[Beowulf] Newbie

Leif Nixon nixon at nsc.liu.se
Thu Jan 5 11:03:12 PST 2006


Dan Stromberg <strombrg at dcs.nac.uci.edu> writes:

> Actually, on gigabit networks (and I assume on 10 gigabit nets too), ssh
> overhead is often significant.

Yep, at least for big file transfers. Let me take this opportunity to
advertise Chris Rapier's HPN-SSH patches, which improve significantly
on the performance over high-latency connections and, optionally,
offer the possibility of turning off encryption for the payload (after
authentication is done).

  http://www.psc.edu/networking/projects/hpn-ssh/

> Yes, once you have root, all bets are off to an extent, but few
> users have the sophistication to grab a private key out of core
> until someone writes a program to do it for them.

You usually don't need that level of sophistication, and you don't
need root. If you by nefarious means can run processes as a certain
user, just drop an ssh trojan into the user's PATH (I've seen that
done) and snarf his passphrase and/or remote passwords, or just point
your own ssh client at his ssh agent socket (I haven't actually seen
that, but it's certainly trivial).

-- 
Leif Nixon                       -            Systems expert
------------------------------------------------------------
National Supercomputer Centre    -      Linkoping University
------------------------------------------------------------



More information about the Beowulf mailing list