[Beowulf] CLuster - Mpich - tstmachines - Heeelp !!!!!!!!

Gerald Davies gerald.davies at gmail.com
Wed Jul 19 01:58:29 PDT 2006


On 7/19/06, hahn at physics.mcmaster.ca <hahn at physics.mcmaster.ca> wrote:
> > unless you really want to run programs as root, I wouldn't recommend to allow
> > root login at all with ssh. Better is to have to login as a user first, and
> > then su to root.
>
> I disagree with this, actually.  first, "su root" is almost always
> the worst thing to do, since it requires that you have an easy-to-type
> password for root, and that you quite possibly type it frequently.
> using an SSH identity for logging in directly as root is surely
> more secure.  that's my preferred technique - I run ssh-agent
> so almost never type any password.
>

If all the slave nodes are coming off a switch connected to the
cluster and behind a firewall, then i don't mind enabling ssh with
root access for the slave nodes.  However, I never allow direct root
access to the head node of a cluster or any other box for that matter.
 This was brought about by one of the SSH root exploits a few years
ago.  Since then I'm cautious of enabling it.

su to root or sudo is my preferred method.

-- 
Gerald Davies
---------------------------------------------
w: http://www.geralddavies.com



More information about the Beowulf mailing list