[mvapich-discuss] Disable interactive login to compute node
Guangyu Wu
wgy at altair.com.cn
Mon Jul 13 02:14:43 EDT 2009
Hello:
This has been a common security/management issue raised by admins.
Not sure if anyone has addressed it without using a WMS.
The latest version of PBS Pro provides a way around where the
methodology is simple, I.e, having the WMS daemon on nodes scanning
processes owner, if the owner doesn't has a job (submitted thru WMS)
running then kill the processes. This way even reomote login is not
possible.
Of course some exception are there, e.g. User can login a node during
the time his job is running there. Admins can except some users who is
not limited by this behavior.
HTH
Henry, Wu
On 7/13/09, Satoshi Isono <isono at cray.com> wrote:
> Hello Bill, everyone,
>
> Sorry, this issue may not be a MVAPICH article. Please let me have your
> opinion on this.
>
> The background is I use MVAPICH based on SSH authorization. And the
> number of users is more one thousand. In order to run MPI, I have done
> SSH setting. As a result of my configuration, SSH login between compute
> nodes does not need password. As we know, this is general setting for
> MPI run environment.
>
> On the other hand, anyone who has an account on compute node has done
> login for arbitrary nodes. This action is not cared from system security
> side. I think we should consider that all users aren't able to login
> during other users job running.
>
> My concern is how everyone control such as operations. I know this may
> depend on the system policy. On big system site like a TACC, how is this
> restricted?
>
> For example, before/after running MPI, to set available user, we are
> able to edit password file, automatically?
>
> Best regards,
> Satoshi Isono
>
>
> _______________________________________________
> mvapich-discuss mailing list
> mvapich-discuss at cse.ohio-state.edu
> http://mail.cse.ohio-state.edu/mailman/listinfo/mvapich-discuss
>
More information about the mvapich-discuss
mailing list