rsh

Josip Loncaric josip at lanl.gov
Wed Sep 24 13:28:27 EDT 2003


Jakob Oestergaard wrote:

> On Tue, Sep 23, 2003 at 08:32:03PM -0400, Robert G. Brown wrote:
> ...
> 
>>The issue can also be avoided (as Josip notes) by using LAM or PVM,
>>which spawn a daemon via ssh but subsequently start tasks without any
>>shell-level overhead at all.
> 
> 
> A fair guess would be, that this connection/communication is not
> encrypted or strongly authenticated in any way.

Correct.

> The resulting security benefit of SSH being null and void.
>  [...]
> For internal systems, I am fully aware that since I run NFS, NIS, and
> some clustering services anyway, running SSH would buy me *zero*
> security.

Yes.  Inside a cluster contained in a locked computer room, you've got 
physical network security, so SSH overhead is not necessary.

> I use SSH for anything with an 'outside' connection. Typically, SSH will
> even be firewalled so that only a few select machines can connect to
> even that service.

A wise policy.  Outside connections need SSH.  However, in most cases 
you do not want to parallelize across outside connections, because they 
tend to be slow.

Since nobody I know parallelizes across outside connections, SSH simply 
does not get involved in parallel runs.  LAM damons are just fine 
internally.  However, cluster access from the outside is usually 
restricted to SSH w/X forwarding.

Sincerely,
Josip

_______________________________________________
Beowulf mailing list, Beowulf at beowulf.org
To change your subscription (digest mode or unsubscribe) visit http://www.beowulf.org/mailman/listinfo/beowulf



More information about the Beowulf mailing list