Why no rlogin to nodes?
Many of your questions may have already been answered in earlier discussions or in the FAQ. The search results page will indicate current discussions as well as past list serves, articles, and papers.
Robert G. Brown rgb at phy.duke.eduMon Oct 16 05:18:25 PDT 2000
- Previous message: Why no rlogin to nodes?
- Next message: Why no rlogin to nodes?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Thu, 12 Oct 2000, Daniel Ridge wrote: > > Walt, > > <shameless> > Run Scyld Beowulf! Our nodes don't even have inetd -- let alone > rsh, telnet, or ftp daemons! > </shameless> > > Cheers, > Dan Ridge > Scyld Computing Corporation To add just a teeny bit to this, since your "beowulf" could be more of a "cluster supercomputer" with some nodes acting as workstations (like ours) which makes just running Scyld Beowulf a bit tricky, from what Erik told me on Saturday at ALSC -- EVEN if you cannot run SB, EVEN if you don't even have "nodes" but instead have a bunch of PC's running linux in folks' offices and want to run e.g. PVM or MPI calculations spread out across them: You do not (and should not) run rshd, rlogind, telnetd and ftpd. The only service a typical workstation needs to offer these days to enable just about all the kinds of incoming access one requires to support parallel calculations, remote logins, remote file copies (bidirectional) and so forth is sshd. sshd replaces rshd (but is run standalone, not out of inetd) and is far more powerful, offering bidirectional encryption (or not, in a secure network, your choice), (e.g. X11) port forwarding and the ability to set a user environment on a remote login independent of their shell or .rc-files. With the RSA patent no longer in force, it is absolutely freely available. I think the consensus view is that openssh is the best choice here: <a href="http://www.openssh.org">Open SSH Project</a> The only other daemons you might want to run in a workstation/node environment are httpd, sendmail, and inetd to facilitate specific optional services (paradoxically, to help SECURE these optional services via /etc/hosts.[allow,deny]). None of these are necessary to node function, and security can also be enforced via e.g. ipchains. Note that adding additional ports and the associated security will degrade network performance at least on those ports (it has to -- checking takes time). Scyld Beowulf looks great, and I got MY CD for $2 at ALSC to try out in the next day or two;-) but it is a "beowulf in a box" for TRUE beowulfs -- head master node, headless slave nodes, isolated/protected network, no internal security. It doesn't look like it is going to work for NOW/COW type arrangments or for heterogenous clusters with a protected part and an unprotected part, although I'm not yet certain about the latter statement, since the head node might be able to be set up to use PVM or MPI across both the internal nodes and the external nodes. I think that this would require a PVM hack (one can set e.g. PVM_RSH to bpsh OR ssh, but I'm not sure one could set it to either/both without making it a node-specific identifier rather than a virtual machine-specific environment variable, but I'm not certain. rgb -- Robert G. Brown http://www.phy.duke.edu/~rgb/ Duke University Dept. of Physics, Box 90305 Durham, N.C. 27708-0305 Phone: 1-919-660-2567 Fax: 919-660-2525 email:rgb at phy.duke.edu
- Previous message: Why no rlogin to nodes?
- Next message: Why no rlogin to nodes?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Beowulf mailing list