[slurm-users] ssh-keys on compute nodes?
Jeffrey T Frey
frey at udel.edu
Mon Jun 8 16:07:14 UTC 2020
There's a Slurm PAM module you can use to gate ssh access -- basically it checks to see if the user has a job running on the node and moves any ssh sessions to the first cgroup associated with that user on that node. If you don't use cgroup resource limiting I think it just gates access w/o any such cgroup assignments.
> On Jun 8, 2020, at 12:01 , Durai Arasan <arasan.durai at gmail.com> wrote:
>
> Hi Jeffrey,
>
> Thanks for the clarification.
>
> But this is concerning, as the users will be able to ssh into any node. How do you prevent that?
>
> Best,
> Durai
>
> On Mon, Jun 8, 2020 at 5:55 PM Jeffrey T Frey <frey at udel.edu> wrote:
> User home directories are on a shared (NFS) filesystem that's mounted on every node. Thus, they have the same id_rsa key and authorized_keys file present on all nodes.
>
>
>
>
> > On Jun 8, 2020, at 11:42 , Durai Arasan <arasan.durai at gmail.com> wrote:
> >
> > Ok, that was useful information.
> >
> > So when you provision user accounts, you add the public key to .ssh/authorized_keys of *all* nodes on the cluster? Not just the login nodes.. ?
> > When we provision user accounts on our Slurm cluster we still add .ssh, .ssh/id_rsa (needed for older X11 tunneling via libssh2), and add the public key to .ssh/authorized_keys.
> >
> > Thanks,
> > Durai
>
More information about the slurm-users
mailing list