At my university I just setup an HPC cluster with 16 compute nodes, one file server and one head node. Only the head node is connected to an external network (which is visible to the world). The compute nodes are diskless (they boot by PXE and NFS from the file server).
I'm looking for any advice for keeping it safe without risking breaking anything. I trust all the people that I give user accounts to, so mostly I'm looking for ways to keep unauthorized users out. The head node has an ssh server, http server (for a ganglia monitoring system.) Mostly I'm looking to find out the things that I don't know about that I should.
One thought I had was to not allow ssh logins by password but rather force all users to use ssh keys instead. Is this advisable or is it better to enforce a good password policy?
[link][2 comments]