[Beowulf] passwordless "rsh" login
Many of your questions may have already been answered in earlier discussions or in the FAQ. The search results page will indicate current discussions as well as past list serves, articles, and papers.
Andrew M.A. Cater amacater at galactic.demon.co.ukSat Jul 10 01:49:07 PDT 2004
- Previous message: [Beowulf] passwordless "rsh" login
- Next message: [Beowulf] passwordless "rsh" login
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Fri, Jul 09, 2004 at 01:43:51PM -0400, Robert G. Brown wrote: > On Thu, 8 Jul 2004, Daniel Pfenniger wrote: > > > > Andrew M.A. Cater wrote: > > > _Don't_ use rsh :) Use ssh with key exchange and passwordless login. rgb has probably said it better than I can :) > > What is wrong with rsh, what is much better with ssh? > > A few words explanation would help. > > > a) no security (as in "bleeding wound" in an open network) Not such a problem if you _really are_ a secure network: really secure networks ban rsh/rlogin completely :) > b) no environment passing > c) no tunnelling/port forwarding > d) no intrinsic X11 support These three are the kickers - passing the environment is good, being able to pass X when needed and not have to worry about setting displays etc. is even better. Being able to see your head node display when you're sat in front of a faulty node is potentially good :) > > Things good about ssh: > > a) strong security > e) strong host authentication > f) strong personal authentication It makes a difference: set up keys ONCE, you may get a prompt saying effectively "You've not connected here before, do you trust me" the first time you connect to a node but thereafter you're in practically forever. > > On the other hand ssh may slow communications for particular usages > > (such as a constant stream of console messages through the network). > > In most cases your intrinsic limitation is going to be the speed of a > pseudo tty interface, not ssh. Simply writing to an xterm/console > window is slow -- almost certainly MUCH slower than the speed with which > ssh can encrypt/decrypt data. ACK > > Of course for real parallel operations, one doesn't use ssh (or any > shell) to do real internode communications -- at most it is for out of > band control operations like starting up pvm or mpi itself on remote > nodes. Or one writes a nice raw socket interface, or whatever. ssh is > fine for typical remote/interactive use on a cluster. ACK > > > ssh is particularly recommended on an untrusted network, but then > > I would like once to see an *easy* procedure for installing ssh safely > > by the sys admin passwordless login for all the network trusted users. > > I don't think that this would be terribly difficult, although easy is a > matter of personal perspective. Look into ssh-agent(1) and ssh-add(1). > I've never used them, but this looks like what they might be for. > ssh-copy-id does this nicely on a Debian system. It's only a script as far as I can see. Andy
- Previous message: [Beowulf] passwordless "rsh" login
- Next message: [Beowulf] passwordless "rsh" login
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Beowulf mailing list