[Beowulf] Newbie

Dan Stromberg strombrg at dcs.nac.uci.edu
Wed Jan 4 14:27:58 PST 2006


On Fri, 2005-12-30 at 09:35 +0100, Leif Nixon wrote:
> Skylar Thompson <skylar at cs.earlham.edu> writes:
> 
> > For a variety of reasons, I recommend using ssh with passwordless
> > keys, rather than host authentication with rsh.
> 
> I beg to differ. Passwordless keys are a really bad habit (except in
> very special circumstances like cron jobs - but then the key should be
> restricted in authorized_keys to allow a single command).
> 
> Setting up hostbased authentication for ssh is much more appropriate
> for a cluster environment.
> 
> http://www.snailbook.com/faq/trusted-host-howto.auto.html

I'm not sure how many clusters out there, computational or otherwise,
have high security requirements, but if you're interested in maximizing
security, you're probably better off with RSA or DSA-based public key
authentication than something host based.

Aside from the fact that IP addresses can be spoofed, if you go pure
host-based, then anyone on the host in question can do what they need to
do.

If you do go pure host-based auth, and you want to maximize security
given that requirement, then you might want to guard that one host very
carefully.

Or am I missing the point somehow?





More information about the Beowulf mailing list