[Beowulf] passwordless "rsh" login
Andrew M.A. Cater
amacater at galactic.demon.co.uk
Sat Jul 10 01:49:07 PDT 2004
On Fri, Jul 09, 2004 at 01:43:51PM -0400, Robert G. Brown wrote:
> On Thu, 8 Jul 2004, Daniel Pfenniger wrote:
> > Andrew M.A. Cater wrote:
> > > _Don't_ use rsh :) Use ssh with key exchange and passwordless login.
rgb has probably said it better than I can :)
> > What is wrong with rsh, what is much better with ssh?
> > A few words explanation would help.
> a) no security (as in "bleeding wound" in an open network)
Not such a problem if you _really are_ a secure network: really secure
networks ban rsh/rlogin completely :)
> b) no environment passing
> c) no tunnelling/port forwarding
> d) no intrinsic X11 support
These three are the kickers - passing the environment is good, being
able to pass X when needed and not have to worry about setting displays
etc. is even better. Being able to see your head node display when you're
sat in front of a faulty node is potentially good :)
> Things good about ssh:
> a) strong security
> e) strong host authentication
> f) strong personal authentication
It makes a difference: set up keys ONCE, you may get a prompt saying
effectively "You've not connected here before, do you trust me" the
first time you connect to a node but thereafter you're in practically
> > On the other hand ssh may slow communications for particular usages
> > (such as a constant stream of console messages through the network).
> In most cases your intrinsic limitation is going to be the speed of a
> pseudo tty interface, not ssh. Simply writing to an xterm/console
> window is slow -- almost certainly MUCH slower than the speed with which
> ssh can encrypt/decrypt data.
> Of course for real parallel operations, one doesn't use ssh (or any
> shell) to do real internode communications -- at most it is for out of
> band control operations like starting up pvm or mpi itself on remote
> nodes. Or one writes a nice raw socket interface, or whatever. ssh is
> fine for typical remote/interactive use on a cluster.
> > ssh is particularly recommended on an untrusted network, but then
> > I would like once to see an *easy* procedure for installing ssh safely
> > by the sys admin passwordless login for all the network trusted users.
> I don't think that this would be terribly difficult, although easy is a
> matter of personal perspective. Look into ssh-agent(1) and ssh-add(1).
> I've never used them, but this looks like what they might be for.
ssh-copy-id does this nicely on a Debian system. It's only a script as
far as I can see.
More information about the Beowulf