[slurm-users] ssh-keys on compute nodes?
Michael Jennings
mej at lanl.gov
Wed Jun 10 03:35:34 UTC 2020
On Tuesday, 09 June 2020, at 21:27:27 (+0200),
Ole Holm Nielsen wrote:
> Thanks very much, this is really cool! I need to look into the
> HostbasedAuthentication for intra-cluster MPI tasks spawned by SSH (not
> using srun).
>
> Presumably external access still needs to use SSH authorized keys?
Or some other authentication method, yes. We use MFA, IP address
restrictions, and other techniques to secure cluster borders; only
once the user has been thoroughly authenticated and allowed entry to
the cluster login nodes (what we refer to as FEs or "front-end" nodes)
can the user then SSH freely within the cluster. (And, to be fair,
not all clusters allow free internal movement. Depends on the
cluster.)
And I will readily admit that I, somewhat selfishly, would love to see
a blurb about host-based auth in your thorough and wonderfully written
wiki! O;-)
Michael
--
Michael E. Jennings <mej at lanl.gov>
HPC Systems Team, Los Alamos National Laboratory
Bldg. 03-2327, Rm. 2341 W: +1 (505) 606-0605
More information about the slurm-users
mailing list