[Beowulf] SSH without login in nodes

Kilian CAVALOTTI kilian at stanford.edu
Fri May 4 13:40:50 PDT 2007


Hi,

On Friday 04 May 2007 01:06:51 pm Peter St. John wrote:
> There was a typogrphical error in the question. I had a brief exchange
> with señor Gomez and he confirmed this translation:
>
> I am configuring a cluster with ssh (but without passwords) and
> currently the users can log in to compute nodes.
> I wish the clients to use the queue system (Torque, it works fine)
> without being able to access the compute nodes.
> In the past, we used rsh without allowing rlogin.

What you can do is configure PAM on the nodes, to only allow login for a 
specific set of users, if any. It should come with any modern distro.

Be sure your /etc/pam.d/authconfig contains reference to pam_access, like:
account     required      /lib/security/$ISA/pam_access.so

And configure /etc/security/access.conf to match your needs, like:
# Allow administrative login from everywhere
+:wheel staff:ALL
# Prevent user logins 
-:users:ALL

You can give a look at 
http://www.informit.com/articles/article.asp?p=165226&seqNum=12&rl=1 for 
more info.

Cheers,
-- 
Kilian



More information about the Beowulf mailing list