[Beowulf] SSH without login in nodes
Kilian CAVALOTTI
kilian at stanford.edu
Sat May 5 09:24:37 PDT 2007
On Friday 04 May 2007 21:42:58 Chris Samuel wrote:
> We use a very ugly hack (this was already in place when I arrived) which
> has been very effective over the past few years at doing that and
> doesn't prevent people using SSH based MPI launchers (though we don't
> recommend them being used).
>
> Basically it's just the following in /etc/profile on our compute nodes.
>
> if echo $HOSTNAME | egrep -q '^node' ; then
> if [ ! $PBS_ENVIRONMENT ];
> then if [ $USER != "root" ];
> then if [ "$GROUP" != "systems" ];
> then exit;
> fi;
> fi;
> fi;
> fi;
>
>
> How's that ?
Not that ugly, actually. But what if users do a
ssh node -t "bash --noprofile"? ;)
To handle of SSH based MPI launchers, we've disabled user logins from our
frontend node to the compute nodes, but allowed them between compute
nodes. So that the scheduler takes care of dispatching the initial process
on a first node (no SSH involved), and then SSH connections can be used to
dispatch the MPI daemons on the other nodes, from the initial one.
Cheers,
--
Kilian
More information about the Beowulf
mailing list