SSH and clusters

Robert G. Brown rgb@phy.duke.edu
Wed, 2 Jun 1999 19:04:27 -0400 

On Wed, 2 Jun 1999, Philip Juels wrote:

> Sometimes my users simply want to run a batch process on any given node
> within our cluster as opposed to true parallel processing.  So they use
> ssh to access the master node of our cluster and then rlogin or telnet
> to access the clients from the master (the client nodes are on an
> isolated intranet with the master acting as gatekeeper).  Is this
> insecure?  Should we run ssh for connections withing the cluster?  My
> understanding of ssh is that it's like a secure pipe...anything on top
> of it should be encrypted.

I believe that this is as secure as your gatekeeper.  As you say, the
traffic over open links from your originating host to the gatekeeper
should be encrypted and non-snoopable.  Furthermore, your INTERNAL
traffic on the cluster probably is no-passwd-needed stuff enabled with
.rhosts.

However, I don't think there is any really good reason not to run ssh
inside the cluster anyway.  I suppose it is a religious view, but I'd
like to see rsh go away permanently, and the best way for this to
eventually occur is if everybody everywhere starts to use ssh/sshd
exclusively whereever they once used rsh.  IIRC this is the last year
that RSA is patented; next year ssh will be truly public domain, and if
the num-nums who think that people in the USA should be prohibited from
exporting an encryption/software package originally distributed from
Finland and universally available anyway could just be persuaded to
lighten up and rent a brain, we might see all linux distributions adopt
it as standard fare.

   rgb

P.S. to forstall possible arguments that rsh is a lighter-weight
protocol, I agree, but if one is using the shell itself for IPC's in an
application where speed is critical, well...

P.P.S. - and if one is really doing this, one CAN still use rsh, but
very few people are, I'm sure....

Robert G. Brown	                       http://www.phy.duke.edu/~rgb/
Duke University Dept. of Physics, Box 90305
Durham, N.C. 27708-0305
Phone: 1-919-660-2567  Fax: 919-660-2525     email:rgb@phy.duke.edu