We currently use a pam access setup like that: # cat /etc/security/access.conf -:ALL EXCEPT admins root:ALL
Then if users need access to the node while running jobs, we can do a prolog/epilog that adds another line to allow in the user (then remove once the job is done) This can become a mess if the node crashes, so I have a boot script that replaces the file to the -:ALL EXCEPT line, but I'd like a better way. On 07/23/2013 07:58 AM, Peter Clapham wrote: > I'm not sure how useful this may be, but these may also be suitable in > certain environments > > simplest: > touch /etc/nologin > > and, similarly granular to the option below you could edit: > (Ubuntu / Debian file location) > /etc/security/access.conf > > Pete > >> I am a novice when it comes to how clusters work. but i did find this >> feature useful. >> >> >> Specify Which Accounts Can Use SSH >> >> You can explicitly allow or deny access for certain users or groups. >> For example, if you have a family PC where most people have weak >> passwords, you might want to allow SSH access just for yourself. >> >> Allowing or denying SSH access for specific users can significantly >> improve your security if users with poor security practices don't need >> SSH access. >> >> /It's recommended to specify which accounts can use SSH if only a few >> users want (not) to use SSH./ >> >> To allow only the users Fred and Wilma to connect to your computer, >> add the following line to the bottom of the sshd_config file: >> >> *AllowUsers Fred Wilma* >> >> To allow everyone except the users Dino and Pebbles to connect to your >> computer, add the following line to the bottom of the sshd_config file: >> >> *DenyUsers Dino Pebbles* >> >> It's possible to create very complex rules about who can use SSH - you >> can allow or deny specific groups of users, or users whose names match >> a specific pattern, or who are logging in from a specific location. >> For more details about how to create complex rules, see the >> sshd_config man page >> <http://manpages.ubuntu.com/manpages/hardy/man5/sshd_config.5.html> >> >> >> this is from the ubuntu documentation but it might prove useful and >> can be found here >> <https://help.ubuntu.com/community/SSH/OpenSSH/Configuring> . >> >> >> >> On Tue, Jul 23, 2013 at 1:16 PM, Hearns, John <john.hea...@mclaren.com >> <mailto:john.hea...@mclaren.com>> wrote: >> >> >> >> John can't you do that with a feature in ssh called Deny users and >> specify the user name or that wouldnt work in a cluster environment. >> >> >> >> I must admit that I am not running this in the context of an MPI >> style cluster. >> I am configuring nodes for interactive logins using the batch >> system to allocate the login sessions (interactive jobs) >> >> >> >> >> The contents of this e-mail are confidential and for the exclusive >> use of the intended recipient. If you are not the intended >> recipient you should not read, copy, retransmit or disclose its >> contents. If you have received this email in error please delete >> it from your system immediately and notify us either by email or >> telephone. The views expressed in this communication may not >> necessarily be the views held by McLaren Racing Limited. >> McLaren Racing Limited | McLaren Technology Centre | Chertsey Road >> | Woking | Surrey | GU21 4YH | UK | Company Number: 01517478 >> >> _______________________________________________ >> Beowulf mailing list, Beowulf@beowulf.org >> <mailto:Beowulf@beowulf.org> sponsored by Penguin Computing >> To change your subscription (digest mode or unsubscribe) visit >> http://www.beowulf.org/mailman/listinfo/beowulf >> >> >> >> >> -- >> Jonathan Aquilina >> >> >> _______________________________________________ >> Beowulf mailing list,Beowulf@beowulf.org sponsored by Penguin Computing >> To change your subscription (digest mode or unsubscribe) >> visithttp://www.beowulf.org/mailman/listinfo/beowulf > > > -- > --- > Dr Peter Clapham, Informatics Systems Group > The Wellcome Trust Sanger Institute, Cambs, CB10 1SA > Tel: +44 (0)1223 834244 x 6972 > > > -- The Wellcome Trust Sanger Institute is operated by Genome Research > Limited, a charity registered in England with number 1021457 and a > company registered in England with number 2742969, whose registered > office is 215 Euston Road, London, NW1 2BE. > > > _______________________________________________ > Beowulf mailing list, Beowulf@beowulf.org sponsored by Penguin Computing > To change your subscription (digest mode or unsubscribe) visit > http://www.beowulf.org/mailman/listinfo/beowulf > _______________________________________________ Beowulf mailing list, Beowulf@beowulf.org sponsored by Penguin Computing To change your subscription (digest mode or unsubscribe) visit http://www.beowulf.org/mailman/listinfo/beowulf
