[Beowulf] Password less ssh

Suvendra Nath Dutat sdutta at cfa.harvard.edu
Wed Dec 8 12:14:43 PST 2004


On Wed, 2004-12-08 at 16:01 -0500, Robert G. Brown wrote:
> On Wed, 8 Dec 2004, Suvendra Nath Dutta wrote:
> 
> > This is exactly the steps I followed from another past email in this list. 
> > But it didn't work for me. Which is why I wondered if something was 
> > different about this particular version of OpenSSH or SUSE.
> 
> I doubt it, although I don't use SUSE so I cannot be certain.
> 
> I think (in agreement with several others on the list) that the problem
> is that you were doing things as root that are really dangerous, really
> bad things to do as root.  For example, if you REALLY copied root's
> /root/.ssh directory to all your users' directories and had set root's
> directory up so that password-free login was possible, it is quite
> possible that now all of your users can login as root without a
> password.
> 

With trepidation (always advised when speaking to someone who harnesses
the Brahma), I wonder if this absolutely true. Because, public keys
don't identify users, they identify machines. So although every user
uses public keys generated by the root user, they all just identify the
originating machine. SSH verifies the machine is who they claim to be,
and allow access to the user (but only as the user). If someone now says
ssh -l root clientmachine they'll be asked for the root password. This
is I believe as it should be and easily verified to be true (I just did
it before emailing to be sure).

Suvendra.




More information about the Beowulf mailing list