diff --git a/roles/pam_sshd/tasks/main.yml b/roles/pam_sshd/tasks/main.yml
index 2033aa3438b7fd7a5f518d1e0d66ec4fb7f91076..a2a90bd8fbd1cda125de40dcb74578b0519bfab5 100644
--- a/roles/pam_sshd/tasks/main.yml
+++ b/roles/pam_sshd/tasks/main.yml
@@ -1,4 +1,9 @@
 ---
+- name: "Copy pam_allow_users_list file"
+  template: src=pam_allow_users_list.j2 dest=/root/pam_allow_users_list
+  become: true
+  become_user: root
+
 - name: "Copy access.conf"
   template: src=access.conf.j2 dest=/etc/security/access.conf
   become: true
diff --git a/roles/pam_sshd/templates/computenodes_sshd.j2 b/roles/pam_sshd/templates/computenodes_sshd.j2
index fea4fda0e8db16351917037f681ae82a4795d5df..f2460855523016ec13416c1eff9f2cc22b56ac19 100644
--- a/roles/pam_sshd/templates/computenodes_sshd.j2
+++ b/roles/pam_sshd/templates/computenodes_sshd.j2
@@ -6,6 +6,7 @@ auth       include      postlogin
 -auth      optional     pam_reauthorize.so prepare
 account    required     pam_nologin.so
 account    include      password-auth
+account    sufficient   pam_listfile.so item=user sense=allow onerr=fail file=/root/pam_allow_users_list
 account    sufficient   pam_slurm_adopt.so
 account    required     pam_access.so
 password   include      password-auth
diff --git a/roles/pam_sshd/templates/computenodes_sshd_centos.j2 b/roles/pam_sshd/templates/computenodes_sshd_centos.j2
index fea4fda0e8db16351917037f681ae82a4795d5df..f2460855523016ec13416c1eff9f2cc22b56ac19 100644
--- a/roles/pam_sshd/templates/computenodes_sshd_centos.j2
+++ b/roles/pam_sshd/templates/computenodes_sshd_centos.j2
@@ -6,6 +6,7 @@ auth       include      postlogin
 -auth      optional     pam_reauthorize.so prepare
 account    required     pam_nologin.so
 account    include      password-auth
+account    sufficient   pam_listfile.so item=user sense=allow onerr=fail file=/root/pam_allow_users_list
 account    sufficient   pam_slurm_adopt.so
 account    required     pam_access.so
 password   include      password-auth
diff --git a/roles/pam_sshd/templates/pam_allow_users_list.j2 b/roles/pam_sshd/templates/pam_allow_users_list.j2
new file mode 100644
index 0000000000000000000000000000000000000000..e2a942aefa011f68a01a14f857f6c86444fa6dca
--- /dev/null
+++ b/roles/pam_sshd/templates/pam_allow_users_list.j2
@@ -0,0 +1,2 @@
+infra-user
+ec2-user