[Beowulf] High Performance SSH/SCP

Robert G. Brown rgb at phy.duke.edu
Fri Feb 15 07:36:49 PST 2008


On Fri, 15 Feb 2008, Leif Nixon wrote:

> "Robert G. Brown" <rgb at phy.duke.edu> writes:
>
>> For example, who actually shuts down their entire network when the word
>> comes in that e.g. the linux kernel has an exploit that allows any user
>> to root at will?
>
> We actually touched /etc/nologin on Monday morning.

Sure, and that's a reasonable choice.  It's a cost benefit based choice,
and only you know the value of your data and probability of risk.  For
us, doing that would have been infinitely disruptive and expensive;
overnight was soon enough.

I didn't mean to imply that if one did this one was in any way foolish,
only that wouldn't it suck if LINUS could press a button somewhere and
touch /etc/nologin for ALL the linux boxes in the universe so that they
wouldn't work until they were patched?

None of us really want big brother making our security decisions or
"forcing" us to use some particular security tool or profile.  Choice is
good.  It would be simply lovely if ssh were a bit less fascist, or at
least could be configured to be non-fascist for environments where that
makes sense.  Fascist by default is just peachy.

    rgb

-- 
Robert G. Brown                            Phone(cell): 1-919-280-8443
Duke University Physics Dept, Box 90305
Durham, N.C. 27708-0305
Web: http://www.phy.duke.edu/~rgb
Book of Lilith Website: http://www.phy.duke.edu/~rgb/Lilith/Lilith.php
Lulu Bookstore: http://stores.lulu.com/store.php?fAcctID=877977



More information about the Beowulf mailing list