[Beowulf] Newbie
Leif Nixon
nixon at nsc.liu.se
Thu Jan 5 11:03:12 PST 2006
Dan Stromberg <strombrg at dcs.nac.uci.edu> writes:
> Actually, on gigabit networks (and I assume on 10 gigabit nets too), ssh
> overhead is often significant.
Yep, at least for big file transfers. Let me take this opportunity to
advertise Chris Rapier's HPN-SSH patches, which improve significantly
on the performance over high-latency connections and, optionally,
offer the possibility of turning off encryption for the payload (after
authentication is done).
http://www.psc.edu/networking/projects/hpn-ssh/
> Yes, once you have root, all bets are off to an extent, but few
> users have the sophistication to grab a private key out of core
> until someone writes a program to do it for them.
You usually don't need that level of sophistication, and you don't
need root. If you by nefarious means can run processes as a certain
user, just drop an ssh trojan into the user's PATH (I've seen that
done) and snarf his passphrase and/or remote passwords, or just point
your own ssh client at his ssh agent socket (I haven't actually seen
that, but it's certainly trivial).
--
Leif Nixon - Systems expert
------------------------------------------------------------
National Supercomputer Centre - Linkoping University
------------------------------------------------------------
More information about the Beowulf
mailing list