<div dir="ltr">Hi Tina, <div><br></div><div>Do you know how I would do what you suggested? <br clear="all"><div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><p class="MsoNormal" style="background-image:initial;background-position:initial;background-repeat:initial"><b><span style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#9c1d21">Fritz Ratnasamy</span></b><span style="font-size:10.5pt;font-family:"Helvetica Neue";color:#333333"></span></p>
<p class="MsoNormal" style="background-image:initial;background-position:initial;background-repeat:initial"><span style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#9c1d21">Data Scientist</span><span style="font-size:10.5pt;font-family:"Helvetica Neue";color:#333333"></span></p>
<p class="MsoNormal" style="background-image:initial;background-position:initial;background-repeat:initial"><span style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#9c1d21">Information Technology</span><span style="font-size:10.5pt;font-family:"Helvetica Neue";color:#333333"></span></p>
<p class="MsoNormal" style="background-image:initial;background-position:initial;background-repeat:initial"><span style="color:rgb(103,110,115);font-family:Times,serif;font-size:10.5pt">The University of Chicago</span></p><p class="MsoNormal" style="background-image:initial;background-position:initial;background-repeat:initial"><span style="font-size:10.5pt;font-family:"Helvetica Neue";color:#333333"></span></p>
<p class="MsoNormal" style="background-image:initial;background-position:initial;background-repeat:initial"><span style="font-size:10.5pt;font-family:"Times",serif;color:#676e73">Booth School of Business</span><span style="font-size:10.5pt;font-family:"Helvetica Neue";color:#333333"></span></p>
<p class="MsoNormal" style="background-image:initial;background-position:initial;background-repeat:initial"><span style="font-size:10.5pt;font-family:"Times",serif;color:#676e73">5807 S. Woodlawn</span><span style="font-size:10.5pt;font-family:"Helvetica Neue";color:#333333"></span></p>
<p class="MsoNormal" style="background-image:initial;background-position:initial;background-repeat:initial"><span style="font-size:10.5pt;font-family:"Times",serif;color:#676e73">Chicago,</span><span style="font-size:10.5pt;font-family:"Helvetica Neue";color:#333333"> </span><span style="font-size:10.5pt;font-family:"Times",serif;color:#676e73">Illinois</span><span style="font-size:10.5pt;font-family:"Helvetica Neue";color:#333333"> </span><span style="font-size:10.5pt;font-family:"Times",serif;color:#676e73">60637</span></p>
<p class="MsoNormal" style="background-image:initial;background-position:initial;background-repeat:initial"><span style="font-size:10.5pt;font-family:"Times",serif;color:#676e73">Phone: +(1) 773-834-4556</span><span style="font-size:10.5pt;font-family:"Helvetica Neue";color:#333333"></span></p></div></div></div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Jul 12, 2022 at 3:27 AM Tina Friedrich <<a href="mailto:tina.friedrich@it.ox.ac.uk">tina.friedrich@it.ox.ac.uk</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">If it's on specific nodes *for specific users*, you could allow them to<br>
log in to those nodes? As in, add them to the exception list in<br>
pam_slurm_adopt.<br>
<br>
Tina<br>
<br>
On 12/07/2022 07:56, Jake Jellinek wrote:<br>
> I cannot think of any way to do this within the Slurm configuration<br>
><br>
> I would solve this by having a wrapper run at boot time which started a<br>
> new sshd process on a different port which you secured (ie only that<br>
> user could connect) and then start this as part of your boot time scripts<br>
> If your script was started on one of your ‘special’ machines, start the<br>
> second instance of sshd…..if not, do nothing<br>
><br>
> Hope that helps<br>
><br>
>> On 12 Jul 2022, at 05:53, Ratnasamy, Fritz<br>
>> <<a href="mailto:fritz.ratnasamy@chicagobooth.edu" target="_blank">fritz.ratnasamy@chicagobooth.edu</a>> wrote:<br>
>><br>
>> <br>
>> Hello,<br>
>><br>
>> Currently, our cluster does not allow ssh to compute nodes for users<br>
>> unless they have<br>
>> a running job on that compute node. I believe a system admin has set<br>
>> up a PAM module<br>
>> that does the block. Whn trying ssh, this is the message returned:<br>
>> Access denied by pam_slurm_adopt: you have no active jobs on this node<br>
>> Connection closed by 10.135.242.188 port 22<br>
>><br>
>> However, we would like to allow sftp on a specific compute node for<br>
>> specific users.<br>
>> Any idea on how to do that?<br>
>> Thanks,<br>
>><br>
>><br>
>> *Fritz Ratnasamy*<br>
>><br>
>> Data Scientist<br>
>><br>
>> Information Technology<br>
>><br>
>> The University of Chicago<br>
>><br>
>> Booth School of Business<br>
>><br>
>> 5807 S. Woodlawn<br>
>><br>
>> Chicago,Illinois60637<br>
>><br>
>> Phone: +(1) 773-834-4556<br>
>><br>
<br>
--<br>
Tina Friedrich, Advanced Research Computing Snr HPC Systems Administrator<br>
<br>
Research Computing and Support Services<br>
IT Services, University of Oxford<br>
<a href="http://www.arc.ox.ac.uk" rel="noreferrer" target="_blank">http://www.arc.ox.ac.uk</a> <a href="http://www.it.ox.ac.uk" rel="noreferrer" target="_blank">http://www.it.ox.ac.uk</a><br>
<br>
CAUTION: This email has originated outside of University email systems. Please do not click links or open attachments unless you recognize the sender and trust the contents as safe.<br>
<br>
</blockquote></div>