[Beowulf] Newbie

Robert G. Brown rgb at phy.duke.edu
Fri Jan 6 09:08:44 PST 2006 

On Thu, 5 Jan 2006, Leif Nixon wrote:

> Dan Stromberg <strombrg at dcs.nac.uci.edu> writes:
>
>> Actually, on gigabit networks (and I assume on 10 gigabit nets too), ssh
>> overhead is often significant.
>
> Yep, at least for big file transfers. Let me take this opportunity to
> advertise Chris Rapier's HPN-SSH patches, which improve significantly
> on the performance over high-latency connections and, optionally,
> offer the possibility of turning off encryption for the payload (after
> authentication is done).
>
>  http://www.psc.edu/networking/projects/hpn-ssh/

Yeah, this used to be possible for ssh (ssh -c none?).  Wish it still
were, in the mainstream release.  Seems like a safe thing to make a user
choice...

>> Yes, once you have root, all bets are off to an extent, but few
>> users have the sophistication to grab a private key out of core
>> until someone writes a program to do it for them.
>
> You usually don't need that level of sophistication, and you don't
> need root. If you by nefarious means can run processes as a certain
> user, just drop an ssh trojan into the user's PATH (I've seen that
> done) and snarf his passphrase and/or remote passwords, or just point
> your own ssh client at his ssh agent socket (I haven't actually seen
> that, but it's certainly trivial).

I've seen several of these in various incarnations over the years as
well.  And these days, "rootkits" have long since taken the level of
sophistication required by crackers down to the near-idiot level.  That
is, they don't actually have to know enough to WRITE applications like
this, only to find 1337 tools on the web that are pretty much drop in.
I don't know that they can still get a user root on any given system as
easily as they once could -- linux is pretty aggressively defended --
but MOST of the cracks I've seen over the years have, paradoxically
enough, been due to password snooping of rsh or telnet logins.  As in
90% or so.  This is why I think that rsh is Evil, and why NOBODY that I
know of runs rsh openly on WAN-connected LANS or permits telnet access
any more.

    rgb

-- 
Robert G. Brown	                       http://www.phy.duke.edu/~rgb/
Duke University Dept. of Physics, Box 90305
Durham, N.C. 27708-0305
Phone: 1-919-660-2567  Fax: 919-660-2525     email:rgb at phy.duke.edu

More information about the Beowulf mailing list