SSH and clusters
Robert G. Brown
rgb@phy.duke.edu
Thu, 3 Jun 1999 06:23:50 -0400
On Wed, 2 Jun 1999, Dave Hart wrote:
> At 06:47 PM 6/2/1999 -0400, Robert G. Brown wrote:
>
> >. . . I don't think there is any really good reason not to run ssh
> >inside the cluster anyway. . . .
>
> I ran NAS Parallel Benchmarks with rsh and with ssh and found less
> than 1% difference, IIRC. And since ssh is SOP . . .
Well, there you go then...real numbers and not my opinion.
Death to the Infidel rsh! Long live ssh!
Seriously, our University is being portscanned and probed literally two
or three times a week. Most of the documented breakins that have
succeeded in our well-managed department have occurred because of
offsite passwd traps -- grad students or faculty telnetting or
rlogin'ing (rlogging in?:-) back to the department from an insecure
site, perhaps while on summer break or at a conference. We're trying to
figure out how to make ssh use MANDATORY, and the best way is to simply
stop, cease, desist in using either telnetd or rshd or ftpd in favor of
sshd. The only obstacle we face is a lack of universally available ssh
clients, partly due to US export restrictions (and those restrictions
themselves); hopefully at least the first problem will evaporate in 6
more months when RSA becomes public domain for real.
rgb
Robert G. Brown http://www.phy.duke.edu/~rgb/
Duke University Dept. of Physics, Box 90305
Durham, N.C. 27708-0305
Phone: 1-919-660-2567 Fax: 919-660-2525 email:rgb@phy.duke.edu