IBM Support

What does LSF_LSLOGIN_SSH work for?

General Page

The parameter LSF_LSLOGIN_SSH is designed to enable SSH to secure communication between hosts and during job submission. This parameter is more helpful for normal user. A user with SSH configured can log on to a remote host without providing a password. All communication between local and remote hosts is encrypted.

SSH is used when running any of the following:

  • Remote login to a lightly loaded host (lslogin
  • An interactive job (bsub -IS | -ISp | ISs)
  • An X-window job (bsub -IX)
  • An externally submitted job that is interactive or X-window job (esub)

By default, LSF do NOT set this parameter and LSF uses rlogin to authenticate users.

Here is an example (lslogin) to illustrate how to setup this parameter and how it works.

  1. Log on server1-id8 as a non-root user "lsfadmin", and remove the file $HOME/.ssh/authorized_keys.
  2. Log on management-id8 as "lsfadmin", and configure LSF_RSH="ssh -o 'PasswordAuthentication no' -o 'StrictHostKeyChecking no'" and LSF_LSLOGIN_SSH=Y in lsf.conf, then run "lsadmin reconfig", "badmin mbdrestart"to make the changes take effect.
  3. Log on management-id8 as "lsfadmin", run "lslogin -m server1-id8", it succeeds but we need to input password. That matches the description of this parameter: A user with SSH configured can log on to a remote host without providing a password. Since user "lsfadmin" do not have public key of management-id8 in remote host server1-id8, we need to input password to login the remote host by ssh. 
    $ lslogin -m server1-id8

lsfadmin@server1-id8's password:

Last login: Tue Jun 19 07:04:46 2018 from 172.17.0.3
  4. Go back to server1-id8 as "lsfadmin", and add the ssh public key of management-id8 to $HOME/.ssh/authorized_keys 
    $ cat /home/lsfadmin/.ssh/authorized_keys

ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAy97yccmUaXSXoCuNa+5LS1uzrxgVbdhoObA4q3X8HGLQbs3YtmU7LDYVSOSRxC... ... ... ... ... 

 lsfadmin@management-id8
  5. Back to management-id8, run "lslogin -m server1-id8" as "lsfadmin", it succeed and we do NOT need to input password. 
    [lsfadmin@management-id8 conf]$ lslogin -m server1-id8

Last login: Tue Jun 19 07:07:52 2018 from 172.17.0.3
  6. Remove the LSF_LSLOGIN_SSH=Y in lsf.conf, run "lsadmin reconfig" and "badmin mbdrestart" on management host.
  7. On management-id8, run "lslogin -m server1-id8" as "lsfadmin", it failed. 
    $ lslogin -m server1-id8

lslogin: execvp [rlogin] failed: No such file or directory

By default, if you do not set parameter LSF_LSLOGIN_SSH=Y, LSF uses rlogin to authenticate users. If there is no lslogin installed, lslogin fails. That's how LSF_LSLOGIN_SSH=Y works.

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSWRJV","label":"IBM Spectrum LSF"},"Component":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}}]

Document Information

Modified date:
12 May 2021

UID

ibm10792797

Page Feedback