On 10/13/2014 11:18 AM, Mark Dixon wrote:
On Tue, 30 Sep 2014, Derrick Lin wrote:
...
I am trying to configure SSH as underlying protocol for qrsh, qlogin.
However, this requires allowing users to SSH into compute nodes. In such
case, users can simply go to compute nodes with SSH, bypassing SGE
(qrsh,
qlogin etc).
I am wondering what the best way to configure SSH to service qrsh and
qlogin
but don't expose SSH directly to the users?
...
Out of curiosity, why do you want to configure SSH to service qrsh and
qlogin?
I think what he wants to do is this, which is actually a pretty common
desire:
1. Not let users ssh directly into cluster nodes and bypass the scheduler.
2. If a user is in a qrsh or qlogin session and has requested multiple
nodes, for debugging parallel jobs, or just running interactive parallel
jobs, that user should be able to ssh to the other nodes assigned to his
interactive job, but should only be allowed to SSH into the nodes
assigned to him.
(2) prevents a user from using SSH to bypass the scheduler as intended
in (1). This works best when the allocation rule is 'fill_up', and/or
node usage is exclusive, since if a user has one slot of 50 different
nodes, he can now do as he pleases on all 50 nodes, interfering with
other jobs on those nodes.
Prentice
_______________________________________________
users mailing list
[email protected]
https://gridengine.org/mailman/listinfo/users
