automating commands on nodes
Victor Ortega
vor+ at pitt.edu
Tue Jun 6 08:58:05 PDT 2000
On Tue, 6 Jun 2000, Robert G. Brown wrote:
> Even if you configure ssh to use no encryption and not to verify
> connections at all (making it "just like" rsh) you still get
> /etc/environment and port forwarding.
I'm glad someone said it. I was going to say it myself otherwise.
Although I'll admit I haven't done this, it should be possible to
configure ssh such that outside connections to the head node are
encrypted, but connections within the cluster are unencrypted (for the
sake of those worried about performance degradation within the cluster
due to ssh). Internal authentication need not be TOTALLY disabled;
simply set up public and private keys on all the nodes and there'll
still be a level of security--even some bad guy who brings in a
computer and attaches it to the internal network will not be able to
just log into the other nodes without at least having a public key.
Also, the security and convenience features of ssh make it almost a
must for those wishing to connect to a cluster from an external
location; at that point, having just ssh (and not both ssh and rsh)
will make administration and configuration of the cluster easier. I
will give that those who absolutely refuse to have ssh on their system
can still get away with using SRP for secure connections to the
cluster and then use rsh within the cluster (and therefore still have
both security and high performance), but again, that's still two
packages that need to be maintained instead of just one.
Victor
p.s. check out http://srp.stanford.edu/srp/ for information on SRP,
a backwards-compatible, secure replacement for telnet and ftp.
More information about the Beowulf
mailing list