[Beowulf] Restricting users from ssh into nodes
pc7 at sanger.ac.uk
Tue Jul 23 05:58:54 PDT 2013
I'm not sure how useful this may be, but these may also be suitable in
and, similarly granular to the option below you could edit:
(Ubuntu / Debian file location)
> I am a novice when it comes to how clusters work. but i did find this
> feature useful.
> Specify Which Accounts Can Use SSH
> You can explicitly allow or deny access for certain users or groups.
> For example, if you have a family PC where most people have weak
> passwords, you might want to allow SSH access just for yourself.
> Allowing or denying SSH access for specific users can significantly
> improve your security if users with poor security practices don't need
> SSH access.
> /It's recommended to specify which accounts can use SSH if only a few
> users want (not) to use SSH./
> To allow only the users Fred and Wilma to connect to your computer,
> add the following line to the bottom of the sshd_config file:
> *AllowUsers Fred Wilma*
> To allow everyone except the users Dino and Pebbles to connect to your
> computer, add the following line to the bottom of the sshd_config file:
> *DenyUsers Dino Pebbles*
> It's possible to create very complex rules about who can use SSH - you
> can allow or deny specific groups of users, or users whose names match
> a specific pattern, or who are logging in from a specific location.
> For more details about how to create complex rules, see the
> sshd_config man page
> this is from the ubuntu documentation but it might prove useful and
> can be found here
> <https://help.ubuntu.com/community/SSH/OpenSSH/Configuring> .
> On Tue, Jul 23, 2013 at 1:16 PM, Hearns, John <john.hearns at mclaren.com
> <mailto:john.hearns at mclaren.com>> wrote:
> John can't you do that with a feature in ssh called Deny users and
> specify the user name or that wouldnt work in a cluster environment.
> I must admit that I am not running this in the context of an MPI
> style cluster.
> I am configuring nodes for interactive logins using the batch
> system to allocate the login sessions (interactive jobs)
> The contents of this e-mail are confidential and for the exclusive
> use of the intended recipient. If you are not the intended
> recipient you should not read, copy, retransmit or disclose its
> contents. If you have received this email in error please delete
> it from your system immediately and notify us either by email or
> telephone. The views expressed in this communication may not
> necessarily be the views held by McLaren Racing Limited.
> McLaren Racing Limited | McLaren Technology Centre | Chertsey Road
> | Woking | Surrey | GU21 4YH | UK | Company Number: 01517478
> Beowulf mailing list, Beowulf at beowulf.org
> <mailto:Beowulf at beowulf.org> sponsored by Penguin Computing
> To change your subscription (digest mode or unsubscribe) visit
> Jonathan Aquilina
> Beowulf mailing list, Beowulf at beowulf.org sponsored by Penguin Computing
> To change your subscription (digest mode or unsubscribe) visit http://www.beowulf.org/mailman/listinfo/beowulf
Dr Peter Clapham, Informatics Systems Group
The Wellcome Trust Sanger Institute, Cambs, CB10 1SA
Tel: +44 (0)1223 834244 x 6972
The Wellcome Trust Sanger Institute is operated by Genome Research
Limited, a charity registered in England with number 1021457 and a
company registered in England with number 2742969, whose registered
office is 215 Euston Road, London, NW1 2BE.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Beowulf