[Beowulf] Restricting users from ssh into nodes

Jonathan Aquilina eagles051387 at gmail.com
Tue Jul 23 04:18:54 PDT 2013


I am a novice when it comes to how clusters work. but i did find this
feature useful.

Specify Which Accounts Can Use SSH

You can explicitly allow or deny access for certain users or groups. For
example, if you have a family PC where most people have weak passwords, you
might want to allow SSH access just for yourself.

Allowing or denying SSH access for specific users can significantly improve
your security if users with poor security practices don't need SSH access.

*It's recommended to specify which accounts can use SSH if only a few users
want (not) to use SSH.*

To allow only the users Fred and Wilma to connect to your computer, add the
following line to the bottom of the sshd_config file:

*AllowUsers Fred Wilma*

To allow everyone except the users Dino and Pebbles to connect to your
computer, add the following line to the bottom of the sshd_config file:

*DenyUsers Dino Pebbles*

It's possible to create very complex rules about who can use SSH - you can
allow or deny specific groups of users, or users whose names match a
specific pattern, or who are logging in from a specific location. For more
details about how to create complex rules, see the sshd_config man
page<http://manpages.ubuntu.com/manpages/hardy/man5/sshd_config.5.html>


this is from the ubuntu documentation but it might prove useful and can be
found here <https://help.ubuntu.com/community/SSH/OpenSSH/Configuring> .


On Tue, Jul 23, 2013 at 1:16 PM, Hearns, John <john.hearns at mclaren.com>wrote:

>
>
> John can't you do that with a feature in ssh called Deny users and specify
> the user name or that wouldnt work in a cluster environment.
>
>
>
> I must admit that I am not running this in the context of an MPI style
> cluster.
> I am configuring nodes for interactive logins using the batch system to
> allocate the login sessions (interactive jobs)
>
>
>
>
> The contents of this e-mail are confidential and for the exclusive use of
> the intended recipient. If you are not the intended recipient you should
> not read, copy, retransmit or disclose its contents. If you have received
> this email in error please delete it from your system immediately and
> notify us either by email or telephone. The views expressed in this
> communication may not necessarily be the views held by McLaren Racing
> Limited.
> McLaren Racing Limited | McLaren Technology Centre | Chertsey Road |
> Woking | Surrey | GU21 4YH | UK | Company Number: 01517478
>
> _______________________________________________
> Beowulf mailing list, Beowulf at beowulf.org sponsored by Penguin Computing
> To change your subscription (digest mode or unsubscribe) visit
> http://www.beowulf.org/mailman/listinfo/beowulf
>
>


-- 
Jonathan Aquilina
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.beowulf.org/pipermail/beowulf/attachments/20130723/27aeacc6/attachment.html>


More information about the Beowulf mailing list