Why no rlogin to nodes?
Robert G. Brown
rgb at phy.duke.edu
Mon Oct 16 05:18:25 PDT 2000
On Thu, 12 Oct 2000, Daniel Ridge wrote:
>
> Walt,
>
> <shameless>
> Run Scyld Beowulf! Our nodes don't even have inetd -- let alone
> rsh, telnet, or ftp daemons!
> </shameless>
>
> Cheers,
> Dan Ridge
> Scyld Computing Corporation
To add just a teeny bit to this, since your "beowulf" could be more of a
"cluster supercomputer" with some nodes acting as workstations (like
ours) which makes just running Scyld Beowulf a bit tricky, from what
Erik told me on Saturday at ALSC -- EVEN if you cannot run SB, EVEN if
you don't even have "nodes" but instead have a bunch of PC's running
linux in folks' offices and want to run e.g. PVM or MPI calculations
spread out across them:
You do not (and should not) run rshd, rlogind, telnetd and ftpd. The
only service a typical workstation needs to offer these days to enable
just about all the kinds of incoming access one requires to support
parallel calculations, remote logins, remote file copies (bidirectional)
and so forth is sshd. sshd replaces rshd (but is run standalone, not
out of inetd) and is far more powerful, offering bidirectional
encryption (or not, in a secure network, your choice), (e.g. X11) port
forwarding and the ability to set a user environment on a remote login
independent of their shell or .rc-files. With the RSA patent no longer
in force, it is absolutely freely available. I think the consensus view
is that openssh is the best choice here:
<a href="http://www.openssh.org">Open SSH Project</a>
The only other daemons you might want to run in a workstation/node
environment are httpd, sendmail, and inetd to facilitate specific
optional services (paradoxically, to help SECURE these optional services
via /etc/hosts.[allow,deny]). None of these are necessary to node
function, and security can also be enforced via e.g. ipchains. Note
that adding additional ports and the associated security will degrade
network performance at least on those ports (it has to -- checking takes
time).
Scyld Beowulf looks great, and I got MY CD for $2 at ALSC to try out in
the next day or two;-) but it is a "beowulf in a box" for TRUE beowulfs
-- head master node, headless slave nodes, isolated/protected network,
no internal security. It doesn't look like it is going to work for
NOW/COW type arrangments or for heterogenous clusters with a protected
part and an unprotected part, although I'm not yet certain about the
latter statement, since the head node might be able to be set up to use
PVM or MPI across both the internal nodes and the external nodes. I
think that this would require a PVM hack (one can set e.g. PVM_RSH to
bpsh OR ssh, but I'm not sure one could set it to either/both without
making it a node-specific identifier rather than a virtual
machine-specific environment variable, but I'm not certain.
rgb
--
Robert G. Brown http://www.phy.duke.edu/~rgb/
Duke University Dept. of Physics, Box 90305
Durham, N.C. 27708-0305
Phone: 1-919-660-2567 Fax: 919-660-2525 email:rgb at phy.duke.edu
More information about the Beowulf
mailing list