[Beowulf] Restricting users from ssh into nodes

Hearns, John john.hearns at mclaren.com
Wed Jul 24 02:08:26 PDT 2013



Hi all,

I'm late to the discussion, but if I correctly understands John's
question, it's about *dynamically* restricting user access on compute
nodes where they have no job running, rather than just preventing all
users to log on any node.
For that matter, a great solution is to use a PAM module, that asks
the scheduler if the user trying to connect effectively has a job
running on that node.

Those PAM modules exist for pretty much every scheduler:
- SGE: https://github.com/BagOfMostlyWater/sge-sshd-control or
3rdparty/tacc_pam_sge/ in SGE source tree
- Slurm: https://computing.llnl.gov/linux/slurm/faq.html#pam
- PBS/Torque: http://docs.adaptivecomputing.com/torque/4-1-4/help.htm#topics/3-nodes/hostSecurity.htm
- LSF: http://sourceforge.net/projects/lsf-pam-module/ (not sure it
still works, though)



Killian, that is very helpful reply. Thankyou.

No, not particularly 'dynamically' restricting user access.
What I have set up is visualization nodes for engineers to examine post-processed data, using OpenGL based tools.
They would normally either sit at the console of the workstation, or use a VNC session.
I have configured PBS interactive jobs, so I can allocate machines with spare capacity to visualization sessions,
and also to automatically set up the VNC sessions.
Would like to prevent console X sessions, and direct logins to start VNC sessions 'by hand'.
This PBS parameter looked very useful to do just that.

The contents of this e-mail are confidential and for the exclusive use of the intended recipient.
If you are not the intended recipient you should not read, copy, retransmit or disclose its contents.
If you have received this email in error please delete it from your system immediately and notify us either by email or telephone.
The views expressed in this communication may not necessarily be the views held by McLaren Racing Limited. 
McLaren Racing Limited | McLaren Technology Centre | Chertsey Road | Woking | Surrey | GU21 4YH | UK | Company Number: 01517478



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.beowulf.org/pipermail/beowulf/attachments/20130724/4096295a/attachment.html>


More information about the Beowulf mailing list