[Beowulf] Intra-cluster security
hearnsj at googlemail.com
Sun Sep 13 01:07:56 PDT 2009
2009/9/11 Stuart Barkley <stuartb at 4gh.net>:
> - Each user creates a password-less ssh private key, puts the public
> key in the authorized_hosts file and has relatively unfettered ssh
> access between nodes (nfs shared home directory helps a lot). This
> seems to be the most common approach. It is end-user setup/training
> intensive (I suppose it could be automated/audited). I consider it
> dangerous to encourage use of password-less ssh keys.
Yes, I would agree this is the most common approach.
You can automate it by having a script which runs when you first login
to the cluster (Oscar does this).
You can also use shosts trusts.
A script which loops through cluster nodes and runs an ssh-keyscan is useful.
Re. security its the armadillo principle - hard on the outside, soft
on the inside.
More information about the Beowulf