OOD_SSHHOST_ALLOWLIST syntax?

sandermitre · June 1, 2022, 8:50pm

I have a question regarding the OOD_SSHHOST_ALLOWLIST regex syntax, specifically is there a type of regex which would help me format it? We have a cluster which has the following naming convention: node1,node2… node19,node20… and I’m having problems formatting the allow list for those hosts.

I was able to find Rubular: a Ruby regular expression editor which helped with the host_regex , so I’m wondering if there might be something similar if I understood what it was looking for.

TIA

travert · June 2, 2022, 1:58pm

I’m not sure what you mean here. Format the regex you need for your hosts? What does the hostnames look like? I see you mention they have node# in their names so are you asking how to write a regex to capture those numbers? Can you send the rest of what the pattern would need to catch?

sandermitre · June 2, 2022, 2:14pm

Sure the pattern is this:

node1
node2
node3
…
node19
node20
node21
…
node30

I tried node[1-30] but that didn’t work and I tried node[1-9][0-9] which also didn’t work. Since this cluster is set to retire in the next 6 months I’d be up for something less secure like node?? or node* if that is the proper syntax. Although we are planning on not using padding zeros so a good solution is prefered.

Thanks!

bennet · June 2, 2022, 2:23pm

Is this for ssh from the compute hosts to the OnDemand server, or from the OnDemand server to the compute hosts?

I think for the latter, configuring the /etc/ssh/sshd_config on the compute hosts is desired, no?

Wouldn’t the OnDemand AllowHosts be for incoming connections?

jeff.ohrstrom · June 2, 2022, 2:27pm

They’re globs not regular expressions. You can have several globs and they’re : separated.

So you’d probably need something like node[0-9]:node[0-9][0-9], one for 1 digit and another for 2. You can use stars, * but it is less secure - or at least could grab nodes you don’t want folks shelling into.

https://man7.org/linux/man-pages/man7/glob.7.html

sandermitre · June 2, 2022, 2:33pm

Thanks for the clarification. That makes sense.

@bennet This was from the OOD host to the nodes, specifically clicking on the node name in the interactive sessions tab. I thought it was a networking problem, but when one of the abnormally nodes worked I realized it was this entry not matching.

bennet · June 2, 2022, 2:49pm

And thank you for the clarification, as well. This is an outbound list from OnDemand, I now see. Sorry for the noise.

system · November 29, 2022, 2:49pm

This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
No_Proxy variable in OOD Get Help question	2	600	May 26, 2022
SSH to different hosts from Shell App Get Help question	3	566	May 26, 2022
OOD 1.8 OOD_SSHHOST_ALLOWLIST failure page General Discussion question	2	638	May 26, 2022
Reverse Proxy on Separate Host? Get Help	19	1731	December 6, 2021
User authorization requirement (OOD 1.7.0) Get Help question	4	690	March 14, 2022

OOD_SSHHOST_ALLOWLIST syntax?

Related Topics