[Beowulf] CLuster - Mpich - tstmachines - Heeelp !!!!!!!!
gerald.davies at gmail.com
Wed Jul 19 01:58:29 PDT 2006
On 7/19/06, hahn at physics.mcmaster.ca <hahn at physics.mcmaster.ca> wrote:
> > unless you really want to run programs as root, I wouldn't recommend to allow
> > root login at all with ssh. Better is to have to login as a user first, and
> > then su to root.
> I disagree with this, actually. first, "su root" is almost always
> the worst thing to do, since it requires that you have an easy-to-type
> password for root, and that you quite possibly type it frequently.
> using an SSH identity for logging in directly as root is surely
> more secure. that's my preferred technique - I run ssh-agent
> so almost never type any password.
If all the slave nodes are coming off a switch connected to the
cluster and behind a firewall, then i don't mind enabling ssh with
root access for the slave nodes. However, I never allow direct root
access to the head node of a cluster or any other box for that matter.
This was brought about by one of the SSH root exploits a few years
ago. Since then I'm cautious of enabling it.
su to root or sudo is my preferred method.
More information about the Beowulf