[slurm-users] Allow SFTP on a specific compute node

John Hanks griznog at gmail.com
Tue Jul 12 13:27:39 UTC 2022


Hi Fritz,

Purely theoretical and untested solution, but it may work to "cp
/usr/bin/sshd /usr/bin/sshd2" and then use that sshd2 binary to run an sshd
service on a different port, with a config limiting it to sftp only and a
`/etc/pam.d/sshd2` file that does not enforce pam_slurm_adopt. Downside is
that users would have to know to use the different port.

If this is to allow access to the local scratch disk on the node, we've
solved this pretty successfully by letting every compute node be an NFS
server and having an automount rule that allows mounting that from any
other node at a path like `/nodes/${NODENAME}`. Doesn't require a login
session on the nodes, permissions and ACLs are honored and it's
convenient for things like collecting scattered results, pre-staging
reference data, etc.

griznog

On Mon, Jul 11, 2022 at 11:54 PM Ratnasamy, Fritz <
fritz.ratnasamy at chicagobooth.edu> wrote:

> Hello,
>
>  Currently, our cluster does not allow ssh to compute nodes for users
> unless they have
> a running job on that compute node. I believe a system admin has set up a
> PAM module
> that does the block. Whn trying ssh, this is the message returned:
> Access denied by pam_slurm_adopt: you have no active jobs on this node
> Connection closed by 10.135.242.188 port 22
>
> However, we would like to allow sftp on a specific compute node for
> specific users.
> Any idea on how to do that?
> Thanks,
>
>
> *Fritz Ratnasamy*
>
> Data Scientist
>
> Information Technology
>
> The University of Chicago
>
> Booth School of Business
>
> 5807 S. Woodlawn
>
> Chicago, Illinois 60637
>
> Phone: +(1) 773-834-4556
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.schedmd.com/pipermail/slurm-users/attachments/20220712/fe12d90d/attachment.htm>


More information about the slurm-users mailing list