[Beowulf] Newbie
Many of your questions may have already been answered in earlier discussions or in the FAQ. The search results page will indicate current discussions as well as past list serves, articles, and papers.
Leif Nixon nixon at nsc.liu.seThu Jan 5 05:14:12 PST 2006
- Previous message: [Beowulf] Newbie
- Next message: [Beowulf] Newbie
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Dan Stromberg <strombrg at dcs.nac.uci.edu> writes: > Aside from the fact that IP addresses can be spoofed, if you go pure > host-based, then anyone on the host in question can do what they need to > do. SSH trusted host authentication involves verification of the host key, so IP address spoofing isn't enough. I'm not sure what you mean by "anyone on the host in question can do what they need to do". > If you do go pure host-based auth, and you want to maximize security > given that requirement, then you might want to guard that one host very > carefully. I'm not following you here either. Whether you choose the "give all users passphrase-less keys" route or the host-based auth route, you're *equally* screwed if a bad guy gets root. He can su to any user and ssh away to his delight. (Given a standard NFS setup.) -- Leif Nixon - Systems expert ------------------------------------------------------------ National Supercomputer Centre - Linkoping University ------------------------------------------------------------
- Previous message: [Beowulf] Newbie
- Next message: [Beowulf] Newbie
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Beowulf mailing list