Schedulers listen on dedicated network ports for TCP communications from Cylc clients (jobs and user-invoked commands).
cylc scan to see which workflows are listening on which ports on
Cylc generates public-private key pairs on the workflow server and job hosts which are used for authentication.
Authentication files will be created in your
$HOME/cylc-run/<workflow-id>/.service/ directory at start-up. You can
expect to find one client public key per file system for remote jobs.
On the workflow host, the directory structure should contain:
~/cylc-run/workflow_x `-- .service |-- client_public_keys | |-- client_localhost.key | `-- <any further client keys> |-- client.key_secret |-- server.key `-- server.key_secret
On the remote job host, the directory structure should contain:
~/cylc-run/workflow_x `-- .service |-- client.key |-- client.key_secret `-- server.key
Keys are removed as soon as they are no longer required.