On 29/06/11 14:37, Stuart Purdie wrote:
> [ ... ] a grid cert for a host that you connect to via GSISSH [ ... ]
I suspected that too, so I have experimentally verified that.
but as mentioned in the previous message it seems to use the
host DN as the user DN, which is weird. Or else the host DN must
be mapped to a pool account too, which would be weirder.
> GSISSH does have a couple of advantages; partly proxy forwarding,
> but (for me at least) also the alternate port number letting me
> skip around awkward port 22 blocking firewalls .... [ ... ]
I think that we actually run it on port 22 (but it is easy to
bind 'sshd' to various ports).
Another reason why people here care is that it allows logging in
as the DN-mapped grid user, rather than as the local user,
indeed they often 'gsissh localhost' for that.
|