Creating user accounts....
Robert G. Brown
rgb at phy.duke.edu
Fri Feb 14 09:02:04 PST 2003
On Fri, 14 Feb 2003, Nicholas Henke wrote:
> On Thu, 13 Feb 2003 17:07:12 -0600 (CST)
> "Brian D. Ropers-Huilman" <bropers at lsu.edu> wrote:
>
> > Jai,
> >
> > You'll need to create a public/private key pair. Put the public key on
> > all the nodes and leave the secret key on your administrative node.
> > You'll also have to make sure you configure the SSH daemon on all the
> > nodes to accept a public key authentication.
> >
>
> Why is it that key pairs are used, when host based authentication will
> work for any user, without doing more work each time a user is added?
> Is there something inherently wrong with host based ?
What do you mean by host based? Host KEYPAIR based, or .rhosts,
/etc/hosts.equiv type authentication?
The latter kind of authentication is an open invitation to cracking. My
very first cracking experience (way back in the 80's) was a Duke grad
student in CPS who cracked the CS department via a hole in emacs, su'd
to me, and .rhosted into physics. To bad I logged in at the same time
and happened to notice...
It is easy to spoof, easy to fool.
Host keypair based isn't terrible (and is automatic in ssh anyway), but
isn't adequate for personal privacy.
Personal keypair based ensures bidirectional encryption and
authentication at the personal level, in ADDITION to host based (at the
level of the ssh public/private keys).
rgb
>
> Nic
> --
> Nicholas Henke
> Penguin Herder & Linux Cluster System Programmer
> Liniac Project - Univ. of Pennsylvania
> _______________________________________________
> Beowulf mailing list, Beowulf at beowulf.org
> To change your subscription (digest mode or unsubscribe) visit http://www.beowulf.org/mailman/listinfo/beowulf
>
Robert G. Brown http://www.phy.duke.edu/~rgb/
Duke University Dept. of Physics, Box 90305
Durham, N.C. 27708-0305
Phone: 1-919-660-2567 Fax: 919-660-2525 email:rgb at phy.duke.edu
More information about the Beowulf
mailing list