This web mail archive is frozen.
This page is part of a frozen web archive of this mailing list.
You can still navigate around this archive, but know that no new mails
have been added to it since July of 2016.
Click here to be taken to the new web archives of this list; it includes all the mails that are in this frozen archive plus all new mails that have been sent to the list since it was migrated to the new archives.
On 2/6/13 10:06 PM, Jeff Squyres (jsquyres) wrote:
> On Feb 6, 2013, at 5:11 AM, Reuti <reuti_at_[hidden]> wrote:
>>> Thanks Reuti and Jeff, you are right, users should not be allowed to ssh to all nodes, which is how our cluster was set up: users can even password-less ssh to any node. I know this is not appropriate question in OpenMPI forum, but how can we setup so that user can only ssh (with password) to nodes that are allocated to them at the time of qsub'ing? I am still new to all of this cluster thing :)
>> I even disallow this. Only admin staff is allowed to login to the nodes. This forces also the admin to look for a tight integration of the user's software into the queuing system.
> FWIW, that makes one-more-thing that you have to setup and maintain (because it doesn't happen by default -- you'd have to add some extra scripting in the ssh authentication stuff to enable that functionality).
Thanks, that what I want to do too, but I thought if it is impossible
because ssh is needed for seting up a cluster. From what I understand:
* for an user to run pbs jobs, master and clients should have that user
on their passwd/shadow/group files
* configure ssh server on clients to prohibit certain users
Is that right?