Question & Answer
Question
rlogin is set to true for account "lsfadmin" and needs to be disabled as per company security guidelines. The account 'lsfadmin' can login directly by 'su' command. Can rlogin be disable for account 'lsfadmin'?
Answer
For LSF cluster, rlogin for lsf administrators accounts can be disabled.
By default, the following LSF commands use remote shell (rsh) and remote login (rlogin):
badmin hstartup
bpeek
lsadmin limstartup
lsadmin resstartup
lsfrestart
lsfshutdown
lsfstartup
lslogin
lsrcp
In order to remotely start/stop LSF and run the above commands, it is necessary to configure LSF_RSH in lsf.conf to use secure shell (ssh) instead of the default (rsh) which provides encryption when transmitting commands for remote execution.
The steps to enable ssh are :
1. In lsf.conf, set LSF_RSH="ssh -o 'PasswordAuthentication no' -o 'StrictHostKeyChecking no'"
2. save lsf.conf
3. restart LSF daemons on all LSF master, master candidates and server hosts individually.
Was this topic helpful?
Document Information
Modified date:
17 June 2018
UID
isg3T1026622