[Beowulf] CLuster - Mpich - tstmachines - Heeelp !!!!!!!!
Many of your questions may have already been answered in earlier discussions or in the FAQ. The search results page will indicate current discussions as well as past list serves, articles, and papers.
Geoff Jacobs gdjacobs at gmail.comTue Jul 18 22:56:23 PDT 2006
- Previous message: [Beowulf] CLuster - Mpich - tstmachines - Heeelp !!!!!!!!
- Next message: [Beowulf] CLuster - Mpich - tstmachines - Heeelp !!!!!!!!
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
hahn at physics.mcmaster.ca wrote: >> unless you really want to run programs as root, I wouldn't recommend >> to allow root login at all with ssh. Better is to have to login as a >> user first, and then su to root. > > I disagree with this, actually. first, "su root" is almost always the > worst thing to do, since it requires that you have an easy-to-type > password for root, and that you quite possibly type it frequently. > using an SSH identity for logging in directly as root is surely more > secure. that's my preferred technique - I run ssh-agent > so almost never type any password. Using passworded ssh key authentication is, I believe, the most secure remote login setup. Secure enough that I expect one could reduce the length of the password to something reasonable (but still not brute forcible). > but even if you don't like that, surely sudo is better than "su root", > though it does mean the onus of difficulty falls to your password. > (and for multiple admins, it means that root effectively has a password > hardness N times lower than the admin user passwords...) > the logging performed by sudo is, IMO, of marginal value - it means that > someone spends time reading it, and while it's an OK audit trail > for figuring out what happened, it's of no value forensically > (since any serious attacker will compromise syslog.) The usage schema of sudo is inherently safer -- increase privilege for one task only, then go back to SOP. Control is also more granular, so it is more secure. >> If you use rsh, you also don't need any passwordless ssh login. After >> putting all the nodes in all /etc/hosts.equiv the rsh should allow >> already a passwordless login to the nodes. With setting P4_RSHCOMMAND, >> it will target compiled programs. > > right - I don't have a problem with rsh as an internal cluster spawn > method. > though since you almost certainly also have sshd running, it makes sense > to have fewer daemons. It's okay for a small cluster where you have really good control over the users. I don't think there's a point to it anymore, though. No real performance advantage, and it's not any more simple to configure. http://www.beowulf.org/archive/2004-November/011247.html > regards, mark hahn. > _______________________________________________ > Beowulf mailing list, Beowulf at beowulf.org > To change your subscription (digest mode or unsubscribe) visit > http://www.beowulf.org/mailman/listinfo/beowulf > -- Geoffrey D. Jacobs Go to the Chinese Restaurant, Order the Special
- Previous message: [Beowulf] CLuster - Mpich - tstmachines - Heeelp !!!!!!!!
- Next message: [Beowulf] CLuster - Mpich - tstmachines - Heeelp !!!!!!!!
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Beowulf mailing list