[Beowulf] Restricting users from ssh into nodes
Peter Clapham
pc7 at sanger.ac.uk
Tue Jul 23 05:58:54 PDT 2013
I'm not sure how useful this may be, but these may also be suitable in
certain environments
simplest:
touch /etc/nologin
and, similarly granular to the option below you could edit:
(Ubuntu / Debian file location)
/etc/security/access.conf
Pete
> I am a novice when it comes to how clusters work. but i did find this
> feature useful.
>
>
> Specify Which Accounts Can Use SSH
>
> You can explicitly allow or deny access for certain users or groups.
> For example, if you have a family PC where most people have weak
> passwords, you might want to allow SSH access just for yourself.
>
> Allowing or denying SSH access for specific users can significantly
> improve your security if users with poor security practices don't need
> SSH access.
>
> /It's recommended to specify which accounts can use SSH if only a few
> users want (not) to use SSH./
>
> To allow only the users Fred and Wilma to connect to your computer,
> add the following line to the bottom of the sshd_config file:
>
> *AllowUsers Fred Wilma*
>
> To allow everyone except the users Dino and Pebbles to connect to your
> computer, add the following line to the bottom of the sshd_config file:
>
> *DenyUsers Dino Pebbles*
>
> It's possible to create very complex rules about who can use SSH - you
> can allow or deny specific groups of users, or users whose names match
> a specific pattern, or who are logging in from a specific location.
> For more details about how to create complex rules, see the
> sshd_config man page
> <http://manpages.ubuntu.com/manpages/hardy/man5/sshd_config.5.html>
>
>
> this is from the ubuntu documentation but it might prove useful and
> can be found here
> <https://help.ubuntu.com/community/SSH/OpenSSH/Configuring> .
>
>
>
> On Tue, Jul 23, 2013 at 1:16 PM, Hearns, John <john.hearns at mclaren.com
> <mailto:john.hearns at mclaren.com>> wrote:
>
>
>
> John can't you do that with a feature in ssh called Deny users and
> specify the user name or that wouldnt work in a cluster environment.
>
>
>
> I must admit that I am not running this in the context of an MPI
> style cluster.
> I am configuring nodes for interactive logins using the batch
> system to allocate the login sessions (interactive jobs)
>
>
>
>
> The contents of this e-mail are confidential and for the exclusive
> use of the intended recipient. If you are not the intended
> recipient you should not read, copy, retransmit or disclose its
> contents. If you have received this email in error please delete
> it from your system immediately and notify us either by email or
> telephone. The views expressed in this communication may not
> necessarily be the views held by McLaren Racing Limited.
> McLaren Racing Limited | McLaren Technology Centre | Chertsey Road
> | Woking | Surrey | GU21 4YH | UK | Company Number: 01517478
>
> _______________________________________________
> Beowulf mailing list, Beowulf at beowulf.org
> <mailto:Beowulf at beowulf.org> sponsored by Penguin Computing
> To change your subscription (digest mode or unsubscribe) visit
> http://www.beowulf.org/mailman/listinfo/beowulf
>
>
>
>
> --
> Jonathan Aquilina
>
>
> _______________________________________________
> Beowulf mailing list, Beowulf at beowulf.org sponsored by Penguin Computing
> To change your subscription (digest mode or unsubscribe) visit http://www.beowulf.org/mailman/listinfo/beowulf
--
---
Dr Peter Clapham, Informatics Systems Group
The Wellcome Trust Sanger Institute, Cambs, CB10 1SA
Tel: +44 (0)1223 834244 x 6972
--
The Wellcome Trust Sanger Institute is operated by Genome Research
Limited, a charity registered in England with number 1021457 and a
company registered in England with number 2742969, whose registered
office is 215 Euston Road, London, NW1 2BE.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.beowulf.org/pipermail/beowulf/attachments/20130723/86316d2a/attachment.html>
More information about the Beowulf
mailing list