Creating user accounts....

Robert G. Brown rgb at phy.duke.edu
Fri Feb 14 12:02:04 EST 2003


On Fri, 14 Feb 2003, Nicholas Henke wrote:

> On Thu, 13 Feb 2003 17:07:12 -0600 (CST)
> "Brian D. Ropers-Huilman" <bropers at lsu.edu> wrote:
> 
> > Jai,
> > 
> > You'll need to create a public/private key pair. Put the public key on
> > all the nodes and leave the secret key on your administrative node.
> > You'll also have to make sure you configure the SSH daemon on all the
> > nodes to accept a public key authentication.
> > 
> 
> Why is it that key pairs are used, when host based authentication will
> work for any user, without doing more work each time a user is added?
> Is there something inherently wrong with host based ?

What do you mean by host based?  Host KEYPAIR based, or .rhosts,
/etc/hosts.equiv type authentication?

The latter kind of authentication is an open invitation to cracking.  My
very first cracking experience (way back in the 80's) was a Duke grad
student in CPS who cracked the CS department via a hole in emacs, su'd
to me, and .rhosted into physics.  To bad I logged in at the same time
and happened to notice...

It is easy to spoof, easy to fool.

Host keypair based isn't terrible (and is automatic in ssh anyway), but
isn't adequate for personal privacy.

Personal keypair based ensures bidirectional encryption and
authentication at the personal level, in ADDITION to host based (at the
level of the ssh public/private keys).

   rgb

> 
> Nic
> -- 
> Nicholas Henke
> Penguin Herder & Linux Cluster System Programmer
> Liniac Project - Univ. of Pennsylvania
> _______________________________________________
> Beowulf mailing list, Beowulf at beowulf.org
> To change your subscription (digest mode or unsubscribe) visit http://www.beowulf.org/mailman/listinfo/beowulf
> 

Robert G. Brown	                       http://www.phy.duke.edu/~rgb/
Duke University Dept. of Physics, Box 90305
Durham, N.C. 27708-0305
Phone: 1-919-660-2567  Fax: 919-660-2525     email:rgb at phy.duke.edu



_______________________________________________
Beowulf mailing list, Beowulf at beowulf.org
To change your subscription (digest mode or unsubscribe) visit http://www.beowulf.org/mailman/listinfo/beowulf



More information about the Beowulf mailing list