[Beowulf] Restricting users from ssh into nodes
Kilian Cavalotti
kilian.cavalotti.work at gmail.com
Wed Jul 24 02:02:44 PDT 2013
Hi all,
I'm late to the discussion, but if I correctly understands John's
question, it's about *dynamically* restricting user access on compute
nodes where they have no job running, rather than just preventing all
users to log on any node.
For that matter, a great solution is to use a PAM module, that asks
the scheduler if the user trying to connect effectively has a job
running on that node.
Those PAM modules exist for pretty much every scheduler:
- SGE: https://github.com/BagOfMostlyWater/sge-sshd-control or
3rdparty/tacc_pam_sge/ in SGE source tree
- Slurm: https://computing.llnl.gov/linux/slurm/faq.html#pam
- PBS/Torque: http://docs.adaptivecomputing.com/torque/4-1-4/help.htm#topics/3-nodes/hostSecurity.htm
- LSF: http://sourceforge.net/projects/lsf-pam-module/ (not sure it
still works, though)
Cheers,
--
Kilian
More information about the Beowulf
mailing list