[Beowulf] problem of mpich-1.2.7p1
Many of your questions may have already been answered in earlier discussions or in the FAQ. The search results page will indicate current discussions as well as past list serves, articles, and papers.
Mark Hahn hahn at mcmaster.caThu Feb 4 11:10:06 PST 2010
- Previous message: [Beowulf] problem of mpich-1.2.7p1
- Next message: [Beowulf] problem of mpich-1.2.7p1
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
>> but if you do want passwordless ssh, IMO the only sane solution is to >> configure hostbased trust. having an unencrypted private key in your >> home directory is hideous (moral equivalent of putting your password >> in a file, in the clear...) > > Completely agree that host-based passwordless SSH is the best approach, > especially when jobs are submitted via a resource manager.. > > Also agree that an empty passphrase is a particularly bad approach. > > But, when done via ssh-agent, I don't see partiularly onerous security issues > for a usage where you're manually launching jobs from an interactive session > unless you have no faith in the system's integrity at all... absolutely. I spoke sloppily - I use agent-based PK logins myself, and only wanted to badmouth password and unencrypted PK logins. I think it's really important even for end-users to understand the basics of ssh: - first stage is mutual authentication of _machines_. this is what all that "hostkey of xxx has changed; maybe a hack!". once this is done, hosts have an encrypted channel between authentic hosts. - second stage is user PK authentication: the client is challenged to prove knowlege of the private key, which can happen by an un-encrypted private key in ~/.ssh, or by prompting the user for the passphrase to an encrypted privkey, or by interacting with ssh-agent. - finally, as a last resort, username/password can be used - basically the worst case security-wise: maximal exposure to clocal keyboard logging and remote daemon compromise. A QUESTION: how many clusters used/managed by people on this list mandate the use of PK login (ie, rule out passwords)? I know some do, but we haven't, figuring there would be an outcry (not to mention making our systems harder to use for the technically weaker users.) we've thought of providing users with a customized package of windows ssh client with a unique encrypted PK preinstalled. might work... if you think of threat models, it's interesting to note that if an sshable account is attacked through windows-based clients, keylogging is probably the more likley issue. if compromise is of clients on a *nix system, I'm guessing the main risk is unencrypted PKs in /home/*/.ssh. server-side compromise seems to usually be of the daemon, which simply logs password-based logins (not outgoing connections in the versions I've seen, and no compromise of ssh-agent to collect passphrase+key combos...)
- Previous message: [Beowulf] problem of mpich-1.2.7p1
- Next message: [Beowulf] problem of mpich-1.2.7p1
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Beowulf mailing list