[Beowulf] problem of mpich-1.2.7p1

David N. Lombard dnlombar at ichips.intel.com
Thu Feb 4 10:36:12 PST 2010


On Thu, Feb 04, 2010 at 10:27:18AM -0700, Mark Hahn wrote:
> 
> but if you do want passwordless ssh, IMO the only sane solution is to 
> configure hostbased trust.  having an unencrypted private key in your 
> home directory is hideous (moral equivalent of putting your password 
> in a file, in the clear...)

Completely agree that host-based passwordless SSH is the best approach,
especially when jobs are submitted via a resource manager..

Also agree that an empty passphrase is a particularly bad approach.

But, when done via ssh-agent, I don't see partiularly onerous security issues
for a usage where you're manually launching jobs from an interactive session
unless you have no faith in the system's integrity at all...

-- 
David N. Lombard, Intel, Irvine, CA
I do not speak for Intel Corporation; all comments are strictly my own.



More information about the Beowulf mailing list