read logs (know where the logs are to read, for starters) etc; c) a very
patient and systematic approach.  As Chris says, start at the wire up,
if it is wired, look at the wireless router tables of connected hosts if
it is wireless, etc.  See if it pings.  If it pings, see what's
wrong with the ports/services you're trying to connect to.  Read logs.
Try experiments.  Compare a working host to the one that isn't working.
Read the logs some more.

It's all in there, if you know how to get it out.

And again, if you really want our help, repost a DETAILED DESCRIPTION OF
WHAT IS WRONG.  I'd wager 90% or more of the people on this list could
debug your problem from a sufficiently detailed description alone, but
so far we know next to nothing about what you are trying to do, what
your network looks like, what version of Linux (or other operating
system!) you are using, what tools you're talking about.  I don't even
know if you are really trying to build or work with a cluster or are
just trying to figure out why ssh doesn't work out of the box on hosts
in an office.

Details, please!

     rgb

> 
> On Tue, Jun 11, 2019, 9:49 PM Chris Samuel <chris at csamuel.org> wrote:
>       On 11/6/19 8:18 pm, Robert G. Brown wrote:
>
>       > * Are these real hosts, each with their own network interface
>       (wired or
>       > wireless), or are these virtual hosts?
>
>       In addendum to RGB's excellent advice and questions I would add
>       to this
>       question the network engineers maxim of "start at layer 1 and
>       work up".
>
>       In other words, first check your physical connectivity and then
>       head up
>       the layers.
>
>       Best of luck!
>       Chris
>       --
>       ? Chris Samuel? :?http://www.csamuel.org/? :?Berkeley, CA, USA
>       _______________________________________________
>       Beowulf mailing list, Beowulf at beowulf.org sponsored by Penguin
>       Computing
>       To change your subscription (digest mode or unsubscribe) visit
>       https://beowulf.org/cgi-bin/mailman/listinfo/beowulf
> 
> 
>

Robert G. Brown	                       http://www.phy.duke.edu/~rgb/
Duke University Dept. of Physics, Box 90305
Durham, N.C. 27708-0305
Phone: 1-919-660-2567  Fax: 919-660-2525     email:rgb at phy.duke.edu




More information about the Beowulf mailing list