[Beowulf] problem of mpich-1.2.7p1
David N. Lombard
dnlombar at ichips.intel.com
Thu Feb 4 10:36:12 PST 2010
On Thu, Feb 04, 2010 at 10:27:18AM -0700, Mark Hahn wrote:
>
> but if you do want passwordless ssh, IMO the only sane solution is to
> configure hostbased trust. having an unencrypted private key in your
> home directory is hideous (moral equivalent of putting your password
> in a file, in the clear...)
Completely agree that host-based passwordless SSH is the best approach,
especially when jobs are submitted via a resource manager..
Also agree that an empty passphrase is a particularly bad approach.
But, when done via ssh-agent, I don't see partiularly onerous security issues
for a usage where you're manually launching jobs from an interactive session
unless you have no faith in the system's integrity at all...
--
David N. Lombard, Intel, Irvine, CA
I do not speak for Intel Corporation; all comments are strictly my own.
More information about the Beowulf
mailing list