Does lsf install account (lsfadmin) need interactive login (rlogin)?

Question & Answer

Question

rlogin is set to true for account "lsfadmin" and needs to be disabled as per company security guidelines. The account 'lsfadmin' can login directly by 'su' command. Can rlogin be disable for account 'lsfadmin'?

Answer

For LSF cluster, rlogin for lsf administrators accounts can be disabled.
By default, the following LSF commands use remote shell (rsh) and remote login (rlogin):

badmin hstartup

bpeek

lsadmin limstartup

lsadmin resstartup

lsfrestart

lsfshutdown

lsfstartup

lslogin

lsrcp

In order to remotely start/stop LSF and run the above commands, it is necessary to configure LSF_RSH in lsf.conf to use secure shell (ssh) instead of the default (rsh) which provides encryption when transmitting commands for remote execution.

The steps to enable ssh are :

1. In lsf.conf, set LSF_RSH="ssh -o 'PasswordAuthentication no' -o 'StrictHostKeyChecking no'"

2. save lsf.conf

3. restart LSF daemons on all LSF master, master candidates and server hosts individually.

[{"Product":{"code":"SSETD4","label":"Platform LSF"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"--","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"}],"Version":"Version Independent","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}}]

Tips

Does lsf install account (lsfadmin) need interactive login (rlogin)?

Question & Answer

Question

Answer

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?