Encrypt transmission of LSF commands for remote execution and login

About this task

By default, certain LSF commands use rsh for remote execution and rlogin for remote login, both of which are not encrypted. To secure these LSF commands, enable the use of ssh for remote execution, because ssh provides encryption when transmitting LSF commands.

The following LSF commands are covered by this change:

  • bctrld start sbd
  • bpeek
  • bctrld start lim
  • bctrld start res
  • lsfrestart
  • lsfshutdown
  • lsfstartup
  • lsrcp

Procedure

  1. Edit the lsf.conf file.
  2. Change the remote execution shell from rsh to ssh by specifying the LSF_RSH parameter.

    For example,

    LSF_RSH="ssh -o ’PasswordAuthentication no’ -o ’StrictHostKeyChecking no’"

  3. Change the remote login shell by specifying the LSF_LSLOGIN_SSH parameter.

    LSF_LSLOGIN_SSH=yes

  4. Reconfigure LIM and restart mbatchd on the management host to activate these changes.

    lsadmin reconfig

    badmin mbdrestart

Results

The affected LSF commands now use ssh for remote execution and remote login.