On 2/6/13 10:06 PM, Jeff Squyres (jsquyres) wrote: > On Feb 6, 2013, at 5:11 AM, Reuti <re...@staff.uni-marburg.de> wrote: > >>> Thanks Reuti and Jeff, you are right, users should not be allowed to ssh to >>> all nodes, which is how our cluster was set up: users can even >>> password-less ssh to any node. I know this is not appropriate question in >>> OpenMPI forum, but how can we setup so that user can only ssh (with >>> password) to nodes that are allocated to them at the time of qsub'ing? I am >>> still new to all of this cluster thing :) >> I even disallow this. Only admin staff is allowed to login to the nodes. >> This forces also the admin to look for a tight integration of the user's >> software into the queuing system. > > +1 > > FWIW, that makes one-more-thing that you have to setup and maintain (because > it doesn't happen by default -- you'd have to add some extra scripting in the > ssh authentication stuff to enable that functionality). >
Thanks, that what I want to do too, but I thought if it is impossible because ssh is needed for seting up a cluster. From what I understand: * for an user to run pbs jobs, master and clients should have that user on their passwd/shadow/group files * configure ssh server on clients to prohibit certain users Is that right?
signature.asc
Description: OpenPGP digital signature
