-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Am 06.02.2013 um 16:45 schrieb Duke Nguyen:
> On 2/6/13 10:06 PM, Jeff Squyres (jsquyres) wrote: >> On Feb 6, 2013, at 5:11 AM, Reuti <re...@staff.uni-marburg.de> wrote: >> >>>> Thanks Reuti and Jeff, you are right, users should not be allowed to ssh >>>> to all nodes, which is how our cluster was set up: users can even >>>> password-less ssh to any node. I know this is not appropriate question in >>>> OpenMPI forum, but how can we setup so that user can only ssh (with >>>> password) to nodes that are allocated to them at the time of qsub'ing? I >>>> am still new to all of this cluster thing :) >>> I even disallow this. Only admin staff is allowed to login to the nodes. >>> This forces also the admin to look for a tight integration of the user's >>> software into the queuing system. >> >> +1 >> >> FWIW, that makes one-more-thing that you have to setup and maintain (because >> it doesn't happen by default -- you'd have to add some extra scripting in >> the ssh authentication stuff to enable that functionality). >> > > Thanks, that what I want to do too, but I thought if it is impossible > because ssh is needed for seting up a cluster. From what I understand: > > * for an user to run pbs jobs, master and clients should have that user > on their passwd/shadow/group files Or use NIS / LDAP to have a central location for this information. > * configure ssh server on clients to prohibit certain users Correct, like a line in /etc/ssh/sshd_config: AllowGroups admin and only admin staff has this group as one of their secondary groups attached. - -- Reuti > Is that right? > > _______________________________________________ > users mailing list > us...@open-mpi.org > http://www.open-mpi.org/mailman/listinfo.cgi/users -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.18 (Darwin) Comment: GPGTools - http://gpgtools.org iEYEARECAAYFAlESfbAACgkQo/GbGkBRnRpNSgCfeMMr1aDs08BZbCKjUiQwZZbm IDgAn0JqNDbb5EBmNLy1+scfJwJZ6sn+ =igyV -----END PGP SIGNATURE-----
