[Beowulf] Intra-cluster security
Nicholas M Glykos
glykos at mbg.duth.gr
Sun Sep 13 02:46:47 PDT 2009
Hi Stuart,
<snip>
> - Each user creates a password-less ssh private key, puts the public
> key in the authorized_hosts file and has relatively unfettered ssh
> access between nodes (nfs shared home directory helps a lot). This
> seems to be the most common approach. It is end-user setup/training
> intensive (I suppose it could be automated/audited).
</snip>
A quick note to say that in the case of the perceus/warewulf/slurm
combination as distributed with CaosNSA, you not only get the automation
you've mentioned, but you can also restrict user access to individual
nodes (this is through a pam module for slurm that only allows ssh access
to those nodes that a user has active jobs on).
Nicholas
--
Dr Nicholas M. Glykos, Department of Molecular Biology
and Genetics, Democritus University of Thrace, University Campus,
Dragana, 68100 Alexandroupolis, Greece, Tel/Fax (office) +302551030620,
Ext.77620, Tel (lab) +302551030615, http://utopia.duth.gr/~glykos/
More information about the Beowulf
mailing list