[Beowulf] CLuster - Mpich - tstmachines - Heeelp !!!!!!!!
Many of your questions may have already been answered in earlier discussions or in the FAQ. The search results page will indicate current discussions as well as past list serves, articles, and papers.
Robert G. Brown rgb at phy.duke.eduSat Jul 29 21:23:34 PDT 2006
- Previous message: [Beowulf] Dealing with masquerade attacks (Was: CLuster - Mpich - tstmachines - Heeelp !!!!!!!!)
- Next message: [Beowulf] CLuster - Mpich - tstmachines - Heeelp !!!!!!!!
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Fri, 28 Jul 2006, Leif Nixon wrote: > Geoff Jacobs <gdjacobs at gmail.com> writes: > >> hahn at physics.mcmaster.ca wrote: >>> right - I don't have a problem with rsh as an internal cluster spawn >>> method. >>> though since you almost certainly also have sshd running, it makes sense >>> to have fewer daemons. >> It's okay for a small cluster where you have really good control over >> the users. > > Now, THAT'S a very dangerous mindset. Even if you can be 100% sure > there are no bad apples among your users, every single HPC related ...and you can't. Or at least if you are sure, eventually you'll be sure -- and wrong. I'm personally familiar with several cases of trust abused, and a couple more where a user turned out to be mentally ill (seriously). As in not responsible for their actions, and off the deep end paranoid about what others might be saying about them. Times like that, you'll be very glad that you have sshd running, strong passwords that aren't posted on a bulletin board in the server room in plain sight, and have exercised what I'd call purely "professional good judgement" in the way the system was configured to protect the rights and privacy of all users. ssh is totally inobtrusive (compared to rsh), adds useful features missing from rsh, adds an irrelevant bit of overhead (irrelevant for nearly all applications, at any rate) and closes just about all possible plaintext snooping, id thieving loopholes that were exploited for years with rsh. Running it inside a scyld-type beowulf, where the cluster has no private data, where the cluster is "a computer", where you cannot login to a node with or without rsh, maybe that's ok. Running it where there is any chance that abuse could result in compromising a user's account, well, it is your job to make that impossible. Period. If you don't, it will be your fault, not just your responsibility, when it sooner or later happens. > intrusion I'm aware of the last couple of years has started off by > stealing passwords or keys and masquerading as legitimate users. Not just the last couple of years. Try the last couple of decades. Or maybe even three (how old IS unix, anyway)? rgb -- Robert G. Brown http://www.phy.duke.edu/~rgb/ Duke University Dept. of Physics, Box 90305 Durham, N.C. 27708-0305 Phone: 1-919-660-2567 Fax: 919-660-2525 email:rgb at phy.duke.edu
- Previous message: [Beowulf] Dealing with masquerade attacks (Was: CLuster - Mpich - tstmachines - Heeelp !!!!!!!!)
- Next message: [Beowulf] CLuster - Mpich - tstmachines - Heeelp !!!!!!!!
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Beowulf mailing list