[Beowulf] CLuster - Mpich - tstmachines - Heeelp !!!!!!!!
gerald.davies at gmail.com
Wed Jul 19 04:58:29 EDT 2006
On 7/19/06, hahn at physics.mcmaster.ca <hahn at physics.mcmaster.ca> wrote:
> > unless you really want to run programs as root, I wouldn't recommend to allow
> > root login at all with ssh. Better is to have to login as a user first, and
> > then su to root.
> I disagree with this, actually. first, "su root" is almost always
> the worst thing to do, since it requires that you have an easy-to-type
> password for root, and that you quite possibly type it frequently.
> using an SSH identity for logging in directly as root is surely
> more secure. that's my preferred technique - I run ssh-agent
> so almost never type any password.
If all the slave nodes are coming off a switch connected to the
cluster and behind a firewall, then i don't mind enabling ssh with
root access for the slave nodes. However, I never allow direct root
access to the head node of a cluster or any other box for that matter.
This was brought about by one of the SSH root exploits a few years
ago. Since then I'm cautious of enabling it.
su to root or sudo is my preferred method.
Beowulf mailing list, Beowulf at beowulf.org
To change your subscription (digest mode or unsubscribe) visit http://www.beowulf.org/mailman/listinfo/beowulf
More information about the Beowulf