[Beowulf] SSH without login in nodes

Chris Samuel csamuel at vpac.org
Fri May 4 21:42:58 PDT 2007


On Sat, 5 May 2007, Peter St. John wrote:

> I am configuring a cluster with ssh (but without passwords) and currently
> the users can log in to compute nodes. I wish the clients to use the queue
> system (Torque, it works fine) without being able to access the compute
> nodes. In the past, we used rsh without allowing rlogin.

We use a very ugly hack (this was already in place when I arrived) which has 
been very effective over the past few years at doing that and doesn't prevent 
people using SSH based MPI launchers (though we don't recommend them being 
used).

Basically it's just the following in /etc/profile on our compute nodes.

if echo $HOSTNAME | egrep -q '^node' ; then
   if [ ! $PBS_ENVIRONMENT ];
       then if [ $USER != "root" ];
           then if [ "$GROUP" != "systems" ];
                  then exit;
           fi;
       fi;
   fi;
fi;


How's that ?

cheers,
Chris
-- 
 Christopher Samuel - (03)9925 4751 - VPAC Deputy Systems Manager
 Victorian Partnership for Advanced Computing http://www.vpac.org/
 Bldg 91, 110 Victoria Street, Carlton South, VIC 3053, Australia




More information about the Beowulf mailing list