On Tuesday, 09 June 2020, at 21:27:27 (+0200), Ole Holm Nielsen wrote: > Thanks very much, this is really cool! I need to look into the > HostbasedAuthentication for intra-cluster MPI tasks spawned by SSH (not > using srun). > > Presumably external access still needs to use SSH authorized keys?
Or some other authentication method, yes. We use MFA, IP address restrictions, and other techniques to secure cluster borders; only once the user has been thoroughly authenticated and allowed entry to the cluster login nodes (what we refer to as FEs or "front-end" nodes) can the user then SSH freely within the cluster. (And, to be fair, not all clusters allow free internal movement. Depends on the cluster.) And I will readily admit that I, somewhat selfishly, would love to see a blurb about host-based auth in your thorough and wonderfully written wiki! O;-) Michael -- Michael E. Jennings <m...@lanl.gov> HPC Systems Team, Los Alamos National Laboratory Bldg. 03-2327, Rm. 2341 W: +1 (505) 606-0605