Empty passwords vs ssh-agent?

Andrew Shewmaker shewa at inel.gov
Fri Jul 18 18:12:12 EDT 2003

John Harrop wrote:

> I'm currently switching our system from using r-commands to ssh.  We
> have a fairly small system with 27 nodes.  The only two options I can
> see with ssh are empty passwords and ssh-agent.  The first looks like it
> isn't much better for security than r commands.  (We do have ssh with
> passwords and known hosts on a portal machine.)  Using ssh-agent on a
> cluster looks like a potentially big hassle.  Or am I mistaken about the
> last impression?  After all, we have nodes that are almost hitting up
> time of 400 days so ssh-add would only have been run once for each
> cluster user.
> What are people using as the clusters get bigger?
> Thanks is advance for your comments and thought!
> Cheers,
> John Harrop

Have you heard of Keychain? http://www.gentoo.org/proj/en/keychain.xml
"It acts as a front-end to ssh-agent, allowing you to easily have one
long-running ssh-agent process per system, rather than per login
session."  I have used this before and it worked well, but I've been
meaning to switch to the pam_ssh module.

Does anybody use the pam_ssh module to automatically start agents on
login?  I saw it when I was looking up pam documentation on modules.
Download through cvs http://sourceforge.net/cvs/?group_id=16000


Andrew Shewmaker, Associate Engineer
Phone: 1-208-526-1276
Idaho National Eng. and Environmental Lab.
P.0. Box 1625, M.S. 3605
Idaho Falls, Idaho 83415-3605

Beowulf mailing list, Beowulf at beowulf.org
To change your subscription (digest mode or unsubscribe) visit http://www.beowulf.org/mailman/listinfo/beowulf

More information about the Beowulf mailing list