[Beowulf] SSH without login in nodes

[Galton, Simon]

Here's a very simple suggestion.

This disallows interactive logins to a non-login node.  It does not stop
something like "ssh nodename /home/username/longrunningjob", but it
adequately prevents accidental logins; and it's easy to maintain.

As coded it allows the root user and users in the "clustadm" group to access
the nodes interactively but kicks out any users who "accidentally" attempt
to interactively login to a node (after sending instructions on where they
should login).

Put the following text in a file called "/etc/profile.d/nologin.sh"

#
# Prevents interactive logins on cluster nodes
#
# Allow root and members of the "clustadm" group
# set the "master" variable to the name of the login node
#

master="headnode"

if [ "$LOGNAME" = "root" ]
then
	:
else
      groups=`groups | grep clustadm`
	if [ "$groups" = "" ]
      then
		echo "Please log into the master node, $master, for access
to the cluster."
            echo "Logging you out now."
            echo
            exit
      fi
fi
CONFIDENTIAL AND PRIVILEGED INFORMATION NOTICE

This e-mail, and any attachments, may contain information that
is confidential, subject to copyright, or exempt from disclosure.
Any unauthorized review, disclosure, retransmission, 
dissemination or other use of or reliance on this information 
may be unlawful and is strictly prohibited.  

AVIS D'INFORMATION CONFIDENTIELLE ET PRIVILÉGIÉE

Le présent courriel, et toute pièce jointe, peut contenir de 
l'information qui est confidentielle, régie par les droits 
d'auteur, ou interdite de divulgation. Tout examen, 
divulgation, retransmission, diffusion ou autres utilisations 
non autorisées de l'information ou dépendance non autorisée 
envers celle-ci peut être illégale et est strictement interdite.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.beowulf.org/pipermail/beowulf/attachments/20070510/2f7dc5d1/attachment.html>