[Beowulf] Intra-cluster security

John Hearns hearnsj at googlemail.com
Sun Sep 13 01:07:56 PDT 2009

2009/9/11 Stuart Barkley <stuartb at 4gh.net>:
> - Each user creates a password-less ssh private key, puts the public
> key in the authorized_hosts file and has relatively unfettered ssh
> access between nodes (nfs shared home directory helps a lot).  This
> seems to be the most common approach.  It is end-user setup/training
> intensive (I suppose it could be automated/audited). I consider it
> dangerous to encourage use of password-less ssh keys.

Yes, I would agree this is the most common approach.
You can automate it by having a script which runs when you first login
to the cluster (Oscar does this).

You can also use shosts trusts.
A script which loops through cluster nodes and runs an ssh-keyscan is useful.

Re. security its the armadillo principle - hard on the outside, soft
on the inside.

More information about the Beowulf mailing list