Hi Tina,
Do you know how I would do what you suggested?
*Fritz Ratnasamy*
Data Scientist
Information Technology
The University of Chicago
Booth School of Business
5807 S. Woodlawn
Chicago, Illinois 60637
Phone: +(1) 773-834-4556
On Tue, Jul 12, 2022 at 3:27 AM Tina Friedrich
wrote:
> I
Hi Fritz,
Purely theoretical and untested solution, but it may work to "cp
/usr/bin/sshd /usr/bin/sshd2" and then use that sshd2 binary to run an sshd
service on a different port, with a config limiting it to sftp only and a
`/etc/pam.d/sshd2` file that does not enforce pam_slurm_adopt. Downside i
Outside the context of slurm, you could add exceptions to
/etc/security/access.conf. This depends on where pam_access.so appears in
/etc/pam.d/sshd. I believe we’re using the config recommended in the
pam_slurm_adopt documentation. There are a number of caveats: you need system
root to configur
If it's on specific nodes *for specific users*, you could allow them to
log in to those nodes? As in, add them to the exception list in
pam_slurm_adopt.
Tina
On 12/07/2022 07:56, Jake Jellinek wrote:
I cannot think of any way to do this within the Slurm configuration
I would solve this by ha
I cannot think of any way to do this within the Slurm configuration
I would solve this by having a wrapper run at boot time which started a new
sshd process on a different port which you secured (ie only that user could
connect) and then start this as part of your boot time scripts
If your scrip
On 7/12/22 06:51, Ratnasamy, Fritz wrote:
Currently, our cluster does not allow ssh to compute nodes for users
unless they have
a running job on that compute node. I believe a system admin has set up a
PAM module
that does the block. Whn trying ssh, this is the message returned:
Access denied
