there is a number of people who dislike the idea of direct root access through ssh. Confronting them with exactly that requirement of GPFS raises their eyebrows, usually.
However, the GPFS documentation is very clear here: At least one system in the cluster must be able to execute commands as root on all others via a remote shell program (such as rsh or ssh, the latter will be the widely chosen one).
The applicable restrictions I'd think of is restricting ssh access for root on the cluster nodes to originate from the admin node, forbidding any other connections.
However, compromising that admin machine is opening full root access to all other systems in the cluster. One can discuss whether there is anything to save if guys have hacked into one node anyway, but the question stands nevertheless: What is the "safest" setup of GPFS WRT remote shell access which is still operational ?
My bet is:
admin machine is (the) one with valuable data (as it might be protected best anyway) - chosing any other would nevertheless compromise it due to the remote access for troot.
on all nodes, restrict root ssh access to originate from the admin machine only.
Use a long rsa key.
Anything else to do, or any better approaches?