[Beowulf] SSH without login in nodes

[Reuti]

Am 08.05.2007 um 15:25 schrieb Angel de Vicente:

> If it is of any help, we use a similar setting to the one given  
> below by Kilian,
> where our access file in the compute nodes only has root and  
> myself. When a user
> submits something to the queuing system (Torque+Maui), the  
> access.conf of the
> given nodes is modified with a prologue script, so that access is  
> given to them
> in the allocated nodes, and when the job finishes their name is  
> taken from
> access.conf in an epilogue script.
>
> Nothing fancy, but it works pretty well (you could easily figure  
> how to abuse
> it, but people usually behave nicely, and this was needed mostly to  
> prevent
> accidentally submitting jobs to other nodes, not to tackle abuse).  
> At the same
> time, we have a script that runs once per day to check whether  
> there are any
> jobs from users not allowed (according to the queueing system) to  
> do so, and if
> found they are just mercilessly killed (on very rare occasions  
> zombies are
> hanging around).

This is always a point where I wonder, why there is still no rsh  
replacement in Torque like it's available in SUN GridEngine with its  
qrsh command. Simply disable rsh and ssh in the complete cluster (or  
limit it to admin staff) and all startup of processes in the cluster  
is done by SGE's private daemons for each qrsh call by using a Tight  
Integration - so you can't access nodes which you are not supposed to  
use. In addition, this will also allow correct accounting for Linda/ 
PVM jobs which still seems not be possible with Torque.

-- Reuti